[COLOR=#000000][B]
[U][SIZE=5]AdwCleaner:
[/SIZE][/U]
[/B][/COLOR]
# AdwCleaner v6.020 - Logfile created 15/09/2016 at 17:41:35
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-14.2 [Server]
# Operating System : Windows 8.1 (X86)
# Username : john - SNTODAY
# Running from : C:\Users\john\Desktop\adwcleaner_6.020.exe
# Mode: Scan
# Support : [URL]https://toolslib.net/forum[/URL]
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [952 Bytes] - [08/09/2016 23:41:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [1120 Bytes] - [08/09/2016 23:40:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [1114 Bytes] - [15/09/2016 17:41:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1187 Bytes] ##########
[B]
[U][SIZE=5]MINITOOLBOX
[/SIZE][/U][/B]MiniToolBox by Farbar Version: 17-06-2016Ran by john (administrator) on 15-09-2016 at 17:49:08
Running from "C:\Users\john\Desktop"
Microsoft Windows 8.1 (X86)
Model: T100TAS Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Broadcom 802.11abgn Wireless SDIO Adapter = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
TeamViewer VPN Adapter = Local Area Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Lenovo Easyplus Hotspot
" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : SNToday
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-83-6D-15-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Lenovo Easyplus Hotspot
:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
Physical Address. . . . . . . . . : 78-24-AF-71-31-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 78-24-AF-71-31-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 7A-24-AF-71-31-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
Physical Address. . . . . . . . . : 78-24-AF-71-31-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dcbb:bf7a:2b3e:8f37%6(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 15, 2016 5:30:31 PM
Lease Expires . . . . . . . . . . : Sunday, September 18, 2016 5:30:30 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 125314223
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ad:9c70:b080:b5c5(Preferred)
Link-local IPv6 Address . . . . . : fe80::24ad:9c70:b080:b5c5%10(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{ED5A8691-112E-4B41-AD16-64AE84004562}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 2a00:1450:4001:81d::200e
172.217.22.110
Pinging google.com [172.217.21.206] with 32 bytes of data:
Reply from 172.217.21.206: bytes=32 time=167ms TTL=49
Reply from 172.217.21.206: bytes=32 time=113ms TTL=49
Ping statistics for 172.217.21.206:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 113ms, Maximum = 167ms, Average = 140ms
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:44:204::a7
2001:4998:58:c02::a9
98.138.253.109
98.139.183.24
206.190.36.45
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=271ms TTL=45
Reply from 206.190.36.45: bytes=32 time=271ms TTL=45
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 271ms, Maximum = 271ms, Average = 271ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...00 ff 83 6d 15 bd ......TeamViewer VPN Adapter
11...78 24 af 71 31 61 ......Microsoft Hosted Network Virtual Adapter
8...78 24 af 71 31 62 ......Bluetooth Device (Personal Area Network)
7...7a 24 af 71 31 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
6...78 24 af 71 31 61 ......Broadcom 802.11abgn Wireless SDIO Adapter
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 306 ::/0 On-link
1 306 ::1/128 On-link
10 306 2001::/32 On-link
10 306 2001:0:9d38:90d7:24ad:9c70:b080:b5c5/128
On-link
6 281 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::24ad:9c70:b080:b5c5/128
On-link
6 281 fe80::dcbb:bf7a:2b3e:8f37/128
On-link
1 306 ff00::/8 On-link
6 281 ff00::/8 On-link
10 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\system32\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\system32\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\system32\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 32 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 33 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 34 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 35 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 36 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 37 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 38 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 39 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 40 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 41 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 42 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 43 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 44 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 45 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 46 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 47 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 48 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 49 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 50 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 51 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 52 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 53 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 54 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 55 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd64
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x80070070).
Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).
Error: (09/15/2016 02:49:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).
Operation:
Processing PostFinalCommitSnapshots
Context:
Execution Context: System Provider
Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: GetForegroundApplicationIndex() failed.
Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).
Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
System errors:
=============
Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).
Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.
Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).
Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).
Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
Microsoft Office Sessions:
=========================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error)(User: )
Description: chrome.exe52.0.2743.11657a128a8unknown0.0.0.000000000c000000500000000d6401d20f5170d1eb88C:\Program Files\Google\Chrome\Application\chrome.exeunknown491dbe13-7b45-11e6-9746-7824af713162
Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService)(User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (09/15/2016 05:22:53 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x8004231f
Error: (09/15/2016 03:11:23 PM) (Source: System Restore)(User: )
Description: 0x80070070
Error: (09/15/2016 03:11:23 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070070
Error: (09/15/2016 02:49:51 PM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...)
Operation:
Processing PostFinalCommitSnapshots
Context:
Execution Context: System Provider
Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService)(User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService)(User: )
Description: DptfPolicyLpmServiceServiceMainThread: GetForegroundApplicationIndex() failed.
Error: (09/15/2016 02:34:04 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -EmbeddingWindows Modules Installer0x8004231f
Error: (09/15/2016 02:33:50 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x8004231f
CodeIntegrity Errors:
===================================
Date: 2016-09-15 17:30:10.237
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-15 17:26:57.021
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-15 14:34:45.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-13 10:18:04.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-10 14:03:59.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-09 01:35:54.942
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-08 23:42:48.471
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-08 23:27:44.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-08 16:23:02.143
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-02 20:41:04.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
=========================== Installed Programs ============================
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Anki (HKLM\...\Anki) (Version: - )
ANY-maze (HKLM\...\ANY-maze) (Version: - Stoelting Co.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version: - Cyberoam Technologies Pvt. Ltd.)
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GoldenDict (HKLM\...\GoldenDict) (Version: - )
Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version: - Paulo Aguiar [EMAIL="paguiar@ibmc.up.pt"]paguiar@ibmc.up.pt[/EMAIL])
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.53 (HKLM\...\SafeZone 1.51.2220.53) (Version: 1.51.2220.53 - Avast Software) Hidden
Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version: - Programming Sunrise)
Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Telegram Desktop version 0.10.1 (HKCU\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Todoist (HKCU\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
========================= Devices: ================================
========================= Memory info: ===================================
Percentage of memory in use: 69%
Total physical RAM: 1933.14 MB
Available physical RAM: 587.88 MB
Total Virtual: 2260.77 MB
Available Virtual: 587.09 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.31 GB) NTFS
2 Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
3 Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS
========================= Users: ========================================
User accounts for \\SNTODAY
Administrator Guest john
========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================
**** End of log ****
[U][B][SIZE=5][COLOR=#000000]Wireless test tool
[/COLOR][/SIZE][/B][/U]
Windows IP Configuration
Host Name . . . . . . . . . . . . : SNToday
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-83-6D-15-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Lenovo Easyplus Hotspot
:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
Physical Address. . . . . . . . . : 78-24-AF-71-31-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 78-24-AF-71-31-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 7A-24-AF-71-31-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
Physical Address. . . . . . . . . : 78-24-AF-71-31-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dcbb:bf7a:2b3e:8f37%6(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 15, 2016 5:30:31 PM
Lease Expires . . . . . . . . . . : Sunday, September 18, 2016 5:30:30 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 125314223
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ad:9c70:b080:b5c5(Preferred)
Link-local IPv6 Address . . . . . : fe80::24ad:9c70:b080:b5c5%10(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{ED5A8691-112E-4B41-AD16-64AE84004562}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Interface name : Wi-Fi
There are 5 networks currently visible.
SSID 1 : ali
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : 64:70:02:aa:5b:9b
Signal : 18%
Radio type : 802.11g
Channel : 4
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
SSID 2 : kami123
Network type : Infrastructure
Authentication : Open
Encryption : None
BSSID 1 : e4:8d:8c:f9:83:cd
Signal : 6%
Radio type : 802.11n
Channel : 52
Basic rates (Mbps) : 6
Other rates (Mbps) : 9 12 18 24 36 48 54
SSID 3 : zzz
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : c4:6e:1f:3c:dd:d3
Signal : 16%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
SSID 4 : Ahfad
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : e8:94:f6:5b:17:d2
Signal : 76%
Radio type : 802.11n
Channel : 1
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
SSID 5 : Mahdi
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : b0:b2:dc:4d:3b:38
Signal : 10%
Radio type : 802.11n
Channel : 6
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
Profiles on interface Wi-Fi:
Group policy profiles (read only)
---------------------------------
<None>
User profiles
-------------
All User Profile : Modares 2
All User Profile : AndroidAP
All User Profile : BZLp-aG9zc2VpbiBhcWE
All User Profile : Ahfad
All User Profile : Tmu Dorm
All User Profile : TMU
All User Profile : BZLp-aG9zc2VpbiBhcWE 2
All User Profile : hassan
All User Profile : EjrpN-dGhlIExlbm92byBCbGFjaw==
All User Profile : Modares
All User Profile : Modaress
All User Profile : d2B66Z29sZGVuZHll
All User Profile : hossein aqa
Pinging 194.119.131.66 with 32 bytes of data:
Reply from 194.119.131.66: bytes=32 time=151ms TTL=49
Reply from 194.119.131.66: bytes=32 time=134ms TTL=49
Reply from 194.119.131.66: bytes=32 time=135ms TTL=49
Reply from 194.119.131.66: bytes=32 time=135ms TTL=49
Ping statistics for 194.119.131.66:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 134ms, Maximum = 151ms, Average = 138ms
Ping request could not find host plus.net. Please check the name and try again.
Tracing route to cns1.uk.vianw.net [194.119.131.66]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.1
2 45 ms 42 ms 42 ms 5.53.63.255
3 43 ms 46 ms 43 ms 10.201.145.1
4 49 ms 55 ms 69 ms 172.19.4.17
5 53 ms 45 ms 45 ms 172.19.4.2
6 51 ms 47 ms 44 ms 10.201.176.153
7 46 ms 45 ms 45 ms 10.10.53.190
8 118 ms 113 ms 113 ms 85.132.90.201
9 * * * Request timed out.
10 * 119 ms 122 ms mskn08.transtelecom.net [188.43.3.246]
11 * * * Request timed out.
12 * 138 ms 136 ms 195.66.224.66
13 134 ms 134 ms 158 ms tengige0-1-1-0-t6-ar14.router.uk.clara.net [195.157.3.110]
14 132 ms 155 ms * cns1.uk.vianw.net [194.119.131.66]
15 131 ms 130 ms 137 ms cns1.uk.vianw.net [194.119.131.66]
Trace complete.
These Windows services are started:
Adobe Acrobat Update Service
Application Experience
Application Information
ASLDR Service
ASUS HID Access Service
Asus WebStorage Windows Service
ATKGFNEX Service
Background Intelligent Transfer Service
Background Tasks Infrastructure Service
Base Filtering Engine
BitLocker Drive Encryption Service
Bluetooth Support Service
Certificate Propagation
COM+ Event System
Credential Manager
Cryptographic Services
DCOM Server Process Launcher
Device Association Service
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Diagnostics Tracking Service
Distributed Link Tracking Client
DNS Client
Foxit Reader Service
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Provider
Human Interface Device Service
Intel(R) Capability Licensing Service Interface
Intel(R) Dynamic Application Loader Host Interface
Intel(R) Dynamic Platform & Thermal Framework Critical Service Application
Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application
Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application
IP Helper
IPsec Policy Agent
Local Session Manager
Microsoft Account Sign-in Assistant
Microsoft Software Shadow Copy Provider
Network Connected Devices Auto-Setup
Network Connection Broker
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Sandboxie Service
Security Accounts Manager
Security Center
Sensor Monitoring Service
Sentinel LDK License Manager
Server
Service KMSELDI
Shell Hardware Detection
SSDP Discovery
Superfetch
System Event Notification Service
System Events Broker
Task Scheduler
TCP/IP NetBIOS Helper
TeamViewer 11
Themes
Time Broker
Touch Keyboard and Handwriting Panel Service
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Connection Manager
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Modules Installer
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
The command completed successfully.
Microsoft Windows [Version 6.3.9600]
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 8 K
System 4 Services 0 3,080 K
smss.exe 336 Services 0 708 K
csrss.exe 540 Services 0 3,236 K
wininit.exe 592 Services 0 2,876 K
csrss.exe 608 Console 1 32,536 K
winlogon.exe 652 Console 1 4,836 K
services.exe 720 Services 0 4,952 K
lsass.exe 728 Services 0 9,520 K
svchost.exe 804 Services 0 8,096 K
svchost.exe 848 Services 0 6,392 K
dwm.exe 952 Console 1 20,180 K
svchost.exe 1004 Services 0 16,440 K
svchost.exe 1048 Services 0 41,836 K
svchost.exe 1092 Services 0 11,080 K
svchost.exe 1156 Services 0 19,804 K
SbieSvc.exe 1232 Services 0 3,184 K
WUDFHost.exe 1356 Services 0 4,936 K
svchost.exe 1528 Services 0 9,996 K
AsLdrSrv.exe 1584 Services 0 2,904 K
wlanext.exe 1600 Services 0 3,668 K
conhost.exe 1624 Services 0 2,104 K
GFNEXSrv.exe 1648 Services 0 1,752 K
spoolsv.exe 1808 Services 0 6,336 K
svchost.exe 1868 Services 0 7,696 K
svchost.exe 1892 Services 0 13,092 K
armsvc.exe 2024 Services 0 2,788 K
AsHidSrv.exe 2044 Services 0 2,464 K
AsusWSWinService.exe 272 Services 0 11,536 K
svchost.exe 764 Services 0 9,140 K
DptfParticipantProcessorS 884 Services 0 2,540 K
DptfPolicyCriticalService 1000 Services 0 2,540 K
DptfPolicyLpmService.exe 1220 Services 0 2,564 K
dasHost.exe 1340 Services 0 6,204 K
FoxitConnectedPDFService. 1516 Services 0 8,520 K
hasplms.exe 2288 Services 0 9,792 K
HeciServer.exe 2308 Services 0 3,592 K
Service_KMS.exe 2352 Services 0 18,244 K
svchost.exe 2404 Services 0 4,276 K
TeamViewer_Service.exe 2424 Services 0 8,144 K
svchost.exe 3592 Services 0 3,536 K
WUDFHost.exe 3792 Services 0 4,128 K
HControl.exe 4556 Console 1 5,156 K
taskhostex.exe 4604 Console 1 8,404 K
explorer.exe 4848 Console 1 127,708 K
DMedia.exe 5036 Console 1 4,064 K
ATKOSD2.exe 5044 Console 1 5,336 K
TabTip.exe 5444 Console 1 7,368 K
SearchIndexer.exe 5464 Services 0 18,596 K
SkyDrive.exe 5660 Console 1 12,180 K
AsusTPLoader.exe 6040 Console 1 2,048 K
igfxsrvc.exe 6108 Console 1 5,732 K
WmiPrvSE.exe 2868 Services 0 9,928 K
AsusTPCenter.exe 1828 Console 1 540 K
jhi_service.exe 3784 Services 0 3,536 K
igfxtray.exe 1292 Console 1 5,208 K
AsusTPHelper.exe 3100 Console 1 200 K
hkcmd.exe 3000 Console 1 4,940 K
igfxpers.exe 2544 Console 1 5,124 K
DptfPolicyLpmServiceHelpe 3980 Console 1 2,144 K
RtkNGUI.exe 3252 Console 1 6,292 K
avastui.exe 3460 Console 1 26,816 K
Acrotray.exe 4812 Console 1 5,056 K
ONENOTEM.EXE 2328 Console 1 828 K
unsecapp.exe 3604 Console 1 4,536 K
SettingSyncHost.exe 2752 Console 1 2,236 K
IEMonitor.exe 3932 Console 1 5,016 K
taskhost.exe 2948 Console 1 4,280 K
ctfmon.exe 5472 Console 1 3,452 K
WINWORD.EXE 5856 Console 1 70,772 K
chrome.exe 1916 Console 1 107,808 K
chrome.exe 2592 Console 1 4,028 K
chrome.exe 1560 Console 1 26,952 K
chrome.exe 1240 Console 1 61,100 K
chrome.exe 4936 Console 1 64,424 K
chrome.exe 2904 Console 1 56,632 K
chrome.exe 4240 Console 1 51,996 K
chrome.exe 1724 Console 1 63,624 K
chrome.exe 5944 Console 1 55,084 K
chrome.exe 3184 Console 1 55,496 K
chrome.exe 1216 Console 1 53,660 K
chrome.exe 4136 Console 1 115,136 K
svchost.exe 3944 Services 0 3,720 K
notepad.exe 6128 Console 1 7,228 K
TrustedInstaller.exe 2956 Services 0 3,928 K
TiWorker.exe 4304 Services 0 29,604 K
wireless.exe 3824 Console 1 7,864 K
cmd.exe 2208 Console 1 2,128 K
conhost.exe 4552 Console 1 4,212 K
tasklist.exe 3300 Console 1 4,664 K
MTU MediaSenseState Bytes In Bytes Out Interface
------ --------------- --------- --------- -------------
4294967295 1 0 18844 Loopback Pseudo-Interface 1
1500 1 16808047 1795945 Wi-Fi
1500 5 0 0 Local Area Connection
1500 5 0 0 Bluetooth Network Connection
1500 5 0 0 Local Area Connection* 3
1500 5 0 0 Lenovo Easyplus Hotspot
Querying active state...
TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State : enabled
Chimney Offload State : disabled
NetDMA State : disabled
Direct Cache Access (DCA) : disabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : none
ECN Capability : disabled
RFC 1323 Timestamps : disabled
Initial RTO : 3000
Receive Segment Coalescing State : disabled
Non Sack Rtt Resiliency : disabled
Max SYN Retransmissions : 2
===========================================================================
Interface List
16...00 ff 83 6d 15 bd ......TeamViewer VPN Adapter
11...78 24 af 71 31 61 ......Microsoft Hosted Network Virtual Adapter
8...78 24 af 71 31 62 ......Bluetooth Device (Personal Area Network)
7...7a 24 af 71 31 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
6...78 24 af 71 31 61 ......Broadcom 802.11abgn Wireless SDIO Adapter
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 306 ::/0 On-link
1 306 ::1/128 On-link
10 306 2001::/32 On-link
10 306 2001:0:9d38:90d7:24ad:9c70:b080:b5c5/128
On-link
6 281 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::24ad:9c70:b080:b5c5/128
On-link
6 281 fe80::dcbb:bf7a:2b3e:8f37/128
On-link
1 306 ff00::/8 On-link
6 281 ff00::/8 On-link
10 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []
No Connections
Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []
No Connections
Wi-Fi:
Node IpAddress: [192.168.1.103] Scope Id: []
No Connections
Lenovo Easyplus Hotspot
:
Node IpAddress: [0.0.0.0] Scope Id: []
No Connections
Local Area Connection* 3:
Node IpAddress: [0.0.0.0] Scope Id: []
No Connections
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 SNToday:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 SNToday:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:1947 SNToday:0 LISTENING
[hasplms.exe]
TCP 0.0.0.0:5357 SNToday:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:38068 SNToday:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:49408 SNToday:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49409 SNToday:0 LISTENING
EventLog
[svchost.exe]
TCP 0.0.0.0:49410 SNToday:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49411 SNToday:0 LISTENING
[spoolsv.exe]
TCP 0.0.0.0:49418 SNToday:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49428 SNToday:0 LISTENING
Can not obtain ownership information
TCP 127.0.0.1:1001 SNToday:0 LISTENING
Can not obtain ownership information
TCP 127.0.0.1:5939 SNToday:0 LISTENING
[TeamViewer_Service.exe]
TCP 127.0.0.1:44430 SNToday:0 LISTENING
[FoxitConnectedPDFService.exe]
TCP 127.0.0.1:49153 SNToday:0 LISTENING
[Explorer.EXE]
TCP 127.0.0.1:49153 SNToday:49795 ESTABLISHED
[Explorer.EXE]
TCP 127.0.0.1:49795 SNToday:49153 ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:139 SNToday:0 LISTENING
Can not obtain ownership information
TCP 192.168.1.103:49154 111.221.29.154:https ESTABLISHED
[Explorer.EXE]
TCP 192.168.1.103:49771 173.194.76.188:5228 ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49780 fra16s12-in-f14:https ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49781 adobe:https ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49783 fra07s32-in-f14:https ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49876 184.172.52.99:http ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49882 fra16s12-in-f14:https ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49883 fra07s29-in-f14:https ESTABLISHED
[chrome.exe]
TCP 192.168.1.103:49884 191.238.177.236:https ESTABLISHED
[WINWORD.EXE]
TCP [::]:135 SNToday:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 SNToday:0 LISTENING
Can not obtain ownership information
TCP [::]:1947 SNToday:0 LISTENING
[hasplms.exe]
TCP [::]:5357 SNToday:0 LISTENING
Can not obtain ownership information
TCP [::]:38068 SNToday:0 LISTENING
Can not obtain ownership information
TCP [::]:49408 SNToday:0 LISTENING
[wininit.exe]
TCP [::]:49409 SNToday:0 LISTENING
EventLog
[svchost.exe]
TCP [::]:49410 SNToday:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49411 SNToday:0 LISTENING
[spoolsv.exe]
TCP [::]:49418 SNToday:0 LISTENING
[lsass.exe]
TCP [::]:49428 SNToday:0 LISTENING
Can not obtain ownership information
TCP [::1]:49460 SNToday:0 LISTENING
[jhi_service.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:1947 *:*
[hasplms.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
EventSystem
[svchost.exe]
UDP 0.0.0.0:3702 *:*
EventSystem
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
[dashost.exe]
UDP 0.0.0.0:3702 *:*
[dashost.exe]
UDP 0.0.0.0:5353 *:*
[chrome.exe]
UDP 0.0.0.0:5353 *:*
[chrome.exe]
UDP 0.0.0.0:5353 *:*
[chrome.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 0.0.0.0:49415 *:*
[hasplms.exe]
UDP 0.0.0.0:54019 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:54021 *:*
EventSystem
[svchost.exe]
UDP 0.0.0.0:54023 *:*
[TeamViewer_Service.exe]
UDP 0.0.0.0:54025 *:*
[dashost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:54018 *:*
SSDPSRV
[svchost.exe]
UDP 192.168.1.103:137 *:*
Can not obtain ownership information
UDP 192.168.1.103:138 *:*
Can not obtain ownership information
UDP 192.168.1.103:1900 *:*
SSDPSRV
[svchost.exe]
UDP 192.168.1.103:5353 *:*
[TeamViewer_Service.exe]
UDP 192.168.1.103:54017 *:*
SSDPSRV
[svchost.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:1947 *:*
[hasplms.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
[dashost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
EventSystem
[svchost.exe]
UDP [::]:3702 *:*
[dashost.exe]
UDP [::]:3702 *:*
EventSystem
[svchost.exe]
UDP [::]:5353 *:*
[chrome.exe]
UDP [::]:5353 *:*
[chrome.exe]
UDP [::]:5355 *:*
Dnscache
[svchost.exe]
UDP [::]:54020 *:*
FDResPub
[svchost.exe]
UDP [::]:54022 *:*
EventSystem
[svchost.exe]
UDP [::]:54024 *:*
[TeamViewer_Service.exe]
UDP [::]:54026 *:*
[dashost.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:5353 *:*
[TeamViewer_Service.exe]
UDP [::1]:54016 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::24ad:9c70:b080:b5c5%10]:546 *:*
Dhcp
[svchost.exe]
UDP [fe80::dcbb:bf7a:2b3e:8f37%6]:546 *:*
Dhcp
[svchost.exe]
UDP [fe80::dcbb:bf7a:2b3e:8f37%6]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::dcbb:bf7a:2b3e:8f37%6]:54015 *:*
SSDPSRV
[svchost.exe]
Server: UnKnown
Address: 192.168.1.1
Name: portal.plus.net
Addresses: 212.159.9.2
212.159.8.2
Aliases: [URL="http://www.plus.net"]Plusnet | Phone and Broadband Deals - Fast, Cheap & Reliable[/URL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ASUSPRP REG_SZ "C:\Program Files\ASUS\APRP\APRP.EXE"
WebStorage REG_SZ C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
IgfxTray REG_SZ "C:\Windows\system32\igfxtray.exe"
HotKeysCmds REG_SZ "C:\Windows\system32\hkcmd.exe"
Persistence REG_SZ "C:\Windows\system32\igfxpers.exe"
DptfPolicyLpmServiceHelper REG_SZ C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
RtkNGUI REG_SZ "C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe" /s
Everything REG_SZ "C:\Program Files\Everything\Everything.exe" -startup
AvastUI.exe REG_SZ "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Dropbox REG_SZ "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
(Default) REG_SZ
Acrobat Assistant 8.0 REG_SZ "D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IDMan REG_SZ C:\Program Files\Internet Download Manager\IDMan.exe /onboot
SugarSync REG_SZ "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true
SandboxieControl REG_SZ "C:\Program Files\Sandboxie\SbieCtrl.exe"
GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07 REG_SZ "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
[SIZE=5][U][B]Addition (from FRST)
[/B][/U][/SIZE]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by john (15-09-2016 17:57:19)
Running from C:\Users\john\Desktop
Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Anki (HKLM\...\Anki) (Version: - )
ANY-maze (HKLM\...\ANY-maze) (Version: - Stoelting Co.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version: - Cyberoam Technologies Pvt. Ltd.)
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GoldenDict (HKLM\...\GoldenDict) (Version: - )
Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version: - Paulo Aguiar [EMAIL="paguiar@ibmc.up.pt"]paguiar@ibmc.up.pt[/EMAIL])
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version: - Programming Sunrise)
Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version: - )
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
==================== Loaded Modules (Whitelisted) ==============
2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Everything"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd64
Faulting application start time: 0x01d20f5170d1eb88
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 491dbe13-7b45-11e6-9746-7824af713162
Faulting package full name:
Faulting package-relative application ID:
Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1
Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x80070070).
Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).
Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).
Operation:
Processing PostFinalCommitSnapshots
Context:
Execution Context: System Provider
Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1
Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1
Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).
Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
System errors:
=============
Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).
Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.
Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).
Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).
Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
CodeIntegrity:
===================================
Date: 2016-09-15 17:30:10.237
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-15 17:26:57.021
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-15 14:34:45.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-13 10:18:04.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-10 14:03:59.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-09 01:35:54.942
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-08 23:42:48.471
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-08 23:27:44.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-08 16:23:02.143
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-02 20:41:04.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
Percentage of memory in use: 65%
Total physical RAM: 1933.14 MB
Available physical RAM: 663.49 MB
Total Virtual: 2260.77 MB
Available Virtual: 652.31 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)
Partition: GPT.
========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)
Partition: GPT.
==================== End of Addition.txt ============================
[SIZE=5][B][U]FRST
[/U][/B][/SIZE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
Running from C:\Users\john\Desktop
Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> cal
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [[URL="http://www.highrez.co.uk]"]www.highrez.co.uk][/URL])
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
U0 msahci; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
==================== Files in the root of some directories =======
2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Some zero byte size files/folders:
==========================
C:\Windows\System32\MRT.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-15 14:48
==================== End of FRST.txt ============================