Jump to content

Creed

Honorary Members
  • Posts

    71
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Alright I reran everything and all of the programs were removed successfully. I would also like to give a huge thanks to you and everybody else for helping me out! I'll also be sure to make my brother read that wikiHow on how to be safe on the internet so something like this does not occur again. Overall, all the help was much appreciated.
  2. After running Delfix the screen went black, is this supposed to happen? I'm currently on another computer.
  3. I think it worked, I manually deleted the folder and restarted the computer to see if it would return, and it didn't.
  4. Here are the logs Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by LIEM NGUYEN (administrator) on FAMILYPC (03-09-2016 01:27:15) Running from C:\Users\LIEM NGUYEN\Desktop Loaded Profiles: LIEM NGUYEN & ERIJA (Available Profiles: LIEM NGUYEN & BAXA & ERIJA & Administrator) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [402344 2015-12-19] () HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-08-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-08-27] (Qualcomm®Atheros®) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-11-12] (SlySoft, Inc.) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-07-21] (Nota Inc.) HKU\S-1-5-18\...\Run: [EPSON5BC0D3 (WorkForce 630)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => No File ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => No File Startup: C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk [2015-09-30] ShortcutTarget: Epson all-in-one Registration.lnk -> D:\Common\EpsonReg\EpsonReg.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{f9b16864-efa2-4723-a2b8-5552dea9c1f7}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3823346381-4191098200-709037831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2L&ocid=SK2LDHP&osmkt=en-us HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3823346381-4191098200-709037831-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3823346381-4191098200-709037831-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB URLSearchHook: HKU\S-1-5-21-3823346381-4191098200-709037831-1000 - (No Name) - {51518165-4261-4988-8d29-95b57e6851d7} - No File SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1000 -> DefaultScope {A4B9D40B-6820-4883-B71D-DC2DF94E87E9} URL = SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1000 -> {D9CD4853-F462-407A-8E7F-B75A6779258F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1002 -> DefaultScope {27B17EFE-86D8-428D-AF0C-A0FCAEAB57CE} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151110&p={searchTerms} SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1002 -> {27B17EFE-86D8-428D-AF0C-A0FCAEAB57CE} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151110&p={searchTerms} SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1002 -> {A4B9D40B-6820-4883-B71D-DC2DF94E87E9} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation) Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine.US: Yahoo Web FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=SK2L&ocid=SK2LDHP&osmkt=en-us hxxps://www.yahoo.com/?type=orcl_hpset FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2LDF&PC=SK2L&q= FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.) FF Plugin HKU\S-1-5-21-3823346381-4191098200-709037831-1002: @nsroblox.roblox.com/launcher -> C:\Users\ERIJA\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3823346381-4191098200-709037831-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\ERIJA\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF SearchPlugin: C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default\searchplugins\bing-.xml [2015-12-18] FF SearchPlugin: C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default\searchplugins\yahoo-ysp.xml [2015-11-19] FF Extension: (Bing Search) - C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-18] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Yahoo Partner) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-09-03] CHR Extension: (Google Slides) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-03] CHR Extension: (Google Docs) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-03] CHR Extension: (Google Drive) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-03] CHR Extension: (YouTube) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-03] CHR Extension: (Bing) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-03] CHR Extension: (Google Sheets) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-03] CHR Extension: (Avira Browser Safety) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-03] CHR Extension: (Google Docs Offline) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-03] CHR Extension: (Skype) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-03] CHR Extension: (Gmail) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-03] CHR Extension: (Chrome Media Router) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03] CHR HKU\S-1-5-21-3823346381-4191098200-709037831-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [988184 2016-08-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-08-25] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-08-27] (Windows (R) Win 7 DDK provider) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-08-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-11-07] (EasyAntiCheat Ltd) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-07-12] (Hi-Rez Studios) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-06-10] (Microsoft Corporation) [File not signed] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-26] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-26] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-03-31] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2016-03-31] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.) S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-08-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-08-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-08-04] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-08-27] (Qualcomm Atheros) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-08-16] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-16] (Zemana Ltd.) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 01:27 - 2016-09-03 01:27 - 00027401 _____ C:\Users\LIEM NGUYEN\Desktop\FRST.txt 2016-09-03 01:26 - 2016-09-03 01:26 - 00000000 ___RD C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-09-03 01:23 - 2016-09-03 01:23 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Avira 2016-09-03 01:21 - 2016-09-03 01:21 - 00000000 ___RD C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-09-03 01:12 - 2016-09-03 01:13 - 00002515 _____ C:\Users\LIEM NGUYEN\Desktop\Fixlog.txt 2016-09-03 01:12 - 2016-09-03 01:12 - 00000560 _____ C:\Users\LIEM NGUYEN\Downloads\Fixlist.txt 2016-09-03 01:12 - 2016-09-03 01:12 - 00000000 ____D C:\Program Files (x86)\SafeSavings 2016-09-03 00:57 - 2016-09-03 00:57 - 00003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-09-01 00:28 - 2016-09-01 00:28 - 01153912 _____ (Emsi Software GmbH) C:\Users\ERIJA\Downloads\BlitzBlank.exe 2016-09-01 00:28 - 2016-09-01 00:28 - 01153912 _____ (Emsi Software GmbH) C:\Users\ERIJA\Desktop\BlitzBlank.exe 2016-08-31 23:02 - 2016-08-31 23:02 - 00000405 _____ C:\Users\ERIJA\Downloads\Fixlog.txt 2016-08-31 23:02 - 2016-08-31 23:02 - 00000405 _____ C:\Users\ERIJA\Downloads\Fixlog (1).txt 2016-08-31 22:49 - 2016-08-31 22:49 - 00000110 _____ C:\Users\ERIJA\Downloads\fixlist (7).txt 2016-08-31 22:30 - 2016-08-31 22:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-08-31 21:09 - 2016-08-26 22:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-08-31 21:09 - 2016-08-26 22:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-08-31 21:09 - 2016-08-26 21:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-08-31 21:09 - 2016-08-26 21:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-08-31 21:09 - 2016-08-26 21:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-08-31 21:09 - 2016-08-26 21:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-08-31 21:09 - 2016-08-26 21:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-08-31 21:09 - 2016-08-26 21:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-08-31 21:09 - 2016-08-26 21:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-08-31 21:09 - 2016-08-19 23:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-31 21:09 - 2016-08-19 23:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-08-31 21:09 - 2016-08-19 22:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-31 21:09 - 2016-08-19 22:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-08-31 21:09 - 2016-08-19 22:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-31 21:09 - 2016-08-19 22:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-31 21:09 - 2016-08-19 22:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-08-31 21:09 - 2016-08-19 22:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-08-31 21:09 - 2016-08-19 22:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-08-31 21:09 - 2016-08-19 22:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-08-31 21:09 - 2016-08-19 22:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-08-31 21:09 - 2016-08-19 22:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-31 21:09 - 2016-08-19 22:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-08-31 21:09 - 2016-08-19 22:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-08-31 21:09 - 2016-08-19 22:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-08-31 21:09 - 2016-08-19 22:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-08-31 21:09 - 2016-08-19 22:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-08-31 21:09 - 2016-08-19 22:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-31 21:09 - 2016-08-19 22:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-08-31 21:09 - 2016-08-19 22:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-08-31 21:09 - 2016-08-19 22:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-08-31 21:09 - 2016-08-19 22:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-08-31 21:09 - 2016-08-19 22:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-31 21:09 - 2016-08-19 22:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-08-31 21:09 - 2016-08-19 22:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-08-31 21:09 - 2016-08-19 22:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-08-31 21:09 - 2016-08-19 22:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-08-31 21:09 - 2016-08-19 22:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-08-31 21:09 - 2016-08-19 22:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-08-31 21:09 - 2016-08-19 22:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-08-31 21:09 - 2016-08-19 22:18 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-08-31 21:09 - 2016-08-19 22:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys 2016-08-31 21:09 - 2016-08-19 22:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-08-31 21:09 - 2016-08-19 22:15 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-08-31 21:09 - 2016-08-19 22:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-08-31 21:09 - 2016-08-19 22:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-08-31 21:09 - 2016-08-19 22:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-08-31 21:09 - 2016-08-19 22:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-31 21:09 - 2016-08-19 22:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-08-31 21:09 - 2016-08-19 22:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-08-31 21:09 - 2016-08-19 22:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-08-31 21:09 - 2016-08-19 22:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-08-31 21:09 - 2016-08-19 22:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-08-31 21:09 - 2016-08-19 22:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-08-31 21:09 - 2016-08-19 22:11 - 00965120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-08-31 21:09 - 2016-08-19 22:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-08-31 21:09 - 2016-08-19 22:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-08-31 21:09 - 2016-08-19 22:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-08-31 21:09 - 2016-08-19 22:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-08-31 21:09 - 2016-08-19 22:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-08-31 21:09 - 2016-08-19 22:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-08-31 21:09 - 2016-08-19 22:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-08-31 21:09 - 2016-08-19 22:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-08-31 21:09 - 2016-08-19 22:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-08-31 21:09 - 2016-08-19 22:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-08-31 21:09 - 2016-08-19 22:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-31 21:09 - 2016-08-19 22:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-08-31 21:09 - 2016-08-19 22:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-08-31 21:09 - 2016-08-19 22:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-08-31 21:09 - 2016-08-19 22:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-08-31 21:09 - 2016-08-19 22:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-08-31 21:09 - 2016-08-19 22:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-08-31 21:09 - 2016-08-19 22:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-31 21:09 - 2016-08-19 22:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-31 21:09 - 2016-08-19 21:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-08-31 21:09 - 2016-08-19 21:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-31 21:09 - 2016-08-19 21:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-08-31 21:09 - 2016-08-19 21:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-31 21:09 - 2016-08-19 21:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-31 21:09 - 2016-08-19 21:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-08-31 21:09 - 2016-08-19 21:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-31 21:09 - 2016-08-19 21:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-08-31 21:08 - 2016-08-27 05:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-08-31 21:08 - 2016-08-27 02:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-08-31 21:08 - 2016-08-26 21:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-08-31 21:08 - 2016-08-26 21:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-08-31 21:08 - 2016-08-19 23:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-08-31 21:08 - 2016-08-19 23:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-08-31 21:08 - 2016-08-19 23:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-08-31 21:08 - 2016-08-19 23:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-08-31 21:08 - 2016-08-19 23:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-31 21:08 - 2016-08-19 23:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-08-31 21:08 - 2016-08-19 23:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-08-31 21:08 - 2016-08-19 23:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-08-31 21:08 - 2016-08-19 23:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-08-31 21:08 - 2016-08-19 22:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-08-31 21:08 - 2016-08-19 22:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-08-31 21:08 - 2016-08-19 22:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-31 21:08 - 2016-08-19 22:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-08-31 21:08 - 2016-08-19 22:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-08-31 21:08 - 2016-08-19 22:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-08-31 21:08 - 2016-08-19 22:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-08-31 21:08 - 2016-08-19 22:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-31 21:08 - 2016-08-19 22:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-08-31 21:08 - 2016-08-19 22:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-08-31 21:08 - 2016-08-19 22:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-08-31 21:08 - 2016-08-19 22:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-08-31 21:08 - 2016-08-19 22:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-08-31 21:08 - 2016-08-19 22:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-08-31 21:08 - 2016-08-19 22:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-31 21:08 - 2016-08-19 22:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-08-31 21:08 - 2016-08-19 22:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-08-31 21:08 - 2016-08-19 22:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-08-31 21:08 - 2016-08-19 22:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-08-31 21:08 - 2016-08-19 22:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-08-31 21:08 - 2016-08-19 22:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-08-31 21:08 - 2016-08-19 22:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-08-31 21:08 - 2016-08-19 22:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-08-31 21:08 - 2016-08-19 22:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-08-31 21:08 - 2016-08-19 22:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-31 21:08 - 2016-08-19 22:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-08-31 21:08 - 2016-08-19 22:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-08-31 21:08 - 2016-08-19 22:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-31 21:08 - 2016-08-19 22:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-08-31 21:08 - 2016-08-19 22:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-08-31 21:08 - 2016-08-19 22:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-08-31 21:08 - 2016-08-19 22:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-08-31 21:08 - 2016-08-19 22:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-08-31 21:08 - 2016-08-19 22:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-08-31 21:08 - 2016-08-19 22:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-08-31 21:08 - 2016-08-19 22:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-08-31 21:08 - 2016-08-19 22:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-08-31 21:08 - 2016-08-19 22:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-08-31 21:08 - 2016-08-19 22:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-31 21:08 - 2016-08-19 22:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-08-31 21:08 - 2016-08-19 22:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-08-31 21:08 - 2016-08-19 22:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-08-31 21:08 - 2016-08-19 22:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-08-31 21:08 - 2016-08-19 22:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-08-31 21:08 - 2016-08-19 22:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-31 21:08 - 2016-08-19 22:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-08-31 21:08 - 2016-08-19 22:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-08-31 21:08 - 2016-08-19 22:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-08-31 21:08 - 2016-08-19 22:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-08-31 21:08 - 2016-08-19 22:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-08-31 21:08 - 2016-08-19 22:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-08-31 21:08 - 2016-08-19 22:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-08-31 21:08 - 2016-08-19 22:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-08-31 21:08 - 2016-08-19 22:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-08-31 21:08 - 2016-08-19 22:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-08-31 21:08 - 2016-08-19 22:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-08-31 21:08 - 2016-08-19 22:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-08-31 21:08 - 2016-08-19 22:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-08-31 21:08 - 2016-08-19 22:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-08-31 21:08 - 2016-08-19 22:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-08-31 21:08 - 2016-08-19 22:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-08-31 21:08 - 2016-08-19 22:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-08-31 21:08 - 2016-08-19 22:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-08-31 21:08 - 2016-08-19 22:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-08-31 21:08 - 2016-08-19 22:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-08-31 21:08 - 2016-08-19 22:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-08-31 21:08 - 2016-08-19 22:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-08-31 21:08 - 2016-08-19 22:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-08-31 21:08 - 2016-08-19 21:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-08-31 21:08 - 2016-08-19 21:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-08-31 21:08 - 2016-08-19 21:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-31 21:08 - 2016-08-19 21:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-31 21:08 - 2016-08-19 21:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-08-31 21:08 - 2016-08-19 21:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-08-31 21:08 - 2016-08-19 21:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-08-31 21:08 - 2016-08-19 21:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-31 21:08 - 2016-08-19 21:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-08-31 21:08 - 2016-08-19 21:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-08-31 21:08 - 2016-08-19 21:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-08-31 21:08 - 2016-08-19 21:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-31 21:08 - 2016-08-19 21:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-08-31 21:08 - 2016-08-19 21:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-08-31 21:08 - 2016-08-18 18:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-08-30 22:13 - 2016-08-30 22:13 - 00017558 _____ C:\Users\ERIJA\AppData\Local\recently-used.xbel 2016-08-29 02:11 - 2016-08-29 02:11 - 00000200 _____ C:\Users\ERIJA\Downloads\fixlist (6).txt 2016-08-28 02:25 - 2016-08-28 02:25 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware 2016-08-26 19:55 - 2016-08-26 19:55 - 00009507 _____ C:\Users\ERIJA\Desktop\CCleaner Reg Backup.zip 2016-08-26 19:45 - 2016-08-26 19:46 - 00000000 ____D C:\Users\ERIJA\Desktop\CCleaner Reg Backup 2016-08-26 19:41 - 2016-08-26 19:41 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-08-26 19:41 - 2016-08-26 19:41 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-08-26 19:41 - 2016-08-26 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-08-26 19:41 - 2016-08-26 19:41 - 00000000 ____D C:\Program Files\CCleaner 2016-08-26 19:40 - 2016-08-26 19:40 - 05901584 _____ (Piriform Ltd) C:\Users\ERIJA\Downloads\ccsetup521_slim.exe 2016-08-26 01:05 - 2016-08-26 01:05 - 00002153 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk 2016-08-25 01:05 - 2016-08-25 01:05 - 15419469 _____ C:\Users\ERIJA\Downloads\creed 1.zip 2016-08-25 01:04 - 2016-08-25 01:04 - 15419469 _____ C:\Users\ERIJA\Desktop\creed 1.zip 2016-08-25 01:04 - 2016-08-25 01:04 - 01381184 _____ C:\Users\ERIJA\Desktop\creed 2.zip 2016-08-25 01:03 - 2016-08-25 01:03 - 17064980 _____ C:\Users\ERIJA\Desktop\creed 2.reg 2016-08-25 01:02 - 2016-08-25 01:02 - 198972598 _____ C:\Users\ERIJA\Desktop\creed 1.reg 2016-08-24 01:10 - 2016-08-24 01:10 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2016-08-24 01:10 - 2016-08-24 01:10 - 00000000 ____D C:\Program Files\Unlocker 2016-08-24 01:09 - 2016-08-24 01:09 - 01078591 _____ C:\Users\ERIJA\Downloads\Unlocker1.9.2.exe 2016-08-23 12:14 - 2016-08-05 21:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-08-23 12:14 - 2016-08-05 21:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-08-23 12:14 - 2016-08-05 21:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-08-23 12:14 - 2016-08-05 21:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-08-23 12:14 - 2016-08-05 21:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-23 12:14 - 2016-08-05 21:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-08-23 12:14 - 2016-08-05 21:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-08-23 12:14 - 2016-08-05 21:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-08-23 12:14 - 2016-08-05 21:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-08-23 12:14 - 2016-08-05 21:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-23 12:14 - 2016-08-05 21:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-08-23 12:14 - 2016-08-05 21:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-08-23 12:14 - 2016-08-05 21:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-23 12:14 - 2016-08-05 21:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-23 12:14 - 2016-08-05 21:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-23 12:14 - 2016-08-05 21:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-23 12:14 - 2016-08-05 21:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-08-23 12:14 - 2016-08-05 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-08-23 12:14 - 2016-08-05 20:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-08-23 12:14 - 2016-08-05 20:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-08-23 12:14 - 2016-08-05 20:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-08-23 12:14 - 2016-08-05 20:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-08-23 12:14 - 2016-08-05 20:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-08-23 12:14 - 2016-08-05 20:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-08-23 12:14 - 2016-08-05 20:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-08-23 12:14 - 2016-08-05 20:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-08-23 12:14 - 2016-08-05 20:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-08-23 12:14 - 2016-08-05 20:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-08-23 12:14 - 2016-08-05 20:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-23 12:14 - 2016-08-05 20:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-08-23 12:14 - 2016-08-05 20:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-08-23 12:14 - 2016-08-05 20:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-08-23 12:14 - 2016-08-05 20:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-08-23 12:14 - 2016-08-05 20:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-23 12:14 - 2016-08-05 20:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-23 12:14 - 2016-08-05 20:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-23 12:14 - 2016-08-05 20:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-08-23 12:14 - 2016-08-05 20:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-08-23 12:14 - 2016-08-05 20:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-23 12:14 - 2016-08-05 20:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-08-23 12:14 - 2016-08-05 20:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-23 12:14 - 2016-08-05 20:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-08-23 12:14 - 2016-08-05 20:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-08-23 12:14 - 2016-08-05 20:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-08-23 12:14 - 2016-08-05 20:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-23 12:14 - 2016-08-05 20:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-23 12:14 - 2016-08-05 20:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-08-23 12:14 - 2016-08-05 20:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-23 12:14 - 2016-08-05 20:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-23 12:14 - 2016-08-05 20:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-08-23 12:14 - 2016-08-05 20:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-08-23 12:14 - 2016-08-05 20:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-08-23 12:14 - 2016-08-05 20:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-08-23 12:14 - 2016-08-05 20:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-08-23 12:14 - 2016-08-05 20:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-08-23 12:14 - 2016-08-05 02:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-08-23 12:14 - 2016-08-05 02:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-08-23 12:14 - 2016-08-05 02:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-08-23 12:14 - 2016-08-05 02:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-08-23 12:14 - 2016-08-05 01:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-08-23 12:14 - 2016-08-05 01:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-08-23 12:14 - 2016-08-05 01:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-08-23 12:14 - 2016-08-05 01:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-08-23 12:14 - 2016-08-05 01:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-08-23 12:14 - 2016-08-05 01:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-08-23 12:13 - 2016-08-05 21:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-08-23 12:13 - 2016-08-05 21:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-08-23 12:13 - 2016-08-05 21:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-23 12:13 - 2016-08-05 21:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-23 12:13 - 2016-08-05 21:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-23 12:13 - 2016-08-05 21:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-08-23 12:13 - 2016-08-05 21:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-08-23 12:13 - 2016-08-05 21:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-08-23 12:13 - 2016-08-05 21:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-08-23 12:13 - 2016-08-05 21:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-23 12:13 - 2016-08-05 21:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-08-23 12:13 - 2016-08-05 21:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-08-23 12:13 - 2016-08-05 21:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-23 12:13 - 2016-08-05 21:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-23 12:13 - 2016-08-05 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-08-23 12:13 - 2016-08-05 20:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-08-23 12:13 - 2016-08-05 20:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-08-23 12:13 - 2016-08-05 20:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-08-23 12:13 - 2016-08-05 20:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-08-23 12:13 - 2016-08-05 20:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-08-23 12:13 - 2016-08-05 20:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-08-23 12:13 - 2016-08-05 20:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-08-23 12:13 - 2016-08-05 20:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-08-23 12:13 - 2016-08-05 20:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-08-23 12:13 - 2016-08-05 20:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-08-23 12:13 - 2016-08-05 20:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-08-23 12:13 - 2016-08-05 20:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-08-23 12:13 - 2016-08-05 20:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-08-23 12:13 - 2016-08-05 20:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-08-23 12:13 - 2016-08-05 20:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-08-23 12:13 - 2016-08-05 20:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-08-23 12:13 - 2016-08-05 20:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-08-23 12:13 - 2016-08-05 20:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-08-23 12:13 - 2016-08-05 20:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-08-23 12:13 - 2016-08-05 20:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-08-23 12:13 - 2016-08-05 20:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-08-23 12:13 - 2016-08-05 20:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-08-23 12:13 - 2016-08-05 20:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-08-23 12:13 - 2016-08-05 20:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-23 12:13 - 2016-08-05 20:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-08-23 12:13 - 2016-08-05 20:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-08-23 12:13 - 2016-08-05 20:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-23 12:13 - 2016-08-05 20:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-23 12:13 - 2016-08-05 20:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-23 12:13 - 2016-08-05 20:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-23 12:13 - 2016-08-05 20:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-08-23 12:13 - 2016-08-05 20:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-08-23 12:13 - 2016-08-05 01:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-08-23 12:13 - 2016-08-05 01:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-08-22 23:11 - 2016-08-22 23:11 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Remove_Empty_Directories 2016-08-22 23:07 - 2016-08-22 23:07 - 00404482 _____ (Jonas John ) C:\Users\ERIJA\Downloads\red-v2.2-setup.exe 2016-08-22 23:07 - 2016-08-22 23:07 - 00001166 _____ C:\Users\Public\Desktop\Remove Empty Directories.lnk 2016-08-22 23:07 - 2016-08-22 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remove Empty Directories 2016-08-22 23:07 - 2016-08-22 23:07 - 00000000 ____D C:\Program Files (x86)\Remove Empty Directories 2016-08-21 15:56 - 2016-08-21 15:56 - 00000000 ____D C:\Users\ERIJA\Desktop\New folder (2) 2016-08-21 15:55 - 2016-08-21 15:55 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ERIJA\Downloads\mbar-1.09.3.1001 (1).exe 2016-08-21 14:57 - 2016-08-21 14:57 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2016-08-21 13:04 - 2016-08-21 13:04 - 00001434 _____ C:\Users\ERIJA\Desktop\FRST64 - Shortcut.lnk 2016-08-21 13:04 - 2016-08-21 13:04 - 00001434 _____ C:\Users\ERIJA\Desktop\FRST64 - Shortcut (2).lnk 2016-08-21 00:42 - 2016-09-03 01:00 - 00049591 _____ C:\Users\ERIJA\Desktop\Addition.txt 2016-08-21 00:40 - 2016-09-03 01:00 - 00118121 _____ C:\Users\ERIJA\Desktop\FRST.txt 2016-08-21 00:36 - 2016-08-21 00:36 - 00000000 ____D C:\WINDOWS\Panther 2016-08-20 01:01 - 2016-08-20 01:01 - 00000144 _____ C:\Users\ERIJA\Downloads\fixlist (5).txt 2016-08-17 15:37 - 2016-09-03 01:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-08-17 15:34 - 2016-08-17 15:34 - 00000000 _____ C:\WINDOWS\EEventManager.INI 2016-08-17 15:33 - 2016-08-17 15:33 - 00002389 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-17 15:33 - 2016-08-17 15:33 - 00000000 ___RD C:\Users\Administrator\OneDrive 2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Folder 2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\BMExplorer 2016-08-17 15:30 - 2016-08-17 15:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Epson 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Atheros 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn 2016-08-17 15:28 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages 2016-08-17 15:28 - 2016-08-17 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2016-08-17 15:28 - 2016-08-17 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-08-17 15:27 - 2016-08-17 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi 2016-08-17 15:27 - 2016-08-17 15:37 - 00000000 ____D C:\Users\Administrator 2016-08-17 15:27 - 2016-08-17 15:36 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles 2016-08-17 15:27 - 2016-08-17 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2016-08-17 15:27 - 2016-08-17 15:27 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\My Documents 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer 2016-08-17 15:27 - 2016-08-13 22:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2016-08-17 15:27 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs 2016-08-17 14:26 - 2016-08-17 14:26 - 00007098 _____ C:\Users\ERIJA\Desktop\F7.reg 2016-08-17 14:24 - 2016-08-17 14:24 - 00000414 _____ C:\Users\ERIJA\Desktop\svchostnode.reg 2016-08-17 14:24 - 2016-08-17 14:24 - 00000384 _____ C:\Users\ERIJA\Desktop\MsMpEngNode.reg 2016-08-17 14:21 - 2016-08-17 14:21 - 00000390 _____ C:\Users\ERIJA\Desktop\svchost.reg 2016-08-17 14:19 - 2016-08-17 14:19 - 00000360 _____ C:\Users\ERIJA\Desktop\MsMpEng.reg 2016-08-17 10:22 - 2016-08-17 10:22 - 00002142 _____ C:\Users\ERIJA\Downloads\post-131616-0-43868400-1362501503.ipb 2016-08-17 08:49 - 2016-08-17 08:49 - 00002058 _____ C:\Users\LIEM NGUYEN\Desktop\Add_Take_Ownership_to_context_menu.reg 2016-08-17 00:37 - 2016-08-17 00:37 - 00003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2016-08-16 16:46 - 2016-08-16 16:46 - 00000000 ____D C:\Users\ERIJA\Desktop\New folder 2016-08-16 16:36 - 2016-08-16 16:43 - 27326629 _____ C:\Users\ERIJA\Downloads\tweaking.com_windows_repair_aio.zip 2016-08-16 16:12 - 2016-08-16 16:12 - 00002058 _____ C:\Users\ERIJA\Downloads\Add_Take_Ownership_to_context_menu.reg 2016-08-16 16:12 - 2016-08-16 16:12 - 00002058 _____ C:\Users\ERIJA\Desktop\Add_Take_Ownership_to_context_menu.reg 2016-08-16 15:56 - 2016-08-16 15:56 - 00000280 _____ C:\Users\ERIJA\Downloads\fixlist (4).txt 2016-08-16 15:37 - 2016-08-16 15:37 - 00000126 _____ C:\Users\ERIJA\Downloads\fixlist (3).txt 2016-08-16 15:36 - 2016-08-16 15:36 - 00000126 _____ C:\Users\ERIJA\Downloads\fixlist (2).txt 2016-08-16 15:29 - 2016-08-29 02:12 - 00000000 ____D C:\Users\ERIJA\Desktop\Old Logs 2016-08-16 15:28 - 2016-08-16 15:28 - 00000124 _____ C:\Users\ERIJA\Downloads\fixlist (1).txt 2016-08-16 03:36 - 2016-08-16 03:36 - 00803729 _____ C:\Users\ERIJA\Desktop\CBS logs.zip 2016-08-16 03:01 - 2016-08-16 03:01 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Zemana 2016-08-16 02:52 - 2016-08-16 02:52 - 00000805 _____ C:\Users\LIEM NGUYEN\Desktop\Zemana Logs.txt 2016-08-16 02:22 - 2016-09-03 01:27 - 00093912 _____ C:\WINDOWS\ZAM.krnl.trace 2016-08-16 02:22 - 2016-09-03 01:27 - 00056827 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-08-16 02:22 - 2016-08-16 02:22 - 05700024 _____ ( ) C:\Users\ERIJA\Downloads\Zemana.AntiMalware.Setup.exe 2016-08-16 02:22 - 2016-08-16 02:22 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2016-08-16 02:22 - 2016-08-16 02:22 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2016-08-16 02:22 - 2016-08-16 02:22 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-08-16 02:22 - 2016-08-16 02:22 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Zemana 2016-08-16 02:22 - 2016-08-16 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-08-16 02:22 - 2016-08-16 02:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-08-15 15:57 - 2016-08-15 15:57 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-08-15 15:57 - 2016-08-15 15:57 - 00000000 ____D C:\ProgramData\Sophos 2016-08-15 15:57 - 2016-08-15 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-08-15 15:57 - 2016-08-15 15:57 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-08-15 15:55 - 2016-08-15 20:58 - 00001390 _____ C:\Users\LIEM NGUYEN\Desktop\JRT.txt 2016-08-15 15:15 - 2016-08-15 15:56 - 150952808 _____ (Sophos Limited) C:\Users\ERIJA\Desktop\Sophos Virus Removal Tool.exe 2016-08-15 15:11 - 2016-08-15 15:53 - 01610560 _____ (Malwarebytes) C:\Users\ERIJA\Desktop\JRT.exe 2016-08-15 15:11 - 2016-08-15 15:11 - 00002546 _____ C:\Users\ERIJA\Downloads\Fixlist.txt 2016-08-15 15:10 - 2016-08-15 15:11 - 150952808 _____ (Sophos Limited) C:\Users\ERIJA\Downloads\Sophos Virus Removal Tool.exe 2016-08-15 15:10 - 2016-08-15 15:10 - 01610560 _____ (Malwarebytes) C:\Users\ERIJA\Downloads\JRT.exe 2016-08-15 10:50 - 2016-09-03 00:58 - 00000000 ____D C:\Users\ERIJA\Desktop\FRST-OlderVersion 2016-08-15 10:40 - 2016-09-03 01:27 - 00000000 ____D C:\FRST 2016-08-15 10:39 - 2016-09-03 00:58 - 02397696 _____ (Farbar) C:\Users\LIEM NGUYEN\Desktop\FRST64.exe 2016-08-15 10:39 - 2016-08-15 10:39 - 02394624 _____ (Farbar) C:\Users\ERIJA\Downloads\FRST64.exe 2016-08-15 09:58 - 2016-08-16 01:13 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09A708BC-E5C0-462C-9110-B743AB2AE0B9} 2016-08-15 09:22 - 2016-08-15 09:22 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-FAMILYPC-Windows-10-Pro-(64-bit).dat 2016-08-15 09:13 - 2016-08-15 09:22 - 00000000 ____D C:\RegBackup 2016-08-15 09:11 - 2016-08-15 09:11 - 03251071 _____ C:\Users\ERIJA\Downloads\tweaking.com_registry_backup_portable.zip 2016-08-15 09:10 - 2016-08-15 09:39 - 00003870 _____ C:\Users\LIEM NGUYEN\Desktop\Rkill Log.txt 2016-08-15 08:46 - 2016-08-16 03:16 - 00003868 _____ C:\Users\LIEM NGUYEN\Desktop\Rkill.txt 2016-08-15 08:46 - 2016-08-15 08:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ERIJA\Downloads\rkill.exe 2016-08-15 08:46 - 2016-08-15 08:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ERIJA\Desktop\rkill.exe 2016-08-14 10:10 - 2016-08-14 10:30 - 00000000 ____D C:\WINDOWS\pss 2016-08-14 02:25 - 2016-08-15 08:45 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-08-14 02:25 - 2016-08-15 08:45 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-08-14 02:25 - 2016-08-15 08:45 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-14 02:25 - 2016-08-15 08:45 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-14 02:25 - 2016-08-14 02:25 - 00987728 _____ (Google Inc.) C:\Users\ERIJA\Desktop\ChromeSetup.exe 2016-08-14 02:25 - 2016-08-14 02:25 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-14 02:25 - 2016-08-14 02:25 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-14 01:12 - 2016-08-14 01:12 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\PeerDistRepub 2016-08-14 01:10 - 2016-08-14 02:11 - 00000000 ____D C:\AdwCleaner 2016-08-14 01:09 - 2016-08-14 01:09 - 03784256 _____ C:\Users\ERIJA\Downloads\adwcleaner_6.000.exe 2016-08-13 22:58 - 2016-08-13 22:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe 2016-08-13 22:58 - 2016-08-13 22:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe 2016-08-13 22:56 - 2016-08-13 22:56 - 00000003 _____ C:\Users\ERIJA\Downloads\2.txt 2016-08-13 22:56 - 2016-08-13 22:56 - 00000003 _____ C:\Users\ERIJA\Downloads\1.txt 2016-08-13 17:44 - 2016-08-13 17:44 - 00000043 _____ C:\Users\ERIJA\.gtk-bookmarks 2016-08-12 11:51 - 2016-08-27 19:26 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2016-08-12 11:51 - 2016-08-12 11:51 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (14).exe 2016-08-12 11:47 - 2016-08-12 11:47 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (13).exe 2016-08-12 11:47 - 2016-08-12 11:47 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (12).exe 2016-08-12 11:41 - 2016-08-12 11:41 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (11).exe 2016-08-12 11:23 - 2016-08-12 11:23 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (10).exe 2016-08-11 23:52 - 2016-08-11 23:52 - 00000000 ____D C:\Users\BAXA\AppData\Local\Comms 2016-08-11 23:50 - 2016-08-11 23:50 - 00000000 __SHD C:\Users\BAXA\IntelGraphicsProfiles 2016-08-11 20:33 - 2016-08-11 20:33 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (9).exe 2016-08-11 20:29 - 2016-08-11 20:29 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (8).exe 2016-08-11 20:24 - 2016-08-11 20:24 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (7).exe 2016-08-11 20:23 - 2016-08-11 20:23 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (6).exe 2016-08-11 20:21 - 2016-08-11 20:21 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (5).exe 2016-08-11 20:17 - 2016-08-11 20:17 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (4).exe 2016-08-11 20:16 - 2016-08-11 20:16 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (3).exe 2016-08-10 10:48 - 2016-08-02 01:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-08-10 10:48 - 2016-08-02 01:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-08-10 10:48 - 2016-08-02 00:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:48 - 2016-08-01 21:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-09 08:35 - 2016-08-09 08:35 - 00000000 ____D C:\Users\ERIJA\AppData\Local\webkit 2016-08-09 08:31 - 2016-08-30 21:17 - 00000000 ____D C:\Users\ERIJA\AppData\Local\gtk-2.0 2016-08-09 08:31 - 2016-08-09 08:31 - 00000000 ____D C:\Users\ERIJA\.thumbnails 2016-08-09 08:15 - 2016-08-31 20:42 - 00000000 ____D C:\Users\ERIJA\.gimp-2.8 2016-08-09 08:15 - 2016-08-09 08:15 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2016-08-09 08:15 - 2016-08-09 08:15 - 00000000 ____D C:\Users\ERIJA\AppData\Local\gegl-0.2 2016-08-09 08:15 - 2016-08-09 08:15 - 00000000 ____D C:\Program Files\GIMP 2 2016-08-09 08:03 - 2016-08-09 08:07 - 77404656 _____ (The GIMP Team ) C:\Users\ERIJA\Downloads\gimp-2.8.18-setup.exe 2016-08-08 08:56 - 2016-08-08 08:56 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\inkscape 2016-08-08 08:56 - 2016-08-08 08:56 - 00000000 ____D C:\Users\ERIJA\AppData\Local\fontconfig 2016-08-08 08:52 - 2016-08-08 08:53 - 97868152 _____ C:\Users\ERIJA\Downloads\inkscape-0.91-x64.msi 2016-08-05 23:27 - 2016-08-15 13:44 - 00000000 ____D C:\Users\ERIJA\Desktop\Games 2016-08-05 13:11 - 2016-08-05 13:11 - 00003426 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask 2016-08-05 13:11 - 2016-08-05 13:11 - 00003306 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest 2016-08-05 13:11 - 2016-08-05 13:11 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2016-08-05 13:11 - 2016-08-05 13:11 - 00000000 ____D C:\Program Files\Dell Support Center 2016-08-04 23:29 - 2016-08-04 23:29 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Comms 2016-08-04 22:10 - 2016-08-04 22:10 - 00000000 ____D C:\Program Files\CMAK 2016-08-04 22:10 - 2016-08-04 22:10 - 00000000 ____D C:\Program Files (x86)\CMAK 2016-08-04 19:41 - 2016-07-21 18:32 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-08-04 19:41 - 2016-07-21 18:25 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-08-04 19:41 - 2016-07-21 18:18 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-08-04 19:41 - 2016-07-21 18:18 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-08-04 19:41 - 2016-07-21 18:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-08-04 19:41 - 2016-07-21 17:32 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-08-04 19:41 - 2016-07-21 17:31 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-08-04 17:51 - 2016-08-17 15:39 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\MicrosoftEdge 2016-08-04 17:48 - 2016-09-03 00:57 - 00002383 _____ C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-04 17:48 - 2016-09-03 00:57 - 00000000 ___RD C:\Users\LIEM NGUYEN\OneDrive 2016-08-04 17:46 - 2016-08-04 17:46 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Publishers 2016-08-04 17:45 - 2016-09-03 01:13 - 00000000 __SHD C:\Users\LIEM NGUYEN\IntelGraphicsProfiles 2016-08-04 17:45 - 2016-08-17 00:43 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Packages 2016-08-04 17:45 - 2016-08-04 23:29 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\ConnectedDevicesPlatform 2016-08-04 17:45 - 2016-08-04 17:45 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\TileDataLayer 2016-08-04 17:44 - 2016-08-14 02:19 - 00000000 ____D C:\Users\ERIJA\AppData\Local\MicrosoftEdge 2016-08-04 17:29 - 2016-08-04 17:29 - 00000020 ___SH C:\Users\LIEM NGUYEN\ntuser.ini 2016-08-04 17:26 - 2016-08-04 17:26 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\WINDOWS\system32\msmq 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files\MSBuild 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\inetpub 2016-08-04 17:24 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-08-04 17:24 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-08-04 17:17 - 2016-08-04 17:17 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Comms 2016-08-04 17:11 - 2016-09-03 01:21 - 00000000 __SHD C:\Users\ERIJA\IntelGraphicsProfiles 2016-08-04 17:08 - 2016-09-03 01:22 - 00002365 _____ C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-04 17:08 - 2016-08-04 17:08 - 00000000 ___RD C:\Users\ERIJA\OneDrive 2016-08-04 17:07 - 2016-08-04 17:07 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-08-04 17:06 - 2016-08-04 17:06 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Publishers 2016-08-04 17:05 - 2016-08-05 17:59 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Packages 2016-08-04 17:05 - 2016-08-04 17:56 - 00000000 ____D C:\Users\ERIJA\AppData\Local\ConnectedDevicesPlatform 2016-08-04 17:05 - 2016-08-04 17:05 - 00002362 _____ C:\Users\BAXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-04 17:05 - 2016-08-04 17:05 - 00000020 ___SH C:\Users\ERIJA\ntuser.ini 2016-08-04 17:05 - 2016-08-04 17:05 - 00000000 ___RD C:\Users\BAXA\OneDrive 2016-08-04 17:05 - 2016-08-04 17:05 - 00000000 ____D C:\Users\ERIJA\AppData\Local\TileDataLayer 2016-08-04 17:04 - 2016-08-04 17:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-08-04 17:02 - 2016-09-03 00:56 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-04 17:02 - 2016-08-11 23:53 - 00000000 ____D C:\Users\BAXA\AppData\Local\Packages 2016-08-04 17:02 - 2016-08-11 23:51 - 00000000 ____D C:\Users\BAXA\AppData\Local\ConnectedDevicesPlatform 2016-08-04 17:02 - 2016-08-04 17:02 - 00000000 ____D C:\Users\BAXA\AppData\Local\TileDataLayer 2016-08-04 17:02 - 2016-08-04 17:02 - 00000000 ____D C:\Users\BAXA\AppData\Local\Publishers 2016-08-04 17:01 - 2016-08-04 17:01 - 00000020 ___SH C:\Users\BAXA\ntuser.ini 2016-08-04 16:50 - 2016-08-04 16:50 - 00000000 ____D C:\ProgramData\USOShared 2016-08-04 16:49 - 2016-08-04 16:49 - 00015243 _____ C:\WINDOWS\diagwrn.xml 2016-08-04 16:49 - 2016-08-04 16:49 - 00015243 _____ C:\WINDOWS\diagerr.xml 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\My Documents 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-08-04 16:48 - 2016-09-03 01:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-04 16:48 - 2016-08-04 16:48 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-08-04 16:48 - 2016-08-04 16:48 - 00003926 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2016-08-04 16:48 - 2016-08-04 16:48 - 00003542 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily 2016-08-04 16:48 - 2016-08-04 16:48 - 00003542 _____ C:\WINDOWS\System32\Tasks\Avira Browser Safety Updater Task 2016-08-04 16:48 - 2016-08-04 16:48 - 00003416 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{B0530FA4-306A-4536-BE5C-42FB4F6965A4} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{61654EBC-9141-4633-ABBF-19E303AAB640} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{574243F6-E494-4573-B7AC-38DA2F9537C1} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{524BD0D8-A3A7-479F-87C3-425B58345864} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{353A4FF8-D3E2-498D-BBBA-1FB0BD9E27B2} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{1D5541E5-C298-4640-B930-9C4C23ACC291} 2016-08-04 16:48 - 2016-08-04 16:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-08-04 16:38 - 2016-08-04 16:38 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi 2016-08-04 16:37 - 2016-08-04 16:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2016-08-04 16:35 - 2016-09-03 01:12 - 00000000 ____D C:\Users\ERIJA 2016-08-04 16:35 - 2016-08-29 00:59 - 00000000 ____D C:\Users\LIEM NGUYEN 2016-08-04 16:35 - 2016-08-11 23:50 - 00000000 ____D C:\Users\BAXA 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\My Documents 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\Documents\My Videos 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\Documents\My Pictures 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\Documents\My Music 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\My Documents 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\Documents\My Videos 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\Documents\My Pictures 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\Documents\My Music 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\My Documents 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\Documents\My Videos 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\Documents\My Pictures 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\Documents\My Music 2016-08-04 16:34 - 2016-09-03 01:18 - 00931708 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-04 16:34 - 2016-08-17 00:32 - 01735714 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-08-04 16:32 - 2016-08-04 16:32 - 00849522 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat 2016-08-04 16:32 - 2016-08-04 16:32 - 00188557 _____ C:\WINDOWS\system32\Drivers\rtwaves40.dat 2016-08-04 16:32 - 2016-08-04 16:32 - 00017972 _____ C:\WINDOWS\system32\Drivers\rtwavesvpcap.dat 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____D C:\Program Files\Realtek 2016-08-04 16:31 - 2016-08-04 16:37 - 00000000 ____D C:\Program Files\Intel 2016-08-04 16:31 - 2016-08-04 16:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2016-08-04 16:31 - 2015-12-19 01:08 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2016-08-04 16:30 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-08-04 16:29 - 2016-09-03 00:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-08-04 16:29 - 2016-08-31 22:33 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-04 16:29 - 2016-08-04 16:29 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-08-04 12:11 - 2016-08-04 12:12 - 00000036 _____ C:\WINDOWS\progress.ini 2016-08-04 11:22 - 2016-08-04 17:45 - 00000000 ____D C:\Windows10Upgrade 2016-08-04 11:22 - 2016-08-04 17:01 - 00000000 ___HD C:\$GetCurrent 2016-08-04 11:22 - 2016-08-04 11:22 - 00000696 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk 2016-08-04 11:22 - 2016-08-04 11:22 - 00000684 _____ C:\Users\LIEM NGUYEN\Desktop\Windows 10 Upgrade Assistant.lnk 2016-08-04 11:21 - 2016-08-04 11:21 - 05791104 _____ (Microsoft Corporation) C:\Users\ERIJA\Downloads\Windows10Upgrade24074.exe 2016-08-04 09:17 - 2016-08-04 09:21 - 372662088 _____ (Duodian Technology Co. Ltd.) C:\Users\ERIJA\Downloads\nox_setup_v3.7.1.0_full_En_pokemon_0801.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 01:27 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-09-03 01:26 - 2014-05-25 22:09 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-09-03 01:21 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-03 01:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-03 01:21 - 2015-11-22 23:32 - 00000000 ____D C:\Users\ERIJA\AppData\Local\LogMeIn Hamachi 2016-09-03 01:17 - 2015-10-02 21:45 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-03 01:16 - 2016-05-28 01:32 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\LogMeIn Hamachi 2016-09-03 01:15 - 2015-10-11 10:04 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Skype 2016-09-03 01:12 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-09-03 01:12 - 2015-11-06 20:31 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\LocalLow\Temp 2016-09-02 22:56 - 2015-10-02 21:24 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Skype 2016-09-02 04:03 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-01 18:03 - 2015-10-02 22:08 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\.minecraft 2016-09-01 17:37 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache 2016-08-31 22:34 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF 2016-08-31 22:31 - 2016-07-16 07:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-08-31 21:02 - 2016-07-16 04:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2016-08-31 21:02 - 2016-07-16 04:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-08-31 21:02 - 2016-07-16 04:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-08-31 21:02 - 2016-07-16 04:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-08-31 21:02 - 2016-07-16 04:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-08-31 21:01 - 2016-07-16 04:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-08-31 21:01 - 2016-07-16 04:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-08-31 21:01 - 2016-07-16 04:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-08-31 21:01 - 2016-07-16 04:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-08-31 21:01 - 2016-07-16 04:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-08-31 17:29 - 2015-10-02 21:24 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-31 17:29 - 2015-10-02 21:24 - 00000000 ____D C:\ProgramData\Skype 2016-08-30 22:13 - 2016-04-13 19:20 - 00000000 ____D C:\Users\ERIJA\Desktop\Paint 2016-08-27 19:02 - 2016-04-15 08:47 - 00000000 ____D C:\Users\ERIJA\Desktop\Wallpaper 2016-08-26 19:43 - 2015-09-19 00:32 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\CrashDumps 2016-08-26 01:05 - 2016-08-01 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-08-25 22:43 - 2016-07-16 04:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-08-25 22:43 - 2016-07-16 04:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-25 11:50 - 2015-12-31 00:35 - 00000000 ____D C:\ProgramData\Package Cache 2016-08-24 10:23 - 2016-07-17 21:20 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-08-24 10:23 - 2016-07-17 21:13 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Battle.net 2016-08-24 10:23 - 2016-07-17 21:09 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-24 10:22 - 2016-07-17 21:13 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Battle.net 2016-08-24 10:22 - 2016-07-17 21:06 - 00000000 ____D C:\ProgramData\Battle.net 2016-08-23 17:28 - 2016-01-31 18:46 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-08-23 17:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-21 16:28 - 2016-08-01 08:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-08-21 16:27 - 2016-08-01 08:55 - 00000000 ____D C:\Users\LIEM NGUYEN\Desktop\mbar 2016-08-21 15:57 - 2016-08-01 08:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-08-21 15:56 - 2016-08-01 08:00 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-08-21 13:01 - 2015-09-19 13:04 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\ElevatedDiagnostics 2016-08-17 15:31 - 2016-01-02 14:32 - 00000000 ____D C:\ProgramData\Atheros 2016-08-17 03:06 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-08-17 00:57 - 2014-05-26 12:48 - 00000000 ____D C:\WINDOWS\CSC 2016-08-15 21:31 - 2015-09-18 21:25 - 00000000 ____D C:\Users\LIEM NGUYEN\Documents\Bluetooth Folder 2016-08-15 21:03 - 2015-10-27 18:18 - 00000125 ___SH C:\ProgramData\.zreglib 2016-08-15 09:58 - 2015-11-04 21:33 - 00000000 __SHD C:\Users\ERIJA\AppData\Local\EmieUserList 2016-08-15 09:58 - 2015-11-04 21:33 - 00000000 __SHD C:\Users\ERIJA\AppData\Local\EmieSiteList 2016-08-14 11:01 - 2015-09-19 03:20 - 00000000 ____D C:\Users\ERIJA\Documents\Bluetooth Folder 2016-08-14 10:12 - 2015-09-18 23:15 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Google 2016-08-14 09:14 - 2016-08-01 08:00 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-14 02:25 - 2015-09-18 23:15 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-14 01:32 - 2015-09-18 22:06 - 00000000 __SHD C:\Users\LIEM NGUYEN\AppData\Local\EmieUserList 2016-08-14 01:32 - 2015-09-18 22:06 - 00000000 __SHD C:\Users\LIEM NGUYEN\AppData\Local\EmieSiteList 2016-08-12 20:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-08-12 11:53 - 2015-10-02 22:33 - 00000250 _____ C:\Users\ERIJA\AppData\LocalLow\rbxcsettings.rbx 2016-08-12 09:02 - 2016-06-20 12:59 - 00000000 ____D C:\Users\BAXA\AppData\Local\LogMeIn Hamachi 2016-08-11 23:52 - 2015-09-19 03:19 - 00000000 ____D C:\Users\BAXA\Documents\Bluetooth Folder 2016-08-11 21:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-08-11 20:48 - 2016-08-01 11:25 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-11 20:39 - 2016-08-01 11:25 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-09 01:05 - 2015-11-06 20:30 - 00000000 ____D C:\Users\LIEM NGUYEN\Documents\HOMESWEETHOME 2016-08-08 15:11 - 2015-10-03 09:47 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-05 23:37 - 2016-07-06 20:26 - 00000000 ____D C:\Users\ERIJA\Desktop\Stuff 2016-08-05 13:11 - 2014-05-25 22:05 - 00000000 ____D C:\ProgramData\PCDr 2016-08-05 13:11 - 2014-05-25 22:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-08-05 03:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-08-04 23:47 - 2016-07-25 15:15 - 00000000 ____D C:\Program Files (x86)\Gyazo 2016-08-04 18:10 - 2016-02-21 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-04 17:28 - 2016-07-16 04:49 - 00000000 ____D C:\WINDOWS\Setup 2016-08-04 17:28 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-08-04 17:25 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2016-08-04 17:25 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2016-08-04 17:25 - 2016-07-16 04:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2016-08-04 17:25 - 2016-07-16 04:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof 2016-08-04 17:25 - 2016-07-16 04:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2016-08-04 17:25 - 2016-07-16 04:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2016-08-04 17:25 - 2016-07-16 04:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2016-08-04 17:25 - 2016-07-16 04:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2016-08-04 17:25 - 2016-07-16 04:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2016-08-04 17:15 - 2014-05-26 14:22 - 00000000 __SHD C:\System Recovery 2016-08-04 17:11 - 2014-05-26 12:49 - 00000000 ____D C:\Intel 2016-08-04 17:07 - 2016-08-01 08:43 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-08-04 17:07 - 2016-08-01 08:43 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-08-04 17:07 - 2016-08-01 08:43 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-08-04 17:07 - 2016-08-01 08:43 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2016-08-04 16:50 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-08-04 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-08-04 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration 2016-08-04 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-04 16:48 - 2009-07-13 20:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-08-04 16:47 - 2016-07-16 04:47 - 00000000 __RSD C:\WINDOWS\Media 2016-08-04 16:47 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-08-04 16:44 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-08-04 16:40 - 2016-08-01 21:47 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2016-08-04 16:40 - 2016-08-01 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-04 16:40 - 2016-07-25 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo 2016-08-04 16:40 - 2016-07-20 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-08-04 16:40 - 2016-07-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2016-08-04 16:40 - 2016-02-14 18:53 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher 2016-08-04 16:40 - 2016-01-31 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2016-08-04 16:40 - 2016-01-02 13:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program 2016-08-04 16:40 - 2015-12-13 20:54 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-04 16:40 - 2015-11-19 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-08-04 16:40 - 2015-11-04 14:10 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-08-04 16:40 - 2015-11-04 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-08-04 16:40 - 2015-10-05 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2016-08-04 16:40 - 2015-10-02 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2016-08-04 16:40 - 2015-10-02 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-04 16:40 - 2015-09-30 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2016-08-04 16:40 - 2015-09-30 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2016-08-04 16:40 - 2015-09-22 16:13 - 00000000 ____D C:\Users\BAXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-08-04 16:40 - 2014-05-25 22:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-08-04 16:40 - 2014-05-25 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio 2016-08-04 16:40 - 2014-05-25 21:59 - 00000000 ____D C:\WINDOWS\system32\nn-NO 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\IME 2016-08-04 16:38 - 2014-05-25 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-08-04 16:38 - 2009-07-13 20:20 - 00000000 ____D C:\Users\Default.migrated 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 __SHD C:\Program Files\Windows Sidebar 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\schemas 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-08-04 16:37 - 2015-12-13 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2016-08-04 16:37 - 2015-12-12 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-08-04 16:37 - 2015-11-28 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft 2016-08-04 16:37 - 2015-11-23 18:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2016-08-04 16:37 - 2014-05-25 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot 2016-08-04 16:37 - 2014-05-25 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net 2016-08-04 16:37 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-08-04 16:37 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker 2016-08-04 16:34 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-08-04 16:32 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-08-04 16:32 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-08-04 16:13 - 2009-07-13 21:45 - 00021312 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-04 16:13 - 2009-07-13 21:45 - 00021312 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 ==================== Files in the root of some directories ======= 2015-10-27 18:18 - 2016-08-15 21:03 - 0000125 ___SH () C:\ProgramData\.zreglib 2016-08-04 16:32 - 2016-08-04 16:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\ERIJA\AppData\Local\Temp\avgnt.exe C:\Users\LIEM NGUYEN\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-28 22:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by LIEM NGUYEN (03-09-2016 01:28:15) Running from C:\Users\LIEM NGUYEN\Desktop Windows 10 Pro Version 1607 (X64) (2016-08-05 00:01:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3823346381-4191098200-709037831-500 - Administrator - Disabled) => C:\Users\Administrator BAXA (S-1-5-21-3823346381-4191098200-709037831-1001 - Limited - Enabled) => C:\Users\BAXA DefaultAccount (S-1-5-21-3823346381-4191098200-709037831-503 - Limited - Disabled) ERIJA (S-1-5-21-3823346381-4191098200-709037831-1002 - Limited - Enabled) => C:\Users\ERIJA Guest (S-1-5-21-3823346381-4191098200-709037831-501 - Limited - Disabled) LIEM NGUYEN (S-1-5-21-3823346381-4191098200-709037831-1000 - Administrator - Enabled) => C:\Users\LIEM NGUYEN ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) AirMech (HKLM-x32\...\Steam App 206500) (Version: - Carbon Games) Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.5.0 - SlySoft) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden Avira Software Updater (HKLM-x32\...\{96CADA13-A19B-4270-A536-A280EA510DB0}) (Version: 1.2.3.493 - Avira Operations GmbH & Co. KG) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives) Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth) CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.) Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell System Detect (HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Geometry Dash (HKLM-x32\...\Steam App 322170) (Version: - RobTop Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.29.1145.0 - Hi-Rez Studios) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.330 - Qualcomm Atheros Communications) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John) ROBLOX Player for ERIJA (HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Warface (HKLM-x32\...\Steam App 291480) (Version: - Crytek) Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17346 - Microsoft Corporation) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3823346381-4191098200-709037831-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3823346381-4191098200-709037831-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ERIJA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3823346381-4191098200-709037831-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\ERIJA\AppData\Local\Roblox\Versions\version-e6d872d544b64cd9\RobloxProxy64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02DE26B4-A377-4D12-A504-281685355992} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-07-21] () Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {10C90DE2-9C69-4C4E-AEB1-9913F61DCBF2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {118B0C75-5C0C-433E-B6F6-FC8A11D30B49} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {14B348A8-C611-4083-AD0B-41C8D96F5EE4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {256F50D4-4B2F-4011-AE10-E0DF98F1E0AD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {39D9C48F-12CD-47A7-A5A3-67FD9D4D864A} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {4FE4EB4C-8550-4882-9C19-54B3763EEAF2} - System32\Tasks\{B0530FA4-306A-4536-BE5C-42FB4F6965A4} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {6427E100-AEAE-44E5-98F4-132AD23976CD} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {6A984B25-5FB5-47F5-8BB0-F5E15265F2B0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.) Task: {6C319D8B-DF05-4A80-9136-A0ABA12AC856} - System32\Tasks\{61654EBC-9141-4633-ABBF-19E303AAB640} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {774BEC63-7921-4B84-A33F-DC88A2597A95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-14] (Google Inc.) Task: {78F9B58D-4208-4149-86B8-1303B38A0DDC} - System32\Tasks\{1D5541E5-C298-4640-B930-9C4C23ACC291} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {A015D851-1E7C-439D-92A2-44EFF53100DA} - System32\Tasks\{524BD0D8-A3A7-479F-87C3-425B58345864} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {A42137A8-850E-477B-A8C7-39838E8FC453} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {AA0492E9-DA05-4EA9-9704-FA569B01DAFF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe [2016-09-03] (Microsoft Corporation) Task: {AA3E25D9-1FA3-4E11-8D06-8F8C582D1C38} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-07-21] () Task: {B0266B37-BE4A-4847-8CAA-65620B46F5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {B2E0C73E-B0A6-4A16-987E-59D3779961CD} - System32\Tasks\{353A4FF8-D3E2-498D-BBBA-1FB0BD9E27B2} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {B402C7AF-45A5-478C-A0FB-EC67AD8F31AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd) Task: {B9EBDEE4-0F1F-4136-BEA4-5460F63E6E49} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {BE33212A-9061-492C-A748-67CB386B6B2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-14] (Google Inc.) Task: {C15F102C-2BD9-4548-8417-76E2A12D1338} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {C51962EB-554C-4808-908B-3AD2A7A2F735} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {C9F9E6BE-EAE6-4EEA-8452-F96621EC7BD3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {D34537BA-56BC-453F-9987-753A7E8AE6D9} - System32\Tasks\{574243F6-E494-4573-B7AC-38DA2F9537C1} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {D9140CB1-A029-461F-9549-35CF6E945524} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {DA6ABE0D-CE90-45A8-9657-0C09734C0B6E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F77FADB6-39CF-40FD-B4D9-DA15457D14C9} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG) Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-31 21:15 - 2016-03-31 21:15 - 00076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe 2016-03-31 21:15 - 2016-03-31 21:15 - 00189248 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe 2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-03 00:57 - 2016-09-03 00:57 - 01864384 _____ () C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-07-16 04:42 - 2016-07-16 04:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2014-05-26 12:35 - 2015-12-19 01:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-07-16 04:42 - 2016-07-16 04:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-08-31 21:08 - 2016-08-19 21:54 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-08-31 21:08 - 2016-08-19 21:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-08-27 22:11 - 2014-08-27 22:11 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2016-08-14 02:25 - 2016-08-02 16:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-14 02:25 - 2016-08-02 16:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-08-04 17:08 - 2016-08-04 17:08 - 00959168 _____ () C:\Users\ERIJA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-08-30 16:48 - 2016-08-30 16:48 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-08-30 16:48 - 2016-08-30 16:48 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-08-30 16:48 - 2016-08-30 16:48 - 35288064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-09-03 00:57 - 2016-09-03 00:57 - 01383616 _____ () C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-09-03 00:57 - 2016-09-03 00:57 - 00118976 _____ () C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll 2014-01-13 08:03 - 2014-01-13 08:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2016-08-01 21:49 - 2013-12-09 14:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-01-05 10:17 - 2015-12-18 16:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-05-25 22:09 - 2012-11-25 07:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-02-26 10:07 - 2014-02-18 12:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\Windows\Themes\img8.jpg HKU\S-1-5-21-3823346381-4191098200-709037831-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ERIJA\Desktop\grow-up-2016-sd.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{175DDF5F-098B-4A16-ADA4-E61769490378}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{0A25E784-1B79-4C6F-B18C-AC4F8E958225}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{9A9B77CB-8C74-4064-BFD8-69A6B76CFEDB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{3A5C7E3A-122E-4201-A376-6B0258352AD6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{CCDB1DC2-DD18-489D-B9FF-B95F23465993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{54388938-252B-4196-BE77-B31C36F9B032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{4F7939D5-B943-4B95-8256-02BD180CCF0B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{C78F3914-D974-493F-9095-23CF2DB160D3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E4FCFC07-66E1-4E6E-88E8-508BEC1D8066}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CA9BAEE2-5ABE-4B93-8096-A9BBC38C60BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EAEC31B8-9034-43C1-B683-E84C387B977F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{01B013F2-68B5-43CE-BFF2-CE7DF8D98887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7BBE1D2B-9A36-4684-8372-D565F97FDFA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{8D8BDB9B-374D-45EE-811D-CEFFF2DF3DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{B63A0CC5-E9CF-4B0D-8318-DD72E142B877}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E4FE3CD6-B515-428C-ACFA-5D94E91C81D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{BC935798-751B-42E3-BD82-2A497768EE3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7F603EC3-F15D-452C-BB57-ABC46AA2456F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{64CC35E8-397A-48E7-AAFC-FCD734B2B028}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{FF579C10-5267-4CAB-814D-726671D44D35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A674C770-0107-4C8C-B4AF-7EAED0967FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{76D86D85-E142-4668-970D-FB7D00AAD03F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{158770CA-5A78-4A19-964B-9641CF833DDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{19B4A98E-7373-4A31-9A0A-5D3EA881DB3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [UDP Query User{DA5977CE-298B-469F-BAB2-6FDAA86CABEC}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe FirewallRules: [TCP Query User{C76D011A-92A0-439D-8AC8-4AC608F9003C}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe FirewallRules: [{801DDE3F-87E7-45B7-A00C-726CF1A492BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [{118AA381-069C-4B02-8EAB-673E5DE28908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [UDP Query User{366E2FC6-7ABA-4ADA-A80F-E3277EC17BC9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [TCP Query User{9A4948F2-69A2-4D86-8C78-839023B235C5}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{1A2545BC-03F0-4C0E-9C31-05FA0F8B0A64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe FirewallRules: [{3EFCD04D-2877-40CF-8595-0C2660121D32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe FirewallRules: [{9B790993-ADC1-4EAC-828A-353924C79126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{960C372B-4F58-468A-9BD9-0F44E89F6478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [UDP Query User{271EB4FB-FB23-4FDA-89AD-87C6A3CA0325}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{7525DB7B-67E3-48DD-BF1D-57325346B25E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{BE77F40B-A571-4496-A6DA-0661130C257D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{8B32046C-F96E-4FFE-B7EC-79217BEFDE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{A9793C35-8796-4EB0-A62F-8EC9F5552E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe FirewallRules: [{EC942967-810F-4794-AAF2-4F804AE40F96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe FirewallRules: [{5D150FB8-AF00-4015-806C-DD1D9C121265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{58F17D7A-D442-40D6-BBEB-BB3732891D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{1217505F-A451-45DF-A6DD-5C11C5C55CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{262F2880-E289-42ED-AE3D-72B7FFC920E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{031F7BC9-45AF-4F49-9BE8-FD3F70F17222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{0B99E47D-4E76-4D24-941B-F74646CF7B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{AED8CEEF-13DF-44C5-9EC5-56765231FF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{FF6EA7BB-7F4F-4405-87BE-CC55E9A524A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{BA5D16AC-B643-43E1-AB66-59875FF7BBA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{7E2D174D-0793-45D6-9627-A2C545CA7714}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{10C27F8C-F65E-47CF-AFA9-D004783CE77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe FirewallRules: [{AC64C34C-1992-4CEB-B61E-40A74EB76F1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe FirewallRules: [{96D374CB-8573-4EDE-B52C-B6D1578EF5D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{7D300C50-C8B4-42D4-98D7-C1458D28CBF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{F5AF9E06-9CD4-4BA5-81EB-9C9258E11BC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe FirewallRules: [{5D946ECF-B46B-40F1-8FCD-14ABA04A299B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe FirewallRules: [UDP Query User{623F1808-AE35-4F4F-9D15-3B5B0995025E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{BF31AF6C-165F-405E-8215-F091B0EE3FB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{B0029E4F-2594-47E1-82AA-B8F3CE206625}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{0836585C-54CE-4771-AB3A-4DED1EEAD280}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{C0561561-BA3B-4893-A58F-91D504A25CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{8BF9CE73-0C78-4F82-8DF4-9DF4DB46EF47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{B7955AFC-654D-443B-8330-A019B01D5B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{00C0010C-9706-4D47-A702-6C1F695D9053}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{CDF780CF-14B8-4BF0-A235-D9905C433345}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9568ED18-1D03-4C59-8C31-8E525E9AA98B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{5EB3A45E-BC9B-4CC1-9289-2845212616A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4E4504A2-79D1-49AD-8E9A-D90F74D8BCA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{75BAE1D9-613E-4A71-8C44-7E333ECB9467}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{9D3F91EE-F7E4-469E-B5DB-9E106C749D0A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{604E6A52-AAC5-471F-999C-545DB3F0F820}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{37A87796-B32C-42F8-A590-A224399D025D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{803335F7-07B5-4004-B363-2A143C7B6D21}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{09D7C69F-5E99-4867-A3CE-5E65F7C5CFB9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-08-2016 17:22:16 Scheduled Checkpoint 02-09-2016 04:03:21 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/03/2016 01:22:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OneDriveSetup.exe, version: 17.3.6517.809, time stamp: 0x57aa2071 Faulting module name: OneDriveSetup.exe, version: 17.3.6517.809, time stamp: 0x57aa2071 Exception code: 0xc0000409 Fault offset: 0x0008dd4d Faulting process id: 0x34f4 Faulting application start time: 0x01d205bc3987b626 Faulting application path: C:\Users\ERIJA\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe Faulting module path: C:\Users\ERIJA\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe Report Id: 77b33bd5-1d4e-415b-bdf0-e1317b4cd50f Faulting package full name: Faulting package-relative application ID: Error: (09/03/2016 01:12:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FAMILYPC) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147467259 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:03:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (09/01/2016 04:05:34 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/01/2016 04:05:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/01/2016 04:05:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. System errors: ============= Error: (09/03/2016 01:21:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2016 01:21:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2016 01:13:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2016 01:13:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2016 01:13:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WMPNetworkSvc service terminated with the following error: An attempt was made to reference a token that does not exist. Error: (09/03/2016 01:13:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HvHost service terminated with the following error: A device attached to the system is not functioning. Error: (09/03/2016 01:13:27 AM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (09/03/2016 01:12:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: The system cannot find the path specified. Error: (09/03/2016 01:12:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The system cannot find the path specified. Error: (09/03/2016 01:12:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The system cannot find the path specified. CodeIntegrity: =================================== Date: 2016-08-17 01:00:34.475 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 21% Total physical RAM: 16300.93 MB Available physical RAM: 12778.13 MB Total Virtual: 17324.93 MB Available Virtual: 13375.43 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:497.36 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:24.22 GB) (Free:13.66 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: ACAA7102) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=24.2 GB) - (Type=27) Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. Here is the fixlog, also was my Antivirus supposed to be disabled? Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by LIEM NGUYEN (03-09-2016 01:12:27) Run:9 Running from C:\Users\LIEM NGUYEN\Desktop Loaded Profiles: LIEM NGUYEN & BAXA & ERIJA & Administrator (Available Profiles: LIEM NGUYEN & BAXA & ERIJA & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [BingSvc] => C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-18] (© 2015 Microsoft Corporation) C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc R2 lggr; C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe [25088 2016-08-12] () [File not signed] C:\ProgramData\Microsoft\WindowsLogger C:\Program Files (x86)\SafeSavings EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc\BingSvc.exe => moved successfully C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc => moved successfully lggr => Unable to stop service. lggr => service removed successfully "C:\ProgramData\Microsoft\WindowsLogger" folder move: Could not move "C:\ProgramData\Microsoft\WindowsLogger" => Scheduled to move on reboot. C:\Program Files (x86)\SafeSavings => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11706951 B Java, Flash, Steam htmlcache => 23053575 B Windows/system/drivers => 586559 B Edge => 6567 B Chrome => 12253955 B Firefox => 7873971 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 16730 B NetworkService => 8536 B LIEM NGUYEN => 60618349 B BAXA => 11122990 B ERIJA => 494518344 B Administrator => 9090156 B RecycleBin => 0 B EmptyTemp: => 601.7 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-09-2016 01:13:49) C:\ProgramData\Microsoft\WindowsLogger => moved successfully ==== End of Fixlog 01:13:50 ====
  6. Sorry for the long wait, had to deal with some real life events. Anyways, here are the logs. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by LIEM NGUYEN (administrator) on FAMILYPC (03-09-2016 00:59:37) Running from C:\Users\ERIJA\Desktop Loaded Profiles: LIEM NGUYEN & BAXA & ERIJA & Administrator (Available Profiles: LIEM NGUYEN & BAXA & ERIJA & Administrator) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe () C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (© 2015 Microsoft Corporation) C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc\BingSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [402344 2015-12-19] () HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-08-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-08-27] (Qualcomm®Atheros®) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-11-12] (SlySoft, Inc.) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [BingSvc] => C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-18] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3823346381-4191098200-709037831-1001\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3823346381-4191098200-709037831-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-07-21] (Nota Inc.) HKU\S-1-5-18\...\Run: [EPSON5BC0D3 (WorkForce 630)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => No File ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => No File Startup: C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk [2015-09-30] ShortcutTarget: Epson all-in-one Registration.lnk -> D:\Common\EpsonReg\EpsonReg.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{f9b16864-efa2-4723-a2b8-5552dea9c1f7}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3823346381-4191098200-709037831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2L&ocid=SK2LDHP&osmkt=en-us HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3823346381-4191098200-709037831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3823346381-4191098200-709037831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3823346381-4191098200-709037831-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3823346381-4191098200-709037831-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3823346381-4191098200-709037831-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3823346381-4191098200-709037831-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB URLSearchHook: HKU\S-1-5-21-3823346381-4191098200-709037831-1000 - (No Name) - {51518165-4261-4988-8d29-95b57e6851d7} - No File SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1000 -> DefaultScope {A4B9D40B-6820-4883-B71D-DC2DF94E87E9} URL = SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1000 -> {D9CD4853-F462-407A-8E7F-B75A6779258F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1001 -> DefaultScope {A4B9D40B-6820-4883-B71D-DC2DF94E87E9} URL = SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1001 -> {A4B9D40B-6820-4883-B71D-DC2DF94E87E9} URL = SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1002 -> DefaultScope {27B17EFE-86D8-428D-AF0C-A0FCAEAB57CE} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151110&p={searchTerms} SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1002 -> {27B17EFE-86D8-428D-AF0C-A0FCAEAB57CE} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20151110&p={searchTerms} SearchScopes: HKU\S-1-5-21-3823346381-4191098200-709037831-1002 -> {A4B9D40B-6820-4883-B71D-DC2DF94E87E9} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation) Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine.US: Yahoo Web FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=SK2L&ocid=SK2LDHP&osmkt=en-us hxxps://www.yahoo.com/?type=orcl_hpset FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2LDF&PC=SK2L&q= FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.) FF Plugin HKU\S-1-5-21-3823346381-4191098200-709037831-1002: @nsroblox.roblox.com/launcher -> C:\Users\ERIJA\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3823346381-4191098200-709037831-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\ERIJA\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF SearchPlugin: C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default\searchplugins\bing-.xml [2015-12-18] FF SearchPlugin: C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default\searchplugins\yahoo-ysp.xml [2015-11-19] FF Extension: (Bing Search) - C:\Users\LIEM NGUYEN\AppData\Roaming\Mozilla\Firefox\Profiles\ukqedkqa.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-18] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Yahoo Partner) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-09-03] CHR Extension: (Google Slides) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-03] CHR Extension: (Google Docs) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-03] CHR Extension: (Google Drive) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-03] CHR Extension: (YouTube) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-03] CHR Extension: (Bing) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-03] CHR Extension: (Google Sheets) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-03] CHR Extension: (Avira Browser Safety) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-03] CHR Extension: (Google Docs Offline) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-03] CHR Extension: (Skype) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-03] CHR Extension: (Gmail) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-03] CHR Extension: (Chrome Media Router) - C:\Users\LIEM NGUYEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03] CHR HKU\S-1-5-21-3823346381-4191098200-709037831-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [988184 2016-08-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-08-25] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-08-27] (Windows (R) Win 7 DDK provider) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-08-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-11-07] (EasyAntiCheat Ltd) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-07-12] (Hi-Rez Studios) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-06-10] (Microsoft Corporation) [File not signed] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-26] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-26] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 lggr; C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe [25088 2016-08-12] () [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-03-31] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2016-03-31] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.) S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-08-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-08-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-08-04] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-08-27] (Qualcomm Atheros) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-08-16] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-16] (Zemana Ltd.) U3 idsvc; no ImagePath S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 00:57 - 2016-09-03 00:57 - 00003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-09-01 01:12 - 2016-09-01 01:12 - 00000000 ____D C:\Program Files (x86)\SafeSavings 2016-09-01 00:28 - 2016-09-01 00:28 - 01153912 _____ (Emsi Software GmbH) C:\Users\ERIJA\Downloads\BlitzBlank.exe 2016-09-01 00:28 - 2016-09-01 00:28 - 01153912 _____ (Emsi Software GmbH) C:\Users\ERIJA\Desktop\BlitzBlank.exe 2016-08-31 23:02 - 2016-08-31 23:02 - 00000405 _____ C:\Users\ERIJA\Downloads\Fixlog.txt 2016-08-31 23:02 - 2016-08-31 23:02 - 00000405 _____ C:\Users\ERIJA\Downloads\Fixlog (1).txt 2016-08-31 22:49 - 2016-08-31 22:49 - 00000110 _____ C:\Users\ERIJA\Downloads\fixlist (7).txt 2016-08-31 22:30 - 2016-08-31 22:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-08-31 21:09 - 2016-08-26 22:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-08-31 21:09 - 2016-08-26 22:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-08-31 21:09 - 2016-08-26 21:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-08-31 21:09 - 2016-08-26 21:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-08-31 21:09 - 2016-08-26 21:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-08-31 21:09 - 2016-08-26 21:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-08-31 21:09 - 2016-08-26 21:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-08-31 21:09 - 2016-08-26 21:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-08-31 21:09 - 2016-08-26 21:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-08-31 21:09 - 2016-08-19 23:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-31 21:09 - 2016-08-19 23:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-08-31 21:09 - 2016-08-19 22:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-31 21:09 - 2016-08-19 22:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-08-31 21:09 - 2016-08-19 22:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-31 21:09 - 2016-08-19 22:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-31 21:09 - 2016-08-19 22:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-08-31 21:09 - 2016-08-19 22:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-08-31 21:09 - 2016-08-19 22:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-08-31 21:09 - 2016-08-19 22:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-08-31 21:09 - 2016-08-19 22:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-08-31 21:09 - 2016-08-19 22:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-31 21:09 - 2016-08-19 22:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-08-31 21:09 - 2016-08-19 22:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-08-31 21:09 - 2016-08-19 22:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-08-31 21:09 - 2016-08-19 22:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-08-31 21:09 - 2016-08-19 22:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-08-31 21:09 - 2016-08-19 22:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-31 21:09 - 2016-08-19 22:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-08-31 21:09 - 2016-08-19 22:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-08-31 21:09 - 2016-08-19 22:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-08-31 21:09 - 2016-08-19 22:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-08-31 21:09 - 2016-08-19 22:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-31 21:09 - 2016-08-19 22:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-08-31 21:09 - 2016-08-19 22:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-08-31 21:09 - 2016-08-19 22:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-08-31 21:09 - 2016-08-19 22:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-08-31 21:09 - 2016-08-19 22:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-08-31 21:09 - 2016-08-19 22:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-08-31 21:09 - 2016-08-19 22:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-08-31 21:09 - 2016-08-19 22:18 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-08-31 21:09 - 2016-08-19 22:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys 2016-08-31 21:09 - 2016-08-19 22:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-08-31 21:09 - 2016-08-19 22:15 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-08-31 21:09 - 2016-08-19 22:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-08-31 21:09 - 2016-08-19 22:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-08-31 21:09 - 2016-08-19 22:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-08-31 21:09 - 2016-08-19 22:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-31 21:09 - 2016-08-19 22:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-08-31 21:09 - 2016-08-19 22:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-08-31 21:09 - 2016-08-19 22:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-08-31 21:09 - 2016-08-19 22:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-08-31 21:09 - 2016-08-19 22:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-08-31 21:09 - 2016-08-19 22:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-08-31 21:09 - 2016-08-19 22:11 - 00965120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-08-31 21:09 - 2016-08-19 22:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-08-31 21:09 - 2016-08-19 22:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-08-31 21:09 - 2016-08-19 22:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-08-31 21:09 - 2016-08-19 22:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-08-31 21:09 - 2016-08-19 22:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-08-31 21:09 - 2016-08-19 22:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-08-31 21:09 - 2016-08-19 22:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-08-31 21:09 - 2016-08-19 22:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-08-31 21:09 - 2016-08-19 22:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-08-31 21:09 - 2016-08-19 22:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-08-31 21:09 - 2016-08-19 22:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-31 21:09 - 2016-08-19 22:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-08-31 21:09 - 2016-08-19 22:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-08-31 21:09 - 2016-08-19 22:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-08-31 21:09 - 2016-08-19 22:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-08-31 21:09 - 2016-08-19 22:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-08-31 21:09 - 2016-08-19 22:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-08-31 21:09 - 2016-08-19 22:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-31 21:09 - 2016-08-19 22:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-31 21:09 - 2016-08-19 21:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-08-31 21:09 - 2016-08-19 21:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-31 21:09 - 2016-08-19 21:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-08-31 21:09 - 2016-08-19 21:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-31 21:09 - 2016-08-19 21:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-31 21:09 - 2016-08-19 21:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-08-31 21:09 - 2016-08-19 21:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-31 21:09 - 2016-08-19 21:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-08-31 21:08 - 2016-08-27 05:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-08-31 21:08 - 2016-08-27 02:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-08-31 21:08 - 2016-08-26 21:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-08-31 21:08 - 2016-08-26 21:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-08-31 21:08 - 2016-08-19 23:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-08-31 21:08 - 2016-08-19 23:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-08-31 21:08 - 2016-08-19 23:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-08-31 21:08 - 2016-08-19 23:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-08-31 21:08 - 2016-08-19 23:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-31 21:08 - 2016-08-19 23:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-08-31 21:08 - 2016-08-19 23:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-08-31 21:08 - 2016-08-19 23:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-08-31 21:08 - 2016-08-19 23:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-08-31 21:08 - 2016-08-19 22:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-08-31 21:08 - 2016-08-19 22:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-08-31 21:08 - 2016-08-19 22:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-31 21:08 - 2016-08-19 22:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-08-31 21:08 - 2016-08-19 22:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-08-31 21:08 - 2016-08-19 22:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-08-31 21:08 - 2016-08-19 22:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-08-31 21:08 - 2016-08-19 22:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-31 21:08 - 2016-08-19 22:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-08-31 21:08 - 2016-08-19 22:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-08-31 21:08 - 2016-08-19 22:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-08-31 21:08 - 2016-08-19 22:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-08-31 21:08 - 2016-08-19 22:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-08-31 21:08 - 2016-08-19 22:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-08-31 21:08 - 2016-08-19 22:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-31 21:08 - 2016-08-19 22:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-08-31 21:08 - 2016-08-19 22:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-08-31 21:08 - 2016-08-19 22:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-08-31 21:08 - 2016-08-19 22:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-08-31 21:08 - 2016-08-19 22:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-08-31 21:08 - 2016-08-19 22:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-08-31 21:08 - 2016-08-19 22:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-08-31 21:08 - 2016-08-19 22:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-08-31 21:08 - 2016-08-19 22:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-08-31 21:08 - 2016-08-19 22:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-31 21:08 - 2016-08-19 22:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-08-31 21:08 - 2016-08-19 22:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-08-31 21:08 - 2016-08-19 22:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-31 21:08 - 2016-08-19 22:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-08-31 21:08 - 2016-08-19 22:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-08-31 21:08 - 2016-08-19 22:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-08-31 21:08 - 2016-08-19 22:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-08-31 21:08 - 2016-08-19 22:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-08-31 21:08 - 2016-08-19 22:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-08-31 21:08 - 2016-08-19 22:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-08-31 21:08 - 2016-08-19 22:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-08-31 21:08 - 2016-08-19 22:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-08-31 21:08 - 2016-08-19 22:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-08-31 21:08 - 2016-08-19 22:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-08-31 21:08 - 2016-08-19 22:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-31 21:08 - 2016-08-19 22:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-08-31 21:08 - 2016-08-19 22:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-08-31 21:08 - 2016-08-19 22:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-08-31 21:08 - 2016-08-19 22:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-08-31 21:08 - 2016-08-19 22:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-08-31 21:08 - 2016-08-19 22:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-31 21:08 - 2016-08-19 22:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-08-31 21:08 - 2016-08-19 22:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-08-31 21:08 - 2016-08-19 22:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-08-31 21:08 - 2016-08-19 22:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-08-31 21:08 - 2016-08-19 22:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-08-31 21:08 - 2016-08-19 22:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-08-31 21:08 - 2016-08-19 22:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-08-31 21:08 - 2016-08-19 22:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-08-31 21:08 - 2016-08-19 22:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-08-31 21:08 - 2016-08-19 22:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-08-31 21:08 - 2016-08-19 22:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-08-31 21:08 - 2016-08-19 22:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-08-31 21:08 - 2016-08-19 22:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-08-31 21:08 - 2016-08-19 22:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-08-31 21:08 - 2016-08-19 22:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-08-31 21:08 - 2016-08-19 22:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-08-31 21:08 - 2016-08-19 22:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-08-31 21:08 - 2016-08-19 22:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-08-31 21:08 - 2016-08-19 22:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-08-31 21:08 - 2016-08-19 22:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-08-31 21:08 - 2016-08-19 22:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-08-31 21:08 - 2016-08-19 22:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-08-31 21:08 - 2016-08-19 22:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-08-31 21:08 - 2016-08-19 21:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-08-31 21:08 - 2016-08-19 21:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-08-31 21:08 - 2016-08-19 21:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-08-31 21:08 - 2016-08-19 21:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-31 21:08 - 2016-08-19 21:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-31 21:08 - 2016-08-19 21:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-08-31 21:08 - 2016-08-19 21:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-08-31 21:08 - 2016-08-19 21:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-08-31 21:08 - 2016-08-19 21:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-31 21:08 - 2016-08-19 21:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-08-31 21:08 - 2016-08-19 21:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-08-31 21:08 - 2016-08-19 21:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-08-31 21:08 - 2016-08-19 21:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-31 21:08 - 2016-08-19 21:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-08-31 21:08 - 2016-08-19 21:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-08-31 21:08 - 2016-08-18 18:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-08-30 22:13 - 2016-08-30 22:13 - 00017558 _____ C:\Users\ERIJA\AppData\Local\recently-used.xbel 2016-08-29 02:11 - 2016-08-29 02:11 - 00000200 _____ C:\Users\ERIJA\Downloads\fixlist (6).txt 2016-08-28 02:25 - 2016-08-28 02:25 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware 2016-08-26 19:55 - 2016-08-26 19:55 - 00009507 _____ C:\Users\ERIJA\Desktop\CCleaner Reg Backup.zip 2016-08-26 19:45 - 2016-08-26 19:46 - 00000000 ____D C:\Users\ERIJA\Desktop\CCleaner Reg Backup 2016-08-26 19:41 - 2016-08-26 19:41 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-08-26 19:41 - 2016-08-26 19:41 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-08-26 19:41 - 2016-08-26 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-08-26 19:41 - 2016-08-26 19:41 - 00000000 ____D C:\Program Files\CCleaner 2016-08-26 19:40 - 2016-08-26 19:40 - 05901584 _____ (Piriform Ltd) C:\Users\ERIJA\Downloads\ccsetup521_slim.exe 2016-08-26 01:05 - 2016-08-26 01:05 - 00002153 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk 2016-08-25 01:05 - 2016-08-25 01:05 - 15419469 _____ C:\Users\ERIJA\Downloads\creed 1.zip 2016-08-25 01:04 - 2016-08-25 01:04 - 15419469 _____ C:\Users\ERIJA\Desktop\creed 1.zip 2016-08-25 01:04 - 2016-08-25 01:04 - 01381184 _____ C:\Users\ERIJA\Desktop\creed 2.zip 2016-08-25 01:03 - 2016-08-25 01:03 - 17064980 _____ C:\Users\ERIJA\Desktop\creed 2.reg 2016-08-25 01:02 - 2016-08-25 01:02 - 198972598 _____ C:\Users\ERIJA\Desktop\creed 1.reg 2016-08-24 01:10 - 2016-08-24 01:10 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2016-08-24 01:10 - 2016-08-24 01:10 - 00000000 ____D C:\Program Files\Unlocker 2016-08-24 01:09 - 2016-08-24 01:09 - 01078591 _____ C:\Users\ERIJA\Downloads\Unlocker1.9.2.exe 2016-08-23 12:14 - 2016-08-05 21:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-08-23 12:14 - 2016-08-05 21:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-08-23 12:14 - 2016-08-05 21:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-08-23 12:14 - 2016-08-05 21:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-08-23 12:14 - 2016-08-05 21:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-23 12:14 - 2016-08-05 21:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-08-23 12:14 - 2016-08-05 21:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-08-23 12:14 - 2016-08-05 21:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-08-23 12:14 - 2016-08-05 21:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-08-23 12:14 - 2016-08-05 21:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-23 12:14 - 2016-08-05 21:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-08-23 12:14 - 2016-08-05 21:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-08-23 12:14 - 2016-08-05 21:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-23 12:14 - 2016-08-05 21:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-23 12:14 - 2016-08-05 21:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-23 12:14 - 2016-08-05 21:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-23 12:14 - 2016-08-05 21:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-08-23 12:14 - 2016-08-05 21:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-08-23 12:14 - 2016-08-05 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-08-23 12:14 - 2016-08-05 20:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-08-23 12:14 - 2016-08-05 20:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-08-23 12:14 - 2016-08-05 20:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-08-23 12:14 - 2016-08-05 20:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-08-23 12:14 - 2016-08-05 20:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-08-23 12:14 - 2016-08-05 20:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-08-23 12:14 - 2016-08-05 20:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-08-23 12:14 - 2016-08-05 20:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-08-23 12:14 - 2016-08-05 20:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-08-23 12:14 - 2016-08-05 20:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-08-23 12:14 - 2016-08-05 20:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-08-23 12:14 - 2016-08-05 20:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-23 12:14 - 2016-08-05 20:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-08-23 12:14 - 2016-08-05 20:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-08-23 12:14 - 2016-08-05 20:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-08-23 12:14 - 2016-08-05 20:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-08-23 12:14 - 2016-08-05 20:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-08-23 12:14 - 2016-08-05 20:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-08-23 12:14 - 2016-08-05 20:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-23 12:14 - 2016-08-05 20:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-23 12:14 - 2016-08-05 20:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-23 12:14 - 2016-08-05 20:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-08-23 12:14 - 2016-08-05 20:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-08-23 12:14 - 2016-08-05 20:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-23 12:14 - 2016-08-05 20:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-08-23 12:14 - 2016-08-05 20:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-23 12:14 - 2016-08-05 20:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-08-23 12:14 - 2016-08-05 20:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-08-23 12:14 - 2016-08-05 20:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-08-23 12:14 - 2016-08-05 20:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-23 12:14 - 2016-08-05 20:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-23 12:14 - 2016-08-05 20:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-08-23 12:14 - 2016-08-05 20:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-23 12:14 - 2016-08-05 20:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-23 12:14 - 2016-08-05 20:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-08-23 12:14 - 2016-08-05 20:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-08-23 12:14 - 2016-08-05 20:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-08-23 12:14 - 2016-08-05 20:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-08-23 12:14 - 2016-08-05 20:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-08-23 12:14 - 2016-08-05 20:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-08-23 12:14 - 2016-08-05 02:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-08-23 12:14 - 2016-08-05 02:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-08-23 12:14 - 2016-08-05 02:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-08-23 12:14 - 2016-08-05 02:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-08-23 12:14 - 2016-08-05 01:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-08-23 12:14 - 2016-08-05 01:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-08-23 12:14 - 2016-08-05 01:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-08-23 12:14 - 2016-08-05 01:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-08-23 12:14 - 2016-08-05 01:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-08-23 12:14 - 2016-08-05 01:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-08-23 12:13 - 2016-08-05 21:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-08-23 12:13 - 2016-08-05 21:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-08-23 12:13 - 2016-08-05 21:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-23 12:13 - 2016-08-05 21:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-23 12:13 - 2016-08-05 21:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-23 12:13 - 2016-08-05 21:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-08-23 12:13 - 2016-08-05 21:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-08-23 12:13 - 2016-08-05 21:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-08-23 12:13 - 2016-08-05 21:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-08-23 12:13 - 2016-08-05 21:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-23 12:13 - 2016-08-05 21:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-08-23 12:13 - 2016-08-05 21:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-08-23 12:13 - 2016-08-05 21:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-23 12:13 - 2016-08-05 21:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-23 12:13 - 2016-08-05 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-08-23 12:13 - 2016-08-05 20:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-08-23 12:13 - 2016-08-05 20:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-08-23 12:13 - 2016-08-05 20:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-08-23 12:13 - 2016-08-05 20:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-08-23 12:13 - 2016-08-05 20:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-08-23 12:13 - 2016-08-05 20:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-08-23 12:13 - 2016-08-05 20:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-08-23 12:13 - 2016-08-05 20:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-08-23 12:13 - 2016-08-05 20:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-08-23 12:13 - 2016-08-05 20:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-08-23 12:13 - 2016-08-05 20:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-08-23 12:13 - 2016-08-05 20:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-08-23 12:13 - 2016-08-05 20:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-08-23 12:13 - 2016-08-05 20:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-08-23 12:13 - 2016-08-05 20:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-08-23 12:13 - 2016-08-05 20:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-08-23 12:13 - 2016-08-05 20:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-08-23 12:13 - 2016-08-05 20:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-08-23 12:13 - 2016-08-05 20:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-08-23 12:13 - 2016-08-05 20:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-08-23 12:13 - 2016-08-05 20:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-08-23 12:13 - 2016-08-05 20:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-08-23 12:13 - 2016-08-05 20:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-08-23 12:13 - 2016-08-05 20:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-08-23 12:13 - 2016-08-05 20:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-23 12:13 - 2016-08-05 20:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-08-23 12:13 - 2016-08-05 20:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-08-23 12:13 - 2016-08-05 20:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-08-23 12:13 - 2016-08-05 20:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-23 12:13 - 2016-08-05 20:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-23 12:13 - 2016-08-05 20:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-23 12:13 - 2016-08-05 20:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-23 12:13 - 2016-08-05 20:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-08-23 12:13 - 2016-08-05 20:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-08-23 12:13 - 2016-08-05 01:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-08-23 12:13 - 2016-08-05 01:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-08-22 23:11 - 2016-08-22 23:11 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Remove_Empty_Directories 2016-08-22 23:07 - 2016-08-22 23:07 - 00404482 _____ (Jonas John ) C:\Users\ERIJA\Downloads\red-v2.2-setup.exe 2016-08-22 23:07 - 2016-08-22 23:07 - 00001166 _____ C:\Users\Public\Desktop\Remove Empty Directories.lnk 2016-08-22 23:07 - 2016-08-22 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remove Empty Directories 2016-08-22 23:07 - 2016-08-22 23:07 - 00000000 ____D C:\Program Files (x86)\Remove Empty Directories 2016-08-21 15:56 - 2016-08-21 15:56 - 00000000 ____D C:\Users\ERIJA\Desktop\New folder (2) 2016-08-21 15:55 - 2016-08-21 15:55 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ERIJA\Downloads\mbar-1.09.3.1001 (1).exe 2016-08-21 14:57 - 2016-08-21 14:57 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2016-08-21 13:04 - 2016-08-21 13:04 - 00001434 _____ C:\Users\ERIJA\Desktop\FRST64 - Shortcut.lnk 2016-08-21 13:04 - 2016-08-21 13:04 - 00001434 _____ C:\Users\ERIJA\Desktop\FRST64 - Shortcut (2).lnk 2016-08-21 00:42 - 2016-08-21 13:07 - 00050987 _____ C:\Users\ERIJA\Desktop\Addition.txt 2016-08-21 00:40 - 2016-09-03 00:59 - 00028984 _____ C:\Users\ERIJA\Desktop\FRST.txt 2016-08-21 00:36 - 2016-08-21 00:36 - 00000000 ____D C:\WINDOWS\Panther 2016-08-20 01:01 - 2016-08-20 01:01 - 00000144 _____ C:\Users\ERIJA\Downloads\fixlist (5).txt 2016-08-17 15:37 - 2016-09-03 00:56 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-08-17 15:34 - 2016-08-17 15:34 - 00000000 _____ C:\WINDOWS\EEventManager.INI 2016-08-17 15:33 - 2016-08-17 15:33 - 00002389 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-17 15:33 - 2016-08-17 15:33 - 00000000 ___RD C:\Users\Administrator\OneDrive 2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Folder 2016-08-17 15:31 - 2016-08-17 15:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\BMExplorer 2016-08-17 15:30 - 2016-08-17 15:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Epson 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Atheros 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana 2016-08-17 15:29 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn 2016-08-17 15:28 - 2016-08-17 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages 2016-08-17 15:28 - 2016-08-17 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2016-08-17 15:28 - 2016-08-17 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-08-17 15:27 - 2016-08-17 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi 2016-08-17 15:27 - 2016-08-17 15:37 - 00000000 ____D C:\Users\Administrator 2016-08-17 15:27 - 2016-08-17 15:36 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles 2016-08-17 15:27 - 2016-08-17 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2016-08-17 15:27 - 2016-08-17 15:27 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\My Documents 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music 2016-08-17 15:27 - 2016-08-17 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer 2016-08-17 15:27 - 2016-08-13 22:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2016-08-17 15:27 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs 2016-08-17 14:26 - 2016-08-17 14:26 - 00007098 _____ C:\Users\ERIJA\Desktop\F7.reg 2016-08-17 14:24 - 2016-08-17 14:24 - 00000414 _____ C:\Users\ERIJA\Desktop\svchostnode.reg 2016-08-17 14:24 - 2016-08-17 14:24 - 00000384 _____ C:\Users\ERIJA\Desktop\MsMpEngNode.reg 2016-08-17 14:21 - 2016-08-17 14:21 - 00000390 _____ C:\Users\ERIJA\Desktop\svchost.reg 2016-08-17 14:19 - 2016-08-17 14:19 - 00000360 _____ C:\Users\ERIJA\Desktop\MsMpEng.reg 2016-08-17 10:22 - 2016-08-17 10:22 - 00002142 _____ C:\Users\ERIJA\Downloads\post-131616-0-43868400-1362501503.ipb 2016-08-17 08:49 - 2016-08-17 08:49 - 00002058 _____ C:\Users\LIEM NGUYEN\Desktop\Add_Take_Ownership_to_context_menu.reg 2016-08-17 00:37 - 2016-08-17 00:37 - 00003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2016-08-16 16:46 - 2016-08-16 16:46 - 00000000 ____D C:\Users\ERIJA\Desktop\New folder 2016-08-16 16:36 - 2016-08-16 16:43 - 27326629 _____ C:\Users\ERIJA\Downloads\tweaking.com_windows_repair_aio.zip 2016-08-16 16:12 - 2016-08-16 16:12 - 00002058 _____ C:\Users\ERIJA\Downloads\Add_Take_Ownership_to_context_menu.reg 2016-08-16 16:12 - 2016-08-16 16:12 - 00002058 _____ C:\Users\ERIJA\Desktop\Add_Take_Ownership_to_context_menu.reg 2016-08-16 15:56 - 2016-08-16 15:56 - 00000280 _____ C:\Users\ERIJA\Downloads\fixlist (4).txt 2016-08-16 15:37 - 2016-08-16 15:37 - 00000126 _____ C:\Users\ERIJA\Downloads\fixlist (3).txt 2016-08-16 15:36 - 2016-08-16 15:36 - 00000126 _____ C:\Users\ERIJA\Downloads\fixlist (2).txt 2016-08-16 15:29 - 2016-08-29 02:12 - 00000000 ____D C:\Users\ERIJA\Desktop\Old Logs 2016-08-16 15:28 - 2016-08-16 15:28 - 00000124 _____ C:\Users\ERIJA\Downloads\fixlist (1).txt 2016-08-16 03:36 - 2016-08-16 03:36 - 00803729 _____ C:\Users\ERIJA\Desktop\CBS logs.zip 2016-08-16 03:01 - 2016-08-16 03:01 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Zemana 2016-08-16 02:52 - 2016-08-16 02:52 - 00000805 _____ C:\Users\LIEM NGUYEN\Desktop\Zemana Logs.txt 2016-08-16 02:22 - 2016-09-03 00:59 - 00846512 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-08-16 02:22 - 2016-09-03 00:59 - 00476314 _____ C:\WINDOWS\ZAM.krnl.trace 2016-08-16 02:22 - 2016-08-16 02:22 - 05700024 _____ ( ) C:\Users\ERIJA\Downloads\Zemana.AntiMalware.Setup.exe 2016-08-16 02:22 - 2016-08-16 02:22 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2016-08-16 02:22 - 2016-08-16 02:22 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2016-08-16 02:22 - 2016-08-16 02:22 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-08-16 02:22 - 2016-08-16 02:22 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Zemana 2016-08-16 02:22 - 2016-08-16 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-08-16 02:22 - 2016-08-16 02:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-08-15 15:57 - 2016-08-15 15:57 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-08-15 15:57 - 2016-08-15 15:57 - 00000000 ____D C:\ProgramData\Sophos 2016-08-15 15:57 - 2016-08-15 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-08-15 15:57 - 2016-08-15 15:57 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-08-15 15:55 - 2016-08-15 20:58 - 00001390 _____ C:\Users\LIEM NGUYEN\Desktop\JRT.txt 2016-08-15 15:15 - 2016-08-15 15:56 - 150952808 _____ (Sophos Limited) C:\Users\ERIJA\Desktop\Sophos Virus Removal Tool.exe 2016-08-15 15:11 - 2016-08-15 15:53 - 01610560 _____ (Malwarebytes) C:\Users\ERIJA\Desktop\JRT.exe 2016-08-15 15:11 - 2016-08-15 15:11 - 00002546 _____ C:\Users\ERIJA\Downloads\Fixlist.txt 2016-08-15 15:10 - 2016-08-15 15:11 - 150952808 _____ (Sophos Limited) C:\Users\ERIJA\Downloads\Sophos Virus Removal Tool.exe 2016-08-15 15:10 - 2016-08-15 15:10 - 01610560 _____ (Malwarebytes) C:\Users\ERIJA\Downloads\JRT.exe 2016-08-15 10:50 - 2016-09-03 00:58 - 00000000 ____D C:\Users\ERIJA\Desktop\FRST-OlderVersion 2016-08-15 10:40 - 2016-09-03 00:59 - 00000000 ____D C:\FRST 2016-08-15 10:39 - 2016-09-03 00:58 - 02397696 _____ (Farbar) C:\Users\LIEM NGUYEN\Desktop\FRST64.exe 2016-08-15 10:39 - 2016-08-15 10:39 - 02394624 _____ (Farbar) C:\Users\ERIJA\Downloads\FRST64.exe 2016-08-15 09:58 - 2016-08-16 01:13 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09A708BC-E5C0-462C-9110-B743AB2AE0B9} 2016-08-15 09:22 - 2016-08-15 09:22 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-FAMILYPC-Windows-10-Pro-(64-bit).dat 2016-08-15 09:13 - 2016-08-15 09:22 - 00000000 ____D C:\RegBackup 2016-08-15 09:11 - 2016-08-15 09:11 - 03251071 _____ C:\Users\ERIJA\Downloads\tweaking.com_registry_backup_portable.zip 2016-08-15 09:10 - 2016-08-15 09:39 - 00003870 _____ C:\Users\LIEM NGUYEN\Desktop\Rkill Log.txt 2016-08-15 08:46 - 2016-08-16 03:16 - 00003868 _____ C:\Users\LIEM NGUYEN\Desktop\Rkill.txt 2016-08-15 08:46 - 2016-08-15 08:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ERIJA\Downloads\rkill.exe 2016-08-15 08:46 - 2016-08-15 08:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ERIJA\Desktop\rkill.exe 2016-08-14 10:10 - 2016-08-14 10:30 - 00000000 ____D C:\WINDOWS\pss 2016-08-14 02:25 - 2016-08-15 08:45 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-08-14 02:25 - 2016-08-15 08:45 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-08-14 02:25 - 2016-08-15 08:45 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-14 02:25 - 2016-08-15 08:45 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-14 02:25 - 2016-08-14 02:25 - 00987728 _____ (Google Inc.) C:\Users\ERIJA\Desktop\ChromeSetup.exe 2016-08-14 02:25 - 2016-08-14 02:25 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-14 02:25 - 2016-08-14 02:25 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-14 01:12 - 2016-08-14 01:12 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\PeerDistRepub 2016-08-14 01:10 - 2016-08-14 02:11 - 00000000 ____D C:\AdwCleaner 2016-08-14 01:09 - 2016-08-14 01:09 - 03784256 _____ C:\Users\ERIJA\Downloads\adwcleaner_6.000.exe 2016-08-13 22:58 - 2016-08-13 22:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe 2016-08-13 22:58 - 2016-08-13 22:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe 2016-08-13 22:56 - 2016-08-13 22:56 - 00000003 _____ C:\Users\ERIJA\Downloads\2.txt 2016-08-13 22:56 - 2016-08-13 22:56 - 00000003 _____ C:\Users\ERIJA\Downloads\1.txt 2016-08-13 17:44 - 2016-08-13 17:44 - 00000043 _____ C:\Users\ERIJA\.gtk-bookmarks 2016-08-12 11:51 - 2016-08-27 19:26 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2016-08-12 11:51 - 2016-08-12 11:51 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (14).exe 2016-08-12 11:47 - 2016-08-12 11:47 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (13).exe 2016-08-12 11:47 - 2016-08-12 11:47 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (12).exe 2016-08-12 11:41 - 2016-08-12 11:41 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (11).exe 2016-08-12 11:23 - 2016-08-12 11:23 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (10).exe 2016-08-11 23:52 - 2016-08-11 23:52 - 00000000 ____D C:\Users\BAXA\AppData\Local\Comms 2016-08-11 23:50 - 2016-08-11 23:50 - 00000000 __SHD C:\Users\BAXA\IntelGraphicsProfiles 2016-08-11 20:33 - 2016-08-11 20:33 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (9).exe 2016-08-11 20:29 - 2016-08-11 20:29 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (8).exe 2016-08-11 20:24 - 2016-08-11 20:24 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (7).exe 2016-08-11 20:23 - 2016-08-11 20:23 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (6).exe 2016-08-11 20:21 - 2016-08-11 20:21 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (5).exe 2016-08-11 20:17 - 2016-08-11 20:17 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (4).exe 2016-08-11 20:16 - 2016-08-11 20:16 - 01059832 _____ (ROBLOX Corporation) C:\Users\ERIJA\Downloads\RobloxPlayerLauncher (3).exe 2016-08-10 10:48 - 2016-08-02 01:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-08-10 10:48 - 2016-08-02 01:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-08-10 10:48 - 2016-08-02 00:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:48 - 2016-08-01 21:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-09 08:35 - 2016-08-09 08:35 - 00000000 ____D C:\Users\ERIJA\AppData\Local\webkit 2016-08-09 08:31 - 2016-08-30 21:17 - 00000000 ____D C:\Users\ERIJA\AppData\Local\gtk-2.0 2016-08-09 08:31 - 2016-08-09 08:31 - 00000000 ____D C:\Users\ERIJA\.thumbnails 2016-08-09 08:15 - 2016-08-31 20:42 - 00000000 ____D C:\Users\ERIJA\.gimp-2.8 2016-08-09 08:15 - 2016-08-09 08:15 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2016-08-09 08:15 - 2016-08-09 08:15 - 00000000 ____D C:\Users\ERIJA\AppData\Local\gegl-0.2 2016-08-09 08:15 - 2016-08-09 08:15 - 00000000 ____D C:\Program Files\GIMP 2 2016-08-09 08:03 - 2016-08-09 08:07 - 77404656 _____ (The GIMP Team ) C:\Users\ERIJA\Downloads\gimp-2.8.18-setup.exe 2016-08-08 08:56 - 2016-08-08 08:56 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\inkscape 2016-08-08 08:56 - 2016-08-08 08:56 - 00000000 ____D C:\Users\ERIJA\AppData\Local\fontconfig 2016-08-08 08:52 - 2016-08-08 08:53 - 97868152 _____ C:\Users\ERIJA\Downloads\inkscape-0.91-x64.msi 2016-08-05 23:27 - 2016-08-15 13:44 - 00000000 ____D C:\Users\ERIJA\Desktop\Games 2016-08-05 13:11 - 2016-08-05 13:11 - 00003426 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask 2016-08-05 13:11 - 2016-08-05 13:11 - 00003306 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest 2016-08-05 13:11 - 2016-08-05 13:11 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2016-08-05 13:11 - 2016-08-05 13:11 - 00000000 ____D C:\Program Files\Dell Support Center 2016-08-04 23:29 - 2016-08-04 23:29 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Comms 2016-08-04 22:10 - 2016-08-04 22:10 - 00000000 ____D C:\Program Files\CMAK 2016-08-04 22:10 - 2016-08-04 22:10 - 00000000 ____D C:\Program Files (x86)\CMAK 2016-08-04 19:41 - 2016-07-21 18:32 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-08-04 19:41 - 2016-07-21 18:25 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-08-04 19:41 - 2016-07-21 18:18 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-08-04 19:41 - 2016-07-21 18:18 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-08-04 19:41 - 2016-07-21 18:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-08-04 19:41 - 2016-07-21 17:32 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-08-04 19:41 - 2016-07-21 17:31 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-08-04 17:51 - 2016-08-17 15:39 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\MicrosoftEdge 2016-08-04 17:48 - 2016-09-03 00:57 - 00002383 _____ C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-04 17:48 - 2016-09-03 00:57 - 00000000 ___RD C:\Users\LIEM NGUYEN\OneDrive 2016-08-04 17:46 - 2016-08-04 17:46 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Publishers 2016-08-04 17:45 - 2016-09-03 00:56 - 00000000 __SHD C:\Users\LIEM NGUYEN\IntelGraphicsProfiles 2016-08-04 17:45 - 2016-08-17 00:43 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Packages 2016-08-04 17:45 - 2016-08-04 23:29 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\ConnectedDevicesPlatform 2016-08-04 17:45 - 2016-08-04 17:45 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\TileDataLayer 2016-08-04 17:44 - 2016-08-14 02:19 - 00000000 ____D C:\Users\ERIJA\AppData\Local\MicrosoftEdge 2016-08-04 17:29 - 2016-08-04 17:29 - 00000020 ___SH C:\Users\LIEM NGUYEN\ntuser.ini 2016-08-04 17:26 - 2016-08-04 17:26 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\WINDOWS\system32\msmq 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files\MSBuild 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-08-04 17:25 - 2016-08-04 17:25 - 00000000 ____D C:\inetpub 2016-08-04 17:24 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-08-04 17:24 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-08-04 17:24 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-08-04 17:17 - 2016-08-04 17:17 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Comms 2016-08-04 17:11 - 2016-09-01 01:11 - 00000000 __SHD C:\Users\ERIJA\IntelGraphicsProfiles 2016-08-04 17:08 - 2016-08-04 17:08 - 00002365 _____ C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-04 17:08 - 2016-08-04 17:08 - 00000000 ___RD C:\Users\ERIJA\OneDrive 2016-08-04 17:07 - 2016-08-04 17:07 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-08-04 17:06 - 2016-08-04 17:06 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Publishers 2016-08-04 17:05 - 2016-08-05 17:59 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Packages 2016-08-04 17:05 - 2016-08-04 17:56 - 00000000 ____D C:\Users\ERIJA\AppData\Local\ConnectedDevicesPlatform 2016-08-04 17:05 - 2016-08-04 17:05 - 00002362 _____ C:\Users\BAXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-04 17:05 - 2016-08-04 17:05 - 00000020 ___SH C:\Users\ERIJA\ntuser.ini 2016-08-04 17:05 - 2016-08-04 17:05 - 00000000 ___RD C:\Users\BAXA\OneDrive 2016-08-04 17:05 - 2016-08-04 17:05 - 00000000 ____D C:\Users\ERIJA\AppData\Local\TileDataLayer 2016-08-04 17:04 - 2016-08-04 17:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-08-04 17:02 - 2016-09-03 00:56 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-04 17:02 - 2016-08-11 23:53 - 00000000 ____D C:\Users\BAXA\AppData\Local\Packages 2016-08-04 17:02 - 2016-08-11 23:51 - 00000000 ____D C:\Users\BAXA\AppData\Local\ConnectedDevicesPlatform 2016-08-04 17:02 - 2016-08-04 17:02 - 00000000 ____D C:\Users\BAXA\AppData\Local\TileDataLayer 2016-08-04 17:02 - 2016-08-04 17:02 - 00000000 ____D C:\Users\BAXA\AppData\Local\Publishers 2016-08-04 17:01 - 2016-08-04 17:01 - 00000020 ___SH C:\Users\BAXA\ntuser.ini 2016-08-04 16:50 - 2016-08-04 16:50 - 00000000 ____D C:\ProgramData\USOShared 2016-08-04 16:49 - 2016-08-04 16:49 - 00015243 _____ C:\WINDOWS\diagwrn.xml 2016-08-04 16:49 - 2016-08-04 16:49 - 00015243 _____ C:\WINDOWS\diagerr.xml 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\My Documents 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-08-04 16:48 - 2016-09-01 01:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-04 16:48 - 2016-08-04 16:48 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-08-04 16:48 - 2016-08-04 16:48 - 00003926 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2016-08-04 16:48 - 2016-08-04 16:48 - 00003542 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily 2016-08-04 16:48 - 2016-08-04 16:48 - 00003542 _____ C:\WINDOWS\System32\Tasks\Avira Browser Safety Updater Task 2016-08-04 16:48 - 2016-08-04 16:48 - 00003416 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{B0530FA4-306A-4536-BE5C-42FB4F6965A4} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{61654EBC-9141-4633-ABBF-19E303AAB640} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{574243F6-E494-4573-B7AC-38DA2F9537C1} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{524BD0D8-A3A7-479F-87C3-425B58345864} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{353A4FF8-D3E2-498D-BBBA-1FB0BD9E27B2} 2016-08-04 16:48 - 2016-08-04 16:48 - 00003178 _____ C:\WINDOWS\System32\Tasks\{1D5541E5-C298-4640-B930-9C4C23ACC291} 2016-08-04 16:48 - 2016-08-04 16:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-08-04 16:38 - 2016-08-04 16:38 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs 2016-08-04 16:38 - 2016-08-04 16:38 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi 2016-08-04 16:37 - 2016-08-04 16:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2016-08-04 16:35 - 2016-09-01 07:32 - 00000000 ____D C:\Users\ERIJA 2016-08-04 16:35 - 2016-08-29 00:59 - 00000000 ____D C:\Users\LIEM NGUYEN 2016-08-04 16:35 - 2016-08-11 23:50 - 00000000 ____D C:\Users\BAXA 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\My Documents 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\Documents\My Videos 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\Documents\My Pictures 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\LIEM NGUYEN\Documents\My Music 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\My Documents 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\Documents\My Videos 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\Documents\My Pictures 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\ERIJA\Documents\My Music 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\My Documents 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\Documents\My Videos 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\Documents\My Pictures 2016-08-04 16:35 - 2016-08-04 16:35 - 00000000 _SHDL C:\Users\BAXA\Documents\My Music 2016-08-04 16:34 - 2016-09-01 01:16 - 00927392 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-04 16:34 - 2016-08-17 00:32 - 01735714 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-08-04 16:32 - 2016-08-04 16:32 - 00849522 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat 2016-08-04 16:32 - 2016-08-04 16:32 - 00188557 _____ C:\WINDOWS\system32\Drivers\rtwaves40.dat 2016-08-04 16:32 - 2016-08-04 16:32 - 00017972 _____ C:\WINDOWS\system32\Drivers\rtwavesvpcap.dat 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2016-08-04 16:32 - 2016-08-04 16:32 - 00000000 ____D C:\Program Files\Realtek 2016-08-04 16:31 - 2016-08-04 16:37 - 00000000 ____D C:\Program Files\Intel 2016-08-04 16:31 - 2016-08-04 16:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2016-08-04 16:31 - 2015-12-19 01:08 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2016-08-04 16:30 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-08-04 16:29 - 2016-09-03 00:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-08-04 16:29 - 2016-08-31 22:33 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-04 16:29 - 2016-08-04 16:29 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-08-04 12:11 - 2016-08-04 12:12 - 00000036 _____ C:\WINDOWS\progress.ini 2016-08-04 11:22 - 2016-08-04 17:45 - 00000000 ____D C:\Windows10Upgrade 2016-08-04 11:22 - 2016-08-04 17:01 - 00000000 ___HD C:\$GetCurrent 2016-08-04 11:22 - 2016-08-04 11:22 - 00000696 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk 2016-08-04 11:22 - 2016-08-04 11:22 - 00000684 _____ C:\Users\LIEM NGUYEN\Desktop\Windows 10 Upgrade Assistant.lnk 2016-08-04 11:21 - 2016-08-04 11:21 - 05791104 _____ (Microsoft Corporation) C:\Users\ERIJA\Downloads\Windows10Upgrade24074.exe 2016-08-04 09:17 - 2016-08-04 09:21 - 372662088 _____ (Duodian Technology Co. Ltd.) C:\Users\ERIJA\Downloads\nox_setup_v3.7.1.0_full_En_pokemon_0801.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 00:59 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-03 00:59 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-03 00:58 - 2015-10-02 21:45 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-03 00:56 - 2016-05-28 01:32 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\LogMeIn Hamachi 2016-09-03 00:56 - 2015-11-22 23:32 - 00000000 ____D C:\Users\ERIJA\AppData\Local\LogMeIn Hamachi 2016-09-03 00:56 - 2015-10-11 10:04 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Skype 2016-09-02 22:56 - 2015-10-02 21:24 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Skype 2016-09-02 04:03 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-01 18:03 - 2015-10-02 22:08 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\.minecraft 2016-09-01 17:37 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-01 01:14 - 2014-05-25 22:09 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-09-01 01:11 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-08-31 22:34 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF 2016-08-31 22:31 - 2016-07-16 07:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-08-31 22:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-08-31 21:02 - 2016-07-16 04:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2016-08-31 21:02 - 2016-07-16 04:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-08-31 21:02 - 2016-07-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-08-31 21:02 - 2016-07-16 04:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-08-31 21:02 - 2016-07-16 04:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-08-31 21:02 - 2016-07-16 04:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-08-31 21:02 - 2016-07-16 04:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-08-31 21:01 - 2016-07-16 04:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-08-31 21:01 - 2016-07-16 04:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-08-31 21:01 - 2016-07-16 04:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-08-31 21:01 - 2016-07-16 04:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-08-31 21:01 - 2016-07-16 04:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-08-31 17:29 - 2015-10-02 21:24 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-31 17:29 - 2015-10-02 21:24 - 00000000 ____D C:\ProgramData\Skype 2016-08-30 22:13 - 2016-04-13 19:20 - 00000000 ____D C:\Users\ERIJA\Desktop\Paint 2016-08-27 19:02 - 2016-04-15 08:47 - 00000000 ____D C:\Users\ERIJA\Desktop\Wallpaper 2016-08-26 19:43 - 2015-09-19 00:32 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\CrashDumps 2016-08-26 01:05 - 2016-08-01 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-08-25 22:43 - 2016-07-16 04:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-08-25 22:43 - 2016-07-16 04:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-25 11:50 - 2015-12-31 00:35 - 00000000 ____D C:\ProgramData\Package Cache 2016-08-24 10:23 - 2016-07-17 21:20 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-08-24 10:23 - 2016-07-17 21:13 - 00000000 ____D C:\Users\ERIJA\AppData\Local\Battle.net 2016-08-24 10:23 - 2016-07-17 21:09 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-24 10:22 - 2016-07-17 21:13 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Battle.net 2016-08-24 10:22 - 2016-07-17 21:06 - 00000000 ____D C:\ProgramData\Battle.net 2016-08-23 17:28 - 2016-01-31 18:46 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-08-23 17:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-21 16:28 - 2016-08-01 08:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-08-21 16:27 - 2016-08-01 08:55 - 00000000 ____D C:\Users\LIEM NGUYEN\Desktop\mbar 2016-08-21 15:57 - 2016-08-01 08:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-08-21 15:56 - 2016-08-01 08:00 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-08-21 13:01 - 2015-09-19 13:04 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\ElevatedDiagnostics 2016-08-17 15:31 - 2016-01-02 14:32 - 00000000 ____D C:\ProgramData\Atheros 2016-08-17 03:06 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-08-17 00:57 - 2014-05-26 12:48 - 00000000 ____D C:\WINDOWS\CSC 2016-08-15 21:31 - 2015-09-18 21:25 - 00000000 ____D C:\Users\LIEM NGUYEN\Documents\Bluetooth Folder 2016-08-15 21:03 - 2015-10-27 18:18 - 00000125 ___SH C:\ProgramData\.zreglib 2016-08-15 09:58 - 2015-11-04 21:33 - 00000000 __SHD C:\Users\ERIJA\AppData\Local\EmieUserList 2016-08-15 09:58 - 2015-11-04 21:33 - 00000000 __SHD C:\Users\ERIJA\AppData\Local\EmieSiteList 2016-08-14 11:01 - 2015-09-19 03:20 - 00000000 ____D C:\Users\ERIJA\Documents\Bluetooth Folder 2016-08-14 10:12 - 2015-09-18 23:15 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Local\Google 2016-08-14 09:14 - 2016-08-01 08:00 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-14 02:25 - 2015-09-18 23:15 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-14 01:32 - 2015-09-18 22:06 - 00000000 __SHD C:\Users\LIEM NGUYEN\AppData\Local\EmieUserList 2016-08-14 01:32 - 2015-09-18 22:06 - 00000000 __SHD C:\Users\LIEM NGUYEN\AppData\Local\EmieSiteList 2016-08-12 20:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-08-12 11:53 - 2015-10-02 22:33 - 00000250 _____ C:\Users\ERIJA\AppData\LocalLow\rbxcsettings.rbx 2016-08-12 09:02 - 2016-06-20 12:59 - 00000000 ____D C:\Users\BAXA\AppData\Local\LogMeIn Hamachi 2016-08-11 23:52 - 2015-09-19 03:19 - 00000000 ____D C:\Users\BAXA\Documents\Bluetooth Folder 2016-08-11 21:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-08-11 20:48 - 2016-08-01 11:25 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-11 20:39 - 2016-08-01 11:25 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-09 01:05 - 2015-11-06 20:30 - 00000000 ____D C:\Users\LIEM NGUYEN\Documents\HOMESWEETHOME 2016-08-08 15:11 - 2015-10-03 09:47 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-05 23:37 - 2016-07-06 20:26 - 00000000 ____D C:\Users\ERIJA\Desktop\Stuff 2016-08-05 13:11 - 2014-05-25 22:05 - 00000000 ____D C:\ProgramData\PCDr 2016-08-05 13:11 - 2014-05-25 22:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-08-05 03:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-08-04 23:47 - 2016-07-25 15:15 - 00000000 ____D C:\Program Files (x86)\Gyazo 2016-08-04 18:10 - 2016-02-21 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-04 17:28 - 2016-07-16 04:49 - 00000000 ____D C:\WINDOWS\Setup 2016-08-04 17:28 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-08-04 17:25 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2016-08-04 17:25 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2016-08-04 17:25 - 2016-07-16 04:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2016-08-04 17:25 - 2016-07-16 04:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2016-08-04 17:25 - 2016-07-16 04:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll 2016-08-04 17:25 - 2016-07-16 04:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof 2016-08-04 17:25 - 2016-07-16 04:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2016-08-04 17:25 - 2016-07-16 04:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2016-08-04 17:25 - 2016-07-16 04:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2016-08-04 17:25 - 2016-07-16 04:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2016-08-04 17:25 - 2016-07-16 04:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2016-08-04 17:25 - 2016-07-16 04:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll 2016-08-04 17:25 - 2016-07-16 04:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2016-08-04 17:15 - 2014-05-26 14:22 - 00000000 __SHD C:\System Recovery 2016-08-04 17:11 - 2014-05-26 12:49 - 00000000 ____D C:\Intel 2016-08-04 17:07 - 2016-08-01 08:43 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-08-04 17:07 - 2016-08-01 08:43 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-08-04 17:07 - 2016-08-01 08:43 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-08-04 17:07 - 2016-08-01 08:43 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2016-08-04 16:50 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-08-04 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-08-04 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration 2016-08-04 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-04 16:49 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-08-04 16:48 - 2009-07-13 20:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-08-04 16:47 - 2016-07-16 04:47 - 00000000 __RSD C:\WINDOWS\Media 2016-08-04 16:47 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-08-04 16:44 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-08-04 16:40 - 2016-08-01 21:47 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2016-08-04 16:40 - 2016-08-01 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-04 16:40 - 2016-07-25 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo 2016-08-04 16:40 - 2016-07-20 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-08-04 16:40 - 2016-07-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2016-08-04 16:40 - 2016-02-14 18:53 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher 2016-08-04 16:40 - 2016-01-31 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2016-08-04 16:40 - 2016-01-02 13:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program 2016-08-04 16:40 - 2015-12-13 20:54 - 00000000 ____D C:\Users\ERIJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-04 16:40 - 2015-11-19 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-08-04 16:40 - 2015-11-04 14:10 - 00000000 ____D C:\Users\LIEM NGUYEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-08-04 16:40 - 2015-11-04 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-08-04 16:40 - 2015-10-05 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2016-08-04 16:40 - 2015-10-02 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2016-08-04 16:40 - 2015-10-02 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-04 16:40 - 2015-09-30 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2016-08-04 16:40 - 2015-09-30 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2016-08-04 16:40 - 2015-09-22 16:13 - 00000000 ____D C:\Users\BAXA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-08-04 16:40 - 2014-05-25 22:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-08-04 16:40 - 2014-05-25 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio 2016-08-04 16:40 - 2014-05-25 21:59 - 00000000 ____D C:\WINDOWS\system32\nn-NO 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-08-04 16:38 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\IME 2016-08-04 16:38 - 2014-05-25 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-08-04 16:38 - 2009-07-13 20:20 - 00000000 ____D C:\Users\Default.migrated 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 __SHD C:\Program Files\Windows Sidebar 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\schemas 2016-08-04 16:37 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-08-04 16:37 - 2015-12-13 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2016-08-04 16:37 - 2015-12-12 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-08-04 16:37 - 2015-11-28 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft 2016-08-04 16:37 - 2015-11-23 18:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2016-08-04 16:37 - 2014-05-25 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot 2016-08-04 16:37 - 2014-05-25 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net 2016-08-04 16:37 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-08-04 16:37 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker 2016-08-04 16:34 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-08-04 16:32 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-08-04 16:32 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-08-04 16:13 - 2009-07-13 21:45 - 00021312 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-04 16:13 - 2009-07-13 21:45 - 00021312 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 ==================== Files in the root of some directories ======= 2015-10-27 18:18 - 2016-08-15 21:03 - 0000125 ___SH () C:\ProgramData\.zreglib 2016-08-04 16:32 - 2016-08-04 16:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\BAXA\AppData\Local\Temp\avgnt.exe C:\Users\ERIJA\AppData\Local\Temp\avgnt.exe C:\Users\ERIJA\AppData\Local\Temp\SkypeSetup.exe C:\Users\LIEM NGUYEN\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-28 22:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by LIEM NGUYEN (03-09-2016 01:00:13) Running from C:\Users\ERIJA\Desktop Windows 10 Pro Version 1607 (X64) (2016-08-05 00:01:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3823346381-4191098200-709037831-500 - Administrator - Disabled) => C:\Users\Administrator BAXA (S-1-5-21-3823346381-4191098200-709037831-1001 - Limited - Enabled) => C:\Users\BAXA DefaultAccount (S-1-5-21-3823346381-4191098200-709037831-503 - Limited - Disabled) ERIJA (S-1-5-21-3823346381-4191098200-709037831-1002 - Limited - Enabled) => C:\Users\ERIJA Guest (S-1-5-21-3823346381-4191098200-709037831-501 - Limited - Disabled) LIEM NGUYEN (S-1-5-21-3823346381-4191098200-709037831-1000 - Administrator - Enabled) => C:\Users\LIEM NGUYEN ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) AirMech (HKLM-x32\...\Steam App 206500) (Version: - Carbon Games) Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.5.0 - SlySoft) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden Avira Software Updater (HKLM-x32\...\{96CADA13-A19B-4270-A536-A280EA510DB0}) (Version: 1.2.3.493 - Avira Operations GmbH & Co. KG) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives) Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth) CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.) Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell System Detect (HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Geometry Dash (HKLM-x32\...\Steam App 322170) (Version: - RobTop Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.29.1145.0 - Hi-Rez Studios) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.330 - Qualcomm Atheros Communications) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John) ROBLOX Player for ERIJA (HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Warface (HKLM-x32\...\Steam App 291480) (Version: - Crytek) Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17346 - Microsoft Corporation) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3823346381-4191098200-709037831-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3823346381-4191098200-709037831-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ERIJA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3823346381-4191098200-709037831-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\ERIJA\AppData\Local\Roblox\Versions\version-e6d872d544b64cd9\RobloxProxy64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02DE26B4-A377-4D12-A504-281685355992} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-07-21] () Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {10C90DE2-9C69-4C4E-AEB1-9913F61DCBF2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {118B0C75-5C0C-433E-B6F6-FC8A11D30B49} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {14B348A8-C611-4083-AD0B-41C8D96F5EE4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {256F50D4-4B2F-4011-AE10-E0DF98F1E0AD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {39D9C48F-12CD-47A7-A5A3-67FD9D4D864A} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {4FE4EB4C-8550-4882-9C19-54B3763EEAF2} - System32\Tasks\{B0530FA4-306A-4536-BE5C-42FB4F6965A4} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {6427E100-AEAE-44E5-98F4-132AD23976CD} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {6A984B25-5FB5-47F5-8BB0-F5E15265F2B0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.) Task: {6C319D8B-DF05-4A80-9136-A0ABA12AC856} - System32\Tasks\{61654EBC-9141-4633-ABBF-19E303AAB640} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {774BEC63-7921-4B84-A33F-DC88A2597A95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-14] (Google Inc.) Task: {78F9B58D-4208-4149-86B8-1303B38A0DDC} - System32\Tasks\{1D5541E5-C298-4640-B930-9C4C23ACC291} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {A015D851-1E7C-439D-92A2-44EFF53100DA} - System32\Tasks\{524BD0D8-A3A7-479F-87C3-425B58345864} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {A42137A8-850E-477B-A8C7-39838E8FC453} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {AA0492E9-DA05-4EA9-9704-FA569B01DAFF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe [2016-09-03] (Microsoft Corporation) Task: {AA3E25D9-1FA3-4E11-8D06-8F8C582D1C38} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-07-21] () Task: {B0266B37-BE4A-4847-8CAA-65620B46F5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {B2E0C73E-B0A6-4A16-987E-59D3779961CD} - System32\Tasks\{353A4FF8-D3E2-498D-BBBA-1FB0BD9E27B2} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {B402C7AF-45A5-478C-A0FB-EC67AD8F31AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd) Task: {B9EBDEE4-0F1F-4136-BEA4-5460F63E6E49} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {BE33212A-9061-492C-A748-67CB386B6B2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-14] (Google Inc.) Task: {C15F102C-2BD9-4548-8417-76E2A12D1338} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {C51962EB-554C-4808-908B-3AD2A7A2F735} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {C9F9E6BE-EAE6-4EEA-8452-F96621EC7BD3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {D34537BA-56BC-453F-9987-753A7E8AE6D9} - System32\Tasks\{574243F6-E494-4573-B7AC-38DA2F9537C1} => C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe [2016-05-28] () Task: {D9140CB1-A029-461F-9549-35CF6E945524} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {DA6ABE0D-CE90-45A8-9657-0C09734C0B6E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F77FADB6-39CF-40FD-B4D9-DA15457D14C9} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG) Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-31 21:15 - 2016-03-31 21:15 - 00076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe 2016-03-31 21:15 - 2016-03-31 21:15 - 00189248 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe 2016-08-12 05:58 - 2016-08-12 05:58 - 00025088 _____ () C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe 2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-08-04 17:08 - 2016-08-04 17:08 - 00959168 _____ () C:\Users\ERIJA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2014-05-26 12:35 - 2015-12-19 01:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-07-16 04:42 - 2016-07-16 04:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-08-31 21:08 - 2016-08-19 21:54 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 04:43 - 2016-08-31 21:02 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-08-31 21:08 - 2016-08-19 21:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-08-31 21:08 - 2016-08-19 21:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-08-27 22:11 - 2014-08-27 22:11 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2016-08-30 16:48 - 2016-08-30 16:48 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-08-30 16:48 - 2016-08-30 16:48 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-08-30 16:48 - 2016-08-30 16:48 - 35288064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-08-15 21:08 - 2016-08-15 21:09 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-15 21:08 - 2016-08-15 21:09 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-08-04 17:44 - 2016-08-04 17:46 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-07-16 07:37 - 2016-07-16 07:37 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-07-16 04:42 - 2016-07-16 04:42 - 02587488 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 2016-08-04 17:50 - 2016-08-04 17:50 - 00959168 _____ () C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-08-16 02:22 - 2016-08-16 02:22 - 00123760 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2016-07-16 04:42 - 2016-07-16 04:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-08-14 02:25 - 2016-08-02 16:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-14 02:25 - 2016-08-02 16:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-08-23 11:00 - 2016-08-23 11:00 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11607.1001.51.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3823346381-4191098200-709037831-1000\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3823346381-4191098200-709037831-1002\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3823346381-4191098200-709037831-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LIEM NGUYEN\AppData\Local\Microsoft\Windows\Themes\img8.jpg HKU\S-1-5-21-3823346381-4191098200-709037831-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BAXA\AppData\Local\Microsoft\Windows\Themes\US-wp3.jpg HKU\S-1-5-21-3823346381-4191098200-709037831-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ERIJA\Desktop\grow-up-2016-sd.jpg HKU\S-1-5-21-3823346381-4191098200-709037831-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{175DDF5F-098B-4A16-ADA4-E61769490378}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{0A25E784-1B79-4C6F-B18C-AC4F8E958225}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{9A9B77CB-8C74-4064-BFD8-69A6B76CFEDB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{3A5C7E3A-122E-4201-A376-6B0258352AD6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{CCDB1DC2-DD18-489D-B9FF-B95F23465993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{54388938-252B-4196-BE77-B31C36F9B032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{4F7939D5-B943-4B95-8256-02BD180CCF0B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{C78F3914-D974-493F-9095-23CF2DB160D3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E4FCFC07-66E1-4E6E-88E8-508BEC1D8066}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CA9BAEE2-5ABE-4B93-8096-A9BBC38C60BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EAEC31B8-9034-43C1-B683-E84C387B977F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{01B013F2-68B5-43CE-BFF2-CE7DF8D98887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7BBE1D2B-9A36-4684-8372-D565F97FDFA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{8D8BDB9B-374D-45EE-811D-CEFFF2DF3DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{B63A0CC5-E9CF-4B0D-8318-DD72E142B877}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E4FE3CD6-B515-428C-ACFA-5D94E91C81D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{BC935798-751B-42E3-BD82-2A497768EE3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7F603EC3-F15D-452C-BB57-ABC46AA2456F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{64CC35E8-397A-48E7-AAFC-FCD734B2B028}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{FF579C10-5267-4CAB-814D-726671D44D35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A674C770-0107-4C8C-B4AF-7EAED0967FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{76D86D85-E142-4668-970D-FB7D00AAD03F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{158770CA-5A78-4A19-964B-9641CF833DDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{19B4A98E-7373-4A31-9A0A-5D3EA881DB3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [UDP Query User{DA5977CE-298B-469F-BAB2-6FDAA86CABEC}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe FirewallRules: [TCP Query User{C76D011A-92A0-439D-8AC8-4AC608F9003C}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe FirewallRules: [{801DDE3F-87E7-45B7-A00C-726CF1A492BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [{118AA381-069C-4B02-8EAB-673E5DE28908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [UDP Query User{366E2FC6-7ABA-4ADA-A80F-E3277EC17BC9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [TCP Query User{9A4948F2-69A2-4D86-8C78-839023B235C5}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{1A2545BC-03F0-4C0E-9C31-05FA0F8B0A64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe FirewallRules: [{3EFCD04D-2877-40CF-8595-0C2660121D32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe FirewallRules: [{9B790993-ADC1-4EAC-828A-353924C79126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{960C372B-4F58-468A-9BD9-0F44E89F6478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [UDP Query User{271EB4FB-FB23-4FDA-89AD-87C6A3CA0325}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{7525DB7B-67E3-48DD-BF1D-57325346B25E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{BE77F40B-A571-4496-A6DA-0661130C257D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{8B32046C-F96E-4FFE-B7EC-79217BEFDE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{A9793C35-8796-4EB0-A62F-8EC9F5552E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe FirewallRules: [{EC942967-810F-4794-AAF2-4F804AE40F96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe FirewallRules: [{5D150FB8-AF00-4015-806C-DD1D9C121265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{58F17D7A-D442-40D6-BBEB-BB3732891D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{1217505F-A451-45DF-A6DD-5C11C5C55CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{262F2880-E289-42ED-AE3D-72B7FFC920E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{031F7BC9-45AF-4F49-9BE8-FD3F70F17222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{0B99E47D-4E76-4D24-941B-F74646CF7B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{AED8CEEF-13DF-44C5-9EC5-56765231FF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{FF6EA7BB-7F4F-4405-87BE-CC55E9A524A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{BA5D16AC-B643-43E1-AB66-59875FF7BBA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{7E2D174D-0793-45D6-9627-A2C545CA7714}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{10C27F8C-F65E-47CF-AFA9-D004783CE77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe FirewallRules: [{AC64C34C-1992-4CEB-B61E-40A74EB76F1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe FirewallRules: [{96D374CB-8573-4EDE-B52C-B6D1578EF5D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{7D300C50-C8B4-42D4-98D7-C1458D28CBF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{F5AF9E06-9CD4-4BA5-81EB-9C9258E11BC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe FirewallRules: [{5D946ECF-B46B-40F1-8FCD-14ABA04A299B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe FirewallRules: [UDP Query User{623F1808-AE35-4F4F-9D15-3B5B0995025E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{BF31AF6C-165F-405E-8215-F091B0EE3FB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{B0029E4F-2594-47E1-82AA-B8F3CE206625}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{0836585C-54CE-4771-AB3A-4DED1EEAD280}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{C0561561-BA3B-4893-A58F-91D504A25CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{8BF9CE73-0C78-4F82-8DF4-9DF4DB46EF47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{B7955AFC-654D-443B-8330-A019B01D5B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{00C0010C-9706-4D47-A702-6C1F695D9053}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{CDF780CF-14B8-4BF0-A235-D9905C433345}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9568ED18-1D03-4C59-8C31-8E525E9AA98B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{5EB3A45E-BC9B-4CC1-9289-2845212616A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4E4504A2-79D1-49AD-8E9A-D90F74D8BCA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{75BAE1D9-613E-4A71-8C44-7E333ECB9467}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{9D3F91EE-F7E4-469E-B5DB-9E106C749D0A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{604E6A52-AAC5-471F-999C-545DB3F0F820}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{37A87796-B32C-42F8-A590-A224399D025D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{803335F7-07B5-4004-B363-2A143C7B6D21}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{09D7C69F-5E99-4867-A3CE-5E65F7C5CFB9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-08-2016 17:22:16 Scheduled Checkpoint 02-09-2016 04:03:21 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:19:16 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/02/2016 04:03:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (09/01/2016 04:05:34 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/01/2016 04:05:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/01/2016 04:05:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/01/2016 04:05:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/31/2016 03:51:27 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. System errors: ============= Error: (09/03/2016 12:59:05 AM) (Source: DCOM) (EventID: 10016) (User: FAMILYPC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user FAMILYPC\ERIJA SID (S-1-5-21-3823346381-4191098200-709037831-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2016 12:56:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2016 12:56:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/01/2016 01:11:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/01/2016 01:11:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/01/2016 01:11:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HvHost service terminated with the following error: A device attached to the system is not functioning. Error: (09/01/2016 01:11:56 AM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (08/31/2016 10:58:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/31/2016 10:58:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/31/2016 10:58:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WMPNetworkSvc service terminated with the following error: An attempt was made to reference a token that does not exist. CodeIntegrity: =================================== Date: 2016-08-17 01:00:34.475 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 22% Total physical RAM: 16300.93 MB Available physical RAM: 12560.11 MB Total Virtual: 17324.93 MB Available Virtual: 13022.01 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:496.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: ACAA7102) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=24.2 GB) - (Type=27) Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. Upon doing the copy and paste, it states there is a syntax error in line 2
  8. Will downloading FRST onto the flash drive affect any of the files stored on the flash drive itself?
  9. Take all the time you need, as of now it's more of a nuisance than a threat.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.