Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Goinf.ru Browser Hijack


  • This topic is locked This topic is locked
14 replies to this topic

#1 SnowwBaker

SnowwBaker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 02 September 2015 - 08:00 PM

Google Chrome and Internet Explorer are both hijacked on my laptop; the homepage and search engine both redirected to Russian sites. I downloaded paintsai tool recently, which I have on my other computer but without the hijack. This hijack is supposed to come from a video saver application that I don't have; so I can't exactly get rid of that program.

 

Anyway, I used Malwarebytes Antimalware, Spy Hunter 4, Adwcleaner, and Zoek.exe trying to get rid of it; that only got rid of the search engine portion of the virus. I've tried changing the default homepages and resetting my proxy settings for both browsers.

 

Any suggestions on how to get rid of this?



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 03 September 2015 - 05:06 AM

Hey,

please post all logs you have so far. :)

 

Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 SnowwBaker

SnowwBaker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 September 2015 - 09:59 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by CJ (administrator) on SNOWPUTER (04-09-2015 09:44:54)
Running from C:\Users\CJ\Downloads
Loaded Profiles: CJ (Available Profiles: CJ)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Users\CJ\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [64864 2015-07-23] (Acer Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [OneDrive] => C:\Users\CJ\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-01] (Microsoft Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55100016 2015-08-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Spotify Web Helper] => C:\Users\CJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 104.219.55.89
Tcpip\..\Interfaces\{bd703062-2477-431f-b2a3-9a7154d6c37d}: [DhcpNameServer] 8.8.4.4 104.219.55.89
 
Internet Explorer:
==================
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
 
FireFox:
========
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-06]
 
Chrome: 
=======
CHR StartupUrls: Profile 3 -> "hxxp://www.bing.com/"
CHR Profile: C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-08-31]
CHR HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-08-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [121616 2013-09-29] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-17] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-10-17] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-04 09:45 - 2015-09-04 09:46 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\CJ\Downloads\tdsskiller.exe
2015-09-04 09:44 - 2015-09-04 09:45 - 00013400 _____ C:\Users\CJ\Downloads\FRST.txt
2015-09-04 09:44 - 2015-09-04 09:44 - 02188800 _____ (Farbar) C:\Users\CJ\Downloads\FRST64.exe
2015-09-04 09:41 - 2015-09-04 09:41 - 00016148 _____ C:\WINDOWS\system32\SNOWPUTER_CJ_HistoryPrediction.bin
2015-09-04 07:08 - 2015-09-04 07:09 - 51076312 _____ (Microsoft Corporation) C:\Users\CJ\Downloads\Windows-KB890830-x64-V5.27.exe
2015-09-04 07:08 - 2015-09-04 07:08 - 02251920 _____ (Microsoft Corporation) C:\Users\CJ\Downloads\DefaultPack.EXE
2015-09-04 05:21 - 2015-09-04 05:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-04 05:21 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-04 05:11 - 2015-09-04 05:11 - 00001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-04 05:11 - 2015-09-04 05:11 - 00001456 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-04 05:10 - 2015-09-04 07:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-04 05:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-09-04 05:09 - 2015-09-04 05:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-04 05:06 - 2015-09-04 05:06 - 00307200 _____ (Secure By Design Inc.) C:\Users\CJ\Downloads\Ninite Spybot 2 Installer.exe
2015-09-04 04:57 - 2015-09-04 04:57 - 00000000 ____D C:\Users\CJ\AppData\Roaming\TeamViewer
2015-09-04 04:56 - 2015-09-04 04:56 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-04 04:56 - 2015-09-04 04:56 - 00001108 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-04 04:55 - 2015-09-04 04:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-04 04:54 - 2015-09-04 04:54 - 00307200 _____ (Secure By Design Inc.) C:\Users\CJ\Downloads\Ninite TeamViewer Installer.exe
2015-09-03 07:30 - 2015-09-04 03:21 - 00000000 ____D C:\Users\CJ\AppData\Local\Spotify
2015-09-03 07:30 - 2015-09-03 07:30 - 00001878 _____ C:\Users\CJ\Desktop\Spotify.lnk
2015-09-03 07:30 - 2015-09-03 07:30 - 00001864 _____ C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-03 07:26 - 2015-09-04 02:22 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Spotify
2015-09-03 07:26 - 2015-09-03 07:26 - 00146080 _____ (Spotify Ltd) C:\Users\CJ\Downloads\SpotifySetup.exe
2015-09-03 04:15 - 2015-09-03 04:15 - 00000000 ____D C:\Users\CJ\AppData\Local\NetworkTiles
2015-09-03 01:15 - 2015-09-04 09:41 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-02 23:40 - 2015-09-02 23:40 - 00237170 _____ C:\Users\CJ\Documents\cc_20150902_234003.reg
2015-09-02 23:37 - 2015-09-02 23:37 - 00002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-09-02 23:36 - 2015-09-02 23:37 - 00000000 ____D C:\Program Files\CCleaner
2015-09-02 23:36 - 2015-09-02 23:36 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 23:36 - 2015-09-02 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-02 23:34 - 2015-09-02 23:36 - 06666544 _____ (Piriform Ltd) C:\Users\CJ\Downloads\ccsetup509pro.exe
2015-09-02 21:09 - 2015-09-02 21:09 - 00000000 ____D C:\Users\CJ\AppData\Local\VirtualStore
2015-09-02 20:54 - 2015-09-02 20:30 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-02 20:32 - 2015-08-28 15:28 - 00044765 _____ C:\zoek-results2015-08-28-202806.log
2015-09-02 19:35 - 2015-09-04 09:44 - 00000000 ____D C:\FRST
2015-09-01 20:44 - 2015-09-01 20:44 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-01 20:44 - 2015-09-01 20:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-01 20:44 - 2015-09-01 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-31 21:43 - 2015-08-31 21:43 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-31 20:35 - 2015-08-31 20:35 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-31 20:35 - 2015-08-31 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 20:34 - 2015-08-31 20:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 20:34 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-31 20:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-31 20:34 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-31 20:33 - 2015-08-31 21:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-31 20:26 - 2015-08-31 20:26 - 00003256 _____ C:\WINDOWS\System32\Tasks\{DADFAFF1-D1CB-4F8A-8973-83C5D168EACE}
2015-08-28 17:19 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 17:19 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 17:19 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 17:19 - 2015-08-20 00:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-28 17:19 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 17:19 - 2015-08-20 00:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-28 17:19 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 17:19 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 17:19 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 17:19 - 2015-08-20 00:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-28 17:19 - 2015-08-19 23:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 17:19 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 17:19 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 17:19 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 17:19 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 17:19 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 17:19 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 17:19 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 17:19 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 17:19 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 17:19 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 17:19 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 17:19 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 17:19 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 17:19 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 17:19 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 17:19 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 17:19 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 17:19 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 17:19 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 17:19 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 17:19 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 17:19 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 17:19 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 17:19 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 15:02 - 2015-08-20 23:44 - 00192970 _____ C:\zoek-results2015-08-21-044439.log
2015-08-28 14:57 - 2015-08-28 14:58 - 01308672 _____ C:\Users\CJ\Downloads\zoek.exe
2015-08-21 00:00 - 2015-09-03 20:00 - 00000000 ____D C:\Users\CJ\AppData\Local\CrashDumps
2015-08-20 23:53 - 2015-08-21 00:00 - 00000000 ____D C:\Users\CJ\AppData\Local\NPE
2015-08-20 23:53 - 2015-08-20 23:53 - 00000000 ____D C:\ProgramData\Norton
2015-08-20 23:42 - 2015-08-20 23:42 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-20 23:05 - 2015-09-02 21:03 - 00032762 _____ C:\zoek-results.log
2015-08-20 23:01 - 2015-09-02 20:52 - 00000000 ____D C:\zoek_backup
2015-08-20 11:29 - 2015-08-20 11:29 - 00002968 _____ C:\WINDOWS\System32\Tasks\Launch Manager
2015-08-19 03:01 - 2015-08-19 03:01 - 00000000 ____D C:\Users\CJ\Documents\Klei
2015-08-19 03:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2015-08-19 03:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2015-08-19 03:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-08-19 03:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-08-19 03:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-08-19 02:45 - 2015-08-19 02:45 - 00000222 _____ C:\Users\CJ\Desktop\Don't Starve Together Beta.url
2015-08-19 02:45 - 2015-08-19 02:45 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-19 02:38 - 2015-08-19 02:38 - 00000000 ____D C:\Users\CJ\AppData\Local\Steam
2015-08-19 02:38 - 2015-08-19 02:38 - 00000000 ____D C:\Users\CJ\AppData\Local\CEF
2015-08-19 02:33 - 2015-09-02 23:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-19 02:33 - 2015-08-19 02:33 - 00001040 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-19 02:33 - 2015-08-19 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-18 21:28 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-18 21:28 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-18 21:28 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-18 21:28 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 21:28 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-18 21:28 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-18 21:28 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-18 21:28 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-18 21:28 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-18 21:28 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-18 21:28 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-18 21:28 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-18 21:28 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-18 21:28 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-18 21:28 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-18 21:28 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-18 21:28 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-18 21:28 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-18 21:28 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-18 21:28 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-18 21:28 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-18 21:28 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-18 21:28 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-18 21:28 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-18 21:28 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-18 21:28 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-18 21:28 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-18 21:28 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-18 21:28 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-18 21:28 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-18 21:28 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-18 21:28 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-18 21:28 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-18 21:28 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-18 21:28 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 21:28 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-18 21:28 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-18 21:28 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-18 21:28 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-18 21:28 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-18 21:28 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-18 21:28 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-18 21:28 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-18 21:28 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-18 21:28 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-18 21:28 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-18 21:28 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-18 21:28 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-18 21:28 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-18 21:28 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-18 21:28 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-18 21:28 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-18 21:28 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-18 21:28 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-18 21:28 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-18 21:28 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-18 21:28 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-18 21:28 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 21:28 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-18 21:28 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-18 21:28 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-18 21:28 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-18 21:28 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-18 21:28 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-18 21:28 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-18 21:28 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-18 21:28 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-17 10:33 - 2015-08-17 11:00 - 00000000 ____D C:\Users\CJ\AppData\Roaming\OBS
2015-08-17 10:32 - 2015-08-31 20:16 - 00000000 ____D C:\Program Files\OBS
2015-08-17 10:32 - 2015-08-31 20:16 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-15 22:27 - 2015-08-15 22:27 - 00000000 _____ C:\autoexec.bat
2015-08-15 22:06 - 2015-08-15 22:07 - 00005188 _____ C:\AdwCleaner[C1].txt
2015-08-15 22:03 - 2015-08-15 22:05 - 00006000 _____ C:\AdwCleaner[S1].txt
2015-08-15 22:02 - 2015-08-31 21:53 - 00000000 ____D C:\AdwCleaner
2015-08-14 22:27 - 2015-08-31 20:37 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 22:26 - 2015-08-14 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-14 21:38 - 2015-08-14 21:57 - 00000000 ____D C:\PaintToolSAI
2015-08-14 21:38 - 2015-08-14 21:38 - 00000000 ____D C:\Users\CJ\AppData\Roaming\SYSTEMAX Software Development
2015-08-14 21:38 - 2015-08-14 21:38 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2015-08-14 21:35 - 2015-08-20 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-14 21:31 - 2015-08-14 21:31 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Torrentex
2015-08-14 21:22 - 2015-08-08 10:38 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-14 21:22 - 2015-08-08 10:38 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 21:14 - 2015-08-14 21:14 - 00003394 _____ C:\WINDOWS\System32\Tasks\PaintTool SAI
2015-08-12 00:18 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-12 00:18 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-12 00:17 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 00:17 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 00:16 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 00:16 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 00:16 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 00:16 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-12 00:16 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-12 00:16 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-12 00:16 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-12 00:16 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-12 00:16 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-12 00:16 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-12 00:16 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-12 00:16 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-12 00:16 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-12 00:16 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-12 00:16 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-12 00:15 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 00:15 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-12 00:15 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 00:15 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-12 00:15 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 00:15 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 00:15 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-12 00:15 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-12 00:15 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-12 00:15 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-12 00:15 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-12 00:15 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-12 00:15 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-12 00:15 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 00:15 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-12 00:15 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-12 00:15 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-12 00:15 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-12 00:15 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-12 00:15 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-12 00:15 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-12 00:15 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-12 00:15 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-12 00:15 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-12 00:15 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-12 00:15 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-12 00:15 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-12 00:15 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-12 00:15 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-12 00:15 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-12 00:15 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-12 00:15 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-12 00:15 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-12 00:15 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 00:15 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-12 00:15 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-12 00:14 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-12 00:14 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-12 00:14 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-12 00:14 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-12 00:14 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-12 00:14 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-12 00:14 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-12 00:14 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-07 18:18 - 2015-08-07 18:18 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-06 00:04 - 2015-07-30 01:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-06 00:04 - 2015-07-30 01:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-06 00:04 - 2015-07-30 01:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-06 00:04 - 2015-07-30 01:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-06 00:04 - 2015-07-30 01:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-06 00:04 - 2015-07-30 01:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-06 00:04 - 2015-07-30 01:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-06 00:04 - 2015-07-30 01:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-06 00:04 - 2015-07-30 01:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-06 00:04 - 2015-07-30 01:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-06 00:04 - 2015-07-30 01:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-06 00:04 - 2015-07-30 01:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-06 00:04 - 2015-07-30 00:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-06 00:04 - 2015-07-29 23:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-06 00:04 - 2015-07-29 23:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-06 00:04 - 2015-07-29 23:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-06 00:04 - 2015-07-29 23:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-06 00:04 - 2015-07-29 23:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-06 00:04 - 2015-07-29 23:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-06 00:04 - 2015-07-29 23:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-06 00:04 - 2015-07-29 23:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-06 00:04 - 2015-07-29 23:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-06 00:04 - 2015-07-29 23:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-06 00:04 - 2015-07-29 23:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-06 00:04 - 2015-07-29 23:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-06 00:04 - 2015-07-29 23:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-06 00:04 - 2015-07-29 23:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-06 00:04 - 2015-07-29 23:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-06 00:04 - 2015-07-29 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-06 00:04 - 2015-07-29 22:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-06 00:04 - 2015-07-29 22:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-06 00:04 - 2015-07-29 22:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-06 00:04 - 2015-07-29 22:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-06 00:04 - 2015-07-29 22:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-06 00:04 - 2015-07-29 22:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-06 00:04 - 2015-07-29 22:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-06 00:04 - 2015-07-29 22:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-06 00:04 - 2015-07-29 22:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-06 00:04 - 2015-07-29 22:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-06 00:04 - 2015-07-29 22:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-06 00:04 - 2015-07-29 22:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-06 00:04 - 2015-07-29 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-06 00:04 - 2015-07-29 22:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-06 00:04 - 2015-07-29 22:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-06 00:04 - 2015-07-29 22:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-06 00:04 - 2015-07-29 22:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-06 00:04 - 2015-07-29 22:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-06 00:04 - 2015-07-29 22:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-06 00:04 - 2015-07-29 22:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-06 00:04 - 2015-07-29 22:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-06 00:04 - 2015-07-29 22:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-06 00:04 - 2015-07-29 22:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-06 00:04 - 2015-07-29 22:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-06 00:04 - 2015-07-29 22:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-06 00:04 - 2015-07-29 22:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-06 00:04 - 2015-07-29 22:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-06 00:04 - 2015-07-29 22:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-06 00:04 - 2015-07-29 21:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-06 00:04 - 2015-07-29 21:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-04 09:32 - 2015-07-27 21:14 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-04 09:21 - 2015-08-01 18:22 - 00000000 ____D C:\Windows.old
2015-09-04 09:12 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-04 08:46 - 2015-07-27 22:03 - 00000000 ____D C:\Riot Games
2015-09-04 08:35 - 2015-07-27 21:06 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6C2EF95-F77B-4FF5-A91D-F041D5A46CEF}
2015-09-04 06:51 - 2015-07-28 00:04 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Skype
2015-09-04 00:32 - 2015-07-27 21:20 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8.job
2015-09-03 21:25 - 2015-07-27 21:14 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 20:02 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-02 23:39 - 2015-08-01 18:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-02 23:15 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-02 23:14 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-02 18:24 - 2015-08-01 15:36 - 00000000 ____D C:\Users\CJ
2015-09-01 20:44 - 2015-07-28 00:03 - 00000000 ____D C:\ProgramData\Skype
2015-08-31 21:45 - 2015-07-27 21:14 - 00000000 ____D C:\Users\CJ\AppData\Local\Google
2015-08-31 20:25 - 2014-11-06 04:08 - 00000000 ____D C:\Program Files (x86)\Acer
2015-08-31 20:21 - 2014-11-06 04:08 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-31 16:03 - 2015-07-27 20:34 - 00000000 ____D C:\Users\CJ\AppData\Local\Packages
2015-08-30 21:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-30 21:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-30 20:56 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-30 00:27 - 2015-07-27 21:20 - 00003782 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8
2015-08-30 00:27 - 2015-07-27 21:14 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 17:08 - 2015-08-01 15:59 - 00000000 ____D C:\Users\CJ\AppData\Local\Comms
2015-08-20 23:38 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 23:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-20 23:08 - 2015-08-01 15:52 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-20 22:43 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-17 11:32 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-14 23:14 - 2015-08-01 15:36 - 00000000 ___RD C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 22:19 - 2015-07-27 20:37 - 00000000 ____D C:\Users\CJ\AppData\Local\clear.fi
2015-08-14 21:34 - 2015-07-27 21:18 - 00002412 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2015-08-14 21:34 - 2015-07-27 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 21:20 - 2015-07-10 07:20 - 00210928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-14 21:17 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 21:17 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 19:24 - 2015-07-30 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 20:52 - 2014-11-06 02:54 - 00000000 ___HD C:\OEM
2015-08-10 22:24 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
 
==================== Files in the root of some directories =======
 
2015-08-01 15:31 - 2015-08-01 15:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 16:38
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by CJ (2015-09-04 09:46:28)
Running from C:\Users\CJ\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1913913167-4111075594-4248694621-500 - Administrator - Disabled)
CJ (S-1-5-21-1913913167-4111075594-4248694621-1001 - Administrator - Enabled) => C:\Users\CJ
DefaultAccount (S-1-5-21-1913913167-4111075594-4248694621-503 - Limited - Disabled)
Guest (S-1-5-21-1913913167-4111075594-4248694621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913913167-4111075594-4248694621-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3008 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.3.549 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
07-08-2015 16:23:39 Windows Update
08-08-2015 17:47:09 Windows Modules Installer
14-08-2015 19:11:42 Windows Update
19-08-2015 02:57:15 Installed DirectX
20-08-2015 06:35:15 JRT Pre-Junkware Removal
28-08-2015 16:38:50 Windows Update
31-08-2015 20:16:41 Removed Skype Click to Call
31-08-2015 20:18:27 Removed Skype Click to Call
01-09-2015 20:35:23 Removed Skype™ 7.8
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {02ED44A9-65D2-4990-831F-AB3893361531} - System32\Tasks\PaintTool SAI => C:\Users\CJ\AppData\Local\Temp\is-BDV8G.tmp\prsetup.exe <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CEBC0F0-BCEE-4FB7-BE65-EDC1BFF8C4FA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {154AB5E6-CF8D-4C10-A1C8-DF38A2E684DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {223D23E3-AD11-453C-B5BE-76C916C33F1E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {27596D71-A320-496F-BD01-4CDC8EC6D301} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2CE45765-038E-4108-9BDA-7DACEA03AA57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2D81B705-4990-4A73-A926-68951C373095} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {336F3EF2-BD8B-4ED8-A324-880F64E57B90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {397E4645-EFC0-428C-BF38-F24AB784B5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {5319A437-4E75-4C09-A218-0A2AFACFC9DF} - System32\Tasks\{63166C9C-6A38-498D-B95A-A918416786EE} => pcalua.exe -a "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe" -c -uninstall
Task: {56729646-24A2-415D-91FD-AC2E5FE517FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58C5F445-7952-49A0-9298-6358D39AC8A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67E35232-6230-4109-BAA3-EF50EB1DBCDD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B39C6EE-0140-4341-B765-BC68F203DC16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {6BB7F3C1-CB7D-421C-967E-F15B9A1E1D1F} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-12-04] (Acer Incorporated)
Task: {70BAEC5E-835C-4365-B690-81D3511E1C93} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7E0CAA68-0FA4-43AE-9E8E-0BB5154DDAAC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84180AB6-FFAB-4B31-8360-3C5A4C7021CE} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
Task: {8AB8202D-6AA8-4CAC-84D2-0A48AE63981A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8C9C0414-716E-4BDC-B1E1-493A6321FA59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-01] (Microsoft Corporation)
Task: {929AB474-AFDF-43C0-BA36-7E85E59FC7A0} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {988CFBD4-5997-44D6-B333-2A89D8C3A1B4} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A6D5FC67-9B96-458C-ADE2-CA4A8D0A90C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A71A8871-DE05-421E-8630-0B5904780E82} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA587134-A09B-452B-8EE0-8A6F95B46044} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {B0F93D2D-5C9B-4975-8FE2-47B0475864E3} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
Task: {BA757582-6D36-4864-AC80-55242BC17F95} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D0625921-A01F-4431-A33F-D3C1A4FC10D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E33A7BC1-A66A-4322-9577-1E6828AC02F9} - System32\Tasks\{DADFAFF1-D1CB-4F8A-8973-83C5D168EACE} => pcalua.exe -a "C:\Program Files (x86)\Acer\AOP Framework\uninstall.exe"
Task: {E96ABA8E-62B5-4B51-9E0C-77BC16E1801F} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {EAE0546F-42AF-4B89-B6DA-A19EFD188138} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {EEAFB7FF-549F-4169-B1FA-99C0A5BA7884} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
Task: {F47B16D8-3C9B-45B8-856A-0B626B44CE5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-01 18:20 - 2015-08-01 18:20 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-18 21:28 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-11-06 04:12 - 2012-04-24 05:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 00:14 - 2015-08-02 20:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-08-12 00:14 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-12 00:14 - 2015-08-02 20:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-18 21:28 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-08-01 18:20 - 2015-08-01 18:20 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-08-01 15:38 - 2015-08-01 15:38 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 04:57 - 2014-07-01 04:57 - 00279296 ____N () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-09-04 05:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 05:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 05:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 05:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 05:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-09-03 04:38 - 2015-08-27 19:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-03 04:38 - 2015-08-27 19:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-03 04:38 - 2015-08-27 19:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\CJ\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CJ\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 8.8.4.4 - 104.219.55.89
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "RemoteFilesTrayIcon"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{72857A93-3A19-4159-9C4C-B0A7FBD8FDD8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{688F6393-6817-4AE5-8E20-03DEDFCACFE1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{27475F95-7B77-4724-AD01-2E1B5697211D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A54A0D09-FDB9-43B7-94A5-1C5D7FF68188}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{95593DE6-E9DA-47FF-9263-5A8434FB0CCA}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{852EEE34-C61C-4C1A-BF36-34FF845CE6B7}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{86DD3F5A-3557-4B3F-8F0D-2424A6AB5E07}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{77FDD575-B6CA-466A-BC3E-B6BE848E1499}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{94427341-F2CB-4411-A583-93E1ADC99ABC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{187684ED-4217-48CF-846B-AD7354D2CE79}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9BB5CC1-F4AB-4799-8400-A861234839E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC2A8753-8E36-41CD-95BE-D65D085808F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{184567EF-173A-4DB3-B8C7-3C33FB318A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7B628859-F93B-4E0C-85F4-2940A3E8F6C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4D9577CF-29E4-4AA3-B790-4D04432024B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{48316444-BF55-4F40-9DB9-E8E5BF487C68}C:\users\cj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cj\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{562C6B5D-2E5C-4A6C-97B0-C460680C7263}C:\users\cj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cj\appdata\roaming\spotify\spotify.exe
FirewallRules: [{047A32B4-5F51-4DA6-8F61-9F36B68E592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{14F041FB-F72E-4DFE-9D16-1FB7D282E696}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{09C3E265-03D6-4C12-9224-4E19FAF68DEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BBAF25A9-0444-417A-B21F-00D9C6F12851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2015 06:51:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:51:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:51:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:49:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:35:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:35:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:20:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/04/2015 06:20:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/03/2015 08:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6121.2376, time stamp: 0x55d7a527
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x90c
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5
 
Error: (09/03/2015 08:40:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (09/04/2015 06:51:16 AM) (Source: DCOM) (EventID: 10001) (User: SNOWPUTER)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable
 
Error: (09/04/2015 06:51:16 AM) (Source: DCOM) (EventID: 10001) (User: SNOWPUTER)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable
 
Error: (09/04/2015 06:51:16 AM) (Source: DCOM) (EventID: 10010) (User: SNOWPUTER)
Description: CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca
 
Error: (09/04/2015 06:35:30 AM) (Source: DCOM) (EventID: 10010) (User: SNOWPUTER)
Description: CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca
 
Error: (09/04/2015 06:20:31 AM) (Source: DCOM) (EventID: 10001) (User: SNOWPUTER)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable
 
Error: (09/04/2015 06:20:31 AM) (Source: DCOM) (EventID: 10010) (User: SNOWPUTER)
Description: CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca
 
Error: (09/04/2015 05:15:05 AM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (09/04/2015 05:15:05 AM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (09/04/2015 05:15:05 AM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (09/04/2015 05:15:05 AM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
 
Microsoft Office:
=========================
Error: (09/04/2015 06:51:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147024865
 
Error: (09/04/2015 06:51:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147024865
 
Error: (09/04/2015 06:51:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927142
 
Error: (09/04/2015 06:49:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927142
 
Error: (09/04/2015 06:35:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/04/2015 06:35:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927142
 
Error: (09/04/2015 06:20:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927142
 
Error: (09/04/2015 06:20:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/03/2015 08:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6121.237655d7a527ntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c90c01d0e6ad100d1968C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\WINDOWS\SYSTEM32\ntdll.dll477a25b8-0ca9-476b-b30d-c0d937383925Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub
 
Error: (09/03/2015 08:40:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147024865
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 51%
Total physical RAM: 3977.98 MB
Available physical RAM: 1930.65 MB
Total Virtual: 5732.61 MB
Available Virtual: 3169.93 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.72 GB) (Free:394.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E055A23D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

The TDSSKiller scan file wouldn't attach I hope a .txt file is sufficient. :D

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 05 September 2015 - 07:14 AM

Hey,

well done. :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 SnowwBaker

SnowwBaker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 07 September 2015 - 09:49 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/7/2015
Scan Time: 9:06 AM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.07.02
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: CJ
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352133
Time Elapsed: 31 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Loader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PaintTool SAI, Delete-on-Reboot, [e92583aad5b6171f99ce25ff6c979967], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Loader, C:\Windows\System32\Tasks\PaintTool SAI, Quarantined, [b15ddc519cef3bfbf86d032158ab42be], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 10 Home x64
Ran by CJ on Sun 09/06/2015 at 12:39:16.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\CJ\AppData\Roaming\wyupdate au
 
 
 
~~~ Chrome
 
 
[C:\Users\CJ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\CJ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\CJ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\CJ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/06/2015 at 12:44:27.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v5.006 - Logfile created 06/09/2015 at 21:33:03
# Updated 06/09/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : CJ - SNOWPUTER
# Running from : C:\Users\CJ\Downloads\adwcleaner_5.006.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[C1].txt - [5188 bytes] - [15/08/2015 22:06:57]
C:\AdwCleaner[S1].txt - [6000 bytes] - [15/08/2015 22:03:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [758 bytes] ##########
 
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 07 September 2015 - 01:46 PM

Well done. :)

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 SnowwBaker

SnowwBaker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 09 September 2015 - 12:33 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by CJ (2015-09-09 12:29:25)
Running from C:\Users\CJ\Downloads
Windows 10 Home (X64) (2015-08-01 20:58:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1913913167-4111075594-4248694621-500 - Administrator - Disabled)
CJ (S-1-5-21-1913913167-4111075594-4248694621-1001 - Administrator - Enabled) => C:\Users\CJ
DefaultAccount (S-1-5-21-1913913167-4111075594-4248694621-503 - Limited - Disabled)
Guest (S-1-5-21-1913913167-4111075594-4248694621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913913167-4111075594-4248694621-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3008 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.3.549 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
06-09-2015 12:39:18 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {02ED44A9-65D2-4990-831F-AB3893361531} - \PaintTool SAI -> No File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CEBC0F0-BCEE-4FB7-BE65-EDC1BFF8C4FA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {154AB5E6-CF8D-4C10-A1C8-DF38A2E684DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1E24D12E-EB79-4F47-95A8-25BA4F6E1846} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {223D23E3-AD11-453C-B5BE-76C916C33F1E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {27596D71-A320-496F-BD01-4CDC8EC6D301} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2CE45765-038E-4108-9BDA-7DACEA03AA57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2D81B705-4990-4A73-A926-68951C373095} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {336F3EF2-BD8B-4ED8-A324-880F64E57B90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {397E4645-EFC0-428C-BF38-F24AB784B5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {5319A437-4E75-4C09-A218-0A2AFACFC9DF} - System32\Tasks\{63166C9C-6A38-498D-B95A-A918416786EE} => pcalua.exe -a "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe" -c -uninstall
Task: {56729646-24A2-415D-91FD-AC2E5FE517FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58C5F445-7952-49A0-9298-6358D39AC8A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67E35232-6230-4109-BAA3-EF50EB1DBCDD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B39C6EE-0140-4341-B765-BC68F203DC16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {6BB7F3C1-CB7D-421C-967E-F15B9A1E1D1F} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-12-04] (Acer Incorporated)
Task: {70BAEC5E-835C-4365-B690-81D3511E1C93} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7E0CAA68-0FA4-43AE-9E8E-0BB5154DDAAC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84180AB6-FFAB-4B31-8360-3C5A4C7021CE} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
Task: {8AB8202D-6AA8-4CAC-84D2-0A48AE63981A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8C9C0414-716E-4BDC-B1E1-493A6321FA59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-01] (Microsoft Corporation)
Task: {929AB474-AFDF-43C0-BA36-7E85E59FC7A0} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {988CFBD4-5997-44D6-B333-2A89D8C3A1B4} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A6D5FC67-9B96-458C-ADE2-CA4A8D0A90C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A71A8871-DE05-421E-8630-0B5904780E82} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA587134-A09B-452B-8EE0-8A6F95B46044} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {B0F93D2D-5C9B-4975-8FE2-47B0475864E3} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
Task: {BA757582-6D36-4864-AC80-55242BC17F95} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D0625921-A01F-4431-A33F-D3C1A4FC10D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E33A7BC1-A66A-4322-9577-1E6828AC02F9} - System32\Tasks\{DADFAFF1-D1CB-4F8A-8973-83C5D168EACE} => pcalua.exe -a "C:\Program Files (x86)\Acer\AOP Framework\uninstall.exe"
Task: {E96ABA8E-62B5-4B51-9E0C-77BC16E1801F} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {EAE0546F-42AF-4B89-B6DA-A19EFD188138} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {EEAFB7FF-549F-4169-B1FA-99C0A5BA7884} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-01 18:20 - 2015-08-01 18:20 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-18 21:28 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-11-06 04:12 - 2012-04-24 05:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-01 18:20 - 2015-08-01 18:20 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 00:14 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-12 00:14 - 2015-08-02 20:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-18 21:28 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-04-01 14:51 - 2015-04-01 14:51 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-09-04 05:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 05:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 05:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 05:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 05:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-01 15:38 - 2015-08-01 15:38 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 04:57 - 2014-07-01 04:57 - 00279296 ____N () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-09-03 07:30 - 2015-09-03 07:30 - 45067320 _____ () C:\Users\CJ\AppData\Roaming\Spotify\libcef.dll
2015-09-03 07:30 - 2015-09-03 07:30 - 01649208 _____ () C:\Users\CJ\AppData\Roaming\Spotify\libglesv2.dll
2015-09-03 07:30 - 2015-09-03 07:30 - 00080952 _____ () C:\Users\CJ\AppData\Roaming\Spotify\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\CJ\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CJ\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 8.8.4.4 - 104.219.55.89
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "RemoteFilesTrayIcon"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{72857A93-3A19-4159-9C4C-B0A7FBD8FDD8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{688F6393-6817-4AE5-8E20-03DEDFCACFE1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{27475F95-7B77-4724-AD01-2E1B5697211D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A54A0D09-FDB9-43B7-94A5-1C5D7FF68188}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{95593DE6-E9DA-47FF-9263-5A8434FB0CCA}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{852EEE34-C61C-4C1A-BF36-34FF845CE6B7}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{86DD3F5A-3557-4B3F-8F0D-2424A6AB5E07}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{77FDD575-B6CA-466A-BC3E-B6BE848E1499}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{94427341-F2CB-4411-A583-93E1ADC99ABC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{187684ED-4217-48CF-846B-AD7354D2CE79}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9BB5CC1-F4AB-4799-8400-A861234839E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC2A8753-8E36-41CD-95BE-D65D085808F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{184567EF-173A-4DB3-B8C7-3C33FB318A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7B628859-F93B-4E0C-85F4-2940A3E8F6C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4D9577CF-29E4-4AA3-B790-4D04432024B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{48316444-BF55-4F40-9DB9-E8E5BF487C68}C:\users\cj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cj\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{562C6B5D-2E5C-4A6C-97B0-C460680C7263}C:\users\cj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cj\appdata\roaming\spotify\spotify.exe
FirewallRules: [{047A32B4-5F51-4DA6-8F61-9F36B68E592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{14F041FB-F72E-4DFE-9D16-1FB7D282E696}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{09C3E265-03D6-4C12-9224-4E19FAF68DEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BBAF25A9-0444-417A-B21F-00D9C6F12851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2015 06:13:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/09/2015 06:13:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/09/2015 06:13:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/08/2015 08:18:18 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (30020) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/08/2015 08:18:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (30020) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/08/2015 08:18:08 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (30020) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/08/2015 08:18:08 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (30020) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/08/2015 08:17:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (30020) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/08/2015 08:17:57 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (30020) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/08/2015 08:17:47 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (30020) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
 
System errors:
=============
Error: (09/09/2015 12:21:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (09/09/2015 06:13:22 AM) (Source: DCOM) (EventID: 10010) (User: SNOWPUTER)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (09/09/2015 06:13:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 06:13:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 06:13:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 06:13:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/08/2015 08:16:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (09/08/2015 07:57:11 PM) (Source: DCOM) (EventID: 10010) (User: SNOWPUTER)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (09/08/2015 07:57:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/08/2015 07:57:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (09/09/2015 06:13:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/09/2015 06:13:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023169
 
Error: (09/09/2015 06:13:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SNOWPUTER)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/08/2015 08:18:18 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost30020-1032
 
Error: (09/08/2015 08:18:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost30020C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/08/2015 08:18:08 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost30020-1032
 
Error: (09/08/2015 08:18:08 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost30020C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/08/2015 08:17:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost30020-1032
 
Error: (09/08/2015 08:17:57 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost30020C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/08/2015 08:17:47 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost30020-1032
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 49%
Total physical RAM: 3977.98 MB
Available physical RAM: 2026.13 MB
Total Virtual: 5454.73 MB
Available Virtual: 3017.32 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.72 GB) (Free:412.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E055A23D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by CJ (administrator) on SNOWPUTER (09-09-2015 12:27:36)
Running from C:\Users\CJ\Downloads
Loaded Profiles: CJ (Available Profiles: CJ)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [64864 2015-07-23] (Acer Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [OneDrive] => C:\Users\CJ\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-01] (Microsoft Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55100016 2015-08-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Spotify Web Helper] => C:\Users\CJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 104.219.55.89
Tcpip\..\Interfaces\{bd703062-2477-431f-b2a3-9a7154d6c37d}: [DhcpNameServer] 8.8.4.4 104.219.55.89
 
Internet Explorer:
==================
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
 
FireFox:
========
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-06]
 
Chrome: 
=======
CHR HomePage: Profile 3 -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Profile 3 -> "hxxp://www.bing.com/"
CHR DefaultSearchKeyword: Profile 3 -> bing.com
CHR Profile: C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-08-31]
CHR HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-08-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [121616 2013-09-29] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-17] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-10-17] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 12:27 - 2015-09-09 12:28 - 00014107 _____ C:\Users\CJ\Downloads\FRST.txt
2015-09-09 12:27 - 2015-09-09 12:27 - 02190336 _____ (Farbar) C:\Users\CJ\Downloads\FRST64.exe
2015-09-09 12:18 - 2015-09-09 12:18 - 00016148 _____ C:\WINDOWS\system32\SNOWPUTER_CJ_HistoryPrediction.bin
2015-09-06 21:36 - 2015-09-06 21:36 - 00000836 _____ C:\Users\CJ\Desktop\AdwCleaner[C3].txt
2015-09-06 21:35 - 2015-09-09 12:19 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 21:33 - 2015-09-07 09:39 - 00002658 _____ C:\WINDOWS\PFRO.log
2015-09-06 21:22 - 2015-09-06 21:23 - 01654784 _____ C:\Users\CJ\Downloads\adwcleaner_5.006.exe
2015-09-06 21:21 - 2015-09-07 23:09 - 00000000 ____D C:\Users\CJ\Downloads\New folder
2015-09-06 12:44 - 2015-09-06 12:44 - 00001119 _____ C:\Users\CJ\Desktop\JRT.txt
2015-09-06 12:38 - 2015-09-06 12:39 - 01799392 _____ (Malwarebytes Corporation) C:\Users\CJ\Downloads\JRT.exe
2015-09-06 12:27 - 2015-09-06 12:27 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\CJ\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-04 09:57 - 2015-09-04 09:57 - 00368068 _____ C:\Users\CJ\Desktop\TDSSKiller Scan.txt
2015-09-04 09:48 - 2015-09-04 09:48 - 00058038 _____ C:\Users\CJ\Desktop\FRST.txt
2015-09-04 09:48 - 2015-09-04 09:48 - 00036493 _____ C:\Users\CJ\Desktop\Addition.txt
2015-09-04 05:21 - 2015-09-04 05:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-04 05:11 - 2015-09-04 05:11 - 00001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-04 05:10 - 2015-09-04 07:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-04 05:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-09-04 05:09 - 2015-09-04 05:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-04 04:57 - 2015-09-04 04:57 - 00000000 ____D C:\Users\CJ\AppData\Roaming\TeamViewer
2015-09-04 04:56 - 2015-09-04 04:56 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-04 04:55 - 2015-09-06 21:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-03 07:30 - 2015-09-09 12:25 - 00000000 ____D C:\Users\CJ\AppData\Local\Spotify
2015-09-03 07:30 - 2015-09-03 07:30 - 00001878 _____ C:\Users\CJ\Desktop\Spotify.lnk
2015-09-03 07:30 - 2015-09-03 07:30 - 00001864 _____ C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-03 07:26 - 2015-09-09 03:47 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Spotify
2015-09-03 04:15 - 2015-09-03 04:15 - 00000000 ____D C:\Users\CJ\AppData\Local\NetworkTiles
2015-09-02 23:40 - 2015-09-02 23:40 - 00237170 _____ C:\Users\CJ\Documents\cc_20150902_234003.reg
2015-09-02 23:37 - 2015-09-02 23:37 - 00002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-09-02 23:36 - 2015-09-02 23:37 - 00000000 ____D C:\Program Files\CCleaner
2015-09-02 23:36 - 2015-09-02 23:36 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 23:36 - 2015-09-02 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-02 21:09 - 2015-09-02 21:09 - 00000000 ____D C:\Users\CJ\AppData\Local\VirtualStore
2015-09-02 20:54 - 2015-09-02 20:30 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-02 20:32 - 2015-08-28 15:28 - 00044765 _____ C:\zoek-results2015-08-28-202806.log
2015-09-02 19:35 - 2015-09-09 12:27 - 00000000 ____D C:\FRST
2015-09-01 20:44 - 2015-09-01 20:44 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-01 20:44 - 2015-09-01 20:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-01 20:44 - 2015-09-01 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-31 21:43 - 2015-08-31 21:43 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-31 20:35 - 2015-09-06 12:28 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-31 20:35 - 2015-09-06 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 20:34 - 2015-09-06 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 20:34 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-31 20:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-31 20:34 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-31 20:33 - 2015-08-31 21:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-31 20:26 - 2015-08-31 20:26 - 00003256 _____ C:\WINDOWS\System32\Tasks\{DADFAFF1-D1CB-4F8A-8973-83C5D168EACE}
2015-08-28 17:19 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 17:19 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 17:19 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 17:19 - 2015-08-20 00:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-28 17:19 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 17:19 - 2015-08-20 00:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-28 17:19 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 17:19 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 17:19 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 17:19 - 2015-08-20 00:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-28 17:19 - 2015-08-19 23:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 17:19 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 17:19 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 17:19 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 17:19 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 17:19 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 17:19 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 17:19 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 17:19 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 17:19 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 17:19 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 17:19 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 17:19 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 17:19 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 17:19 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 17:19 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 17:19 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 17:19 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 17:19 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 17:19 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 17:19 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 17:19 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 17:19 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 17:19 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 17:19 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 15:02 - 2015-08-20 23:44 - 00192970 _____ C:\zoek-results2015-08-21-044439.log
2015-08-28 14:57 - 2015-08-28 14:58 - 01308672 _____ C:\Users\CJ\Downloads\zoek.exe
2015-08-21 00:00 - 2015-09-06 21:14 - 00000000 ____D C:\Users\CJ\AppData\Local\CrashDumps
2015-08-20 23:53 - 2015-08-21 00:00 - 00000000 ____D C:\Users\CJ\AppData\Local\NPE
2015-08-20 23:53 - 2015-08-20 23:53 - 00000000 ____D C:\ProgramData\Norton
2015-08-20 23:05 - 2015-09-02 21:03 - 00032762 _____ C:\zoek-results.log
2015-08-20 23:01 - 2015-09-02 20:52 - 00000000 ____D C:\zoek_backup
2015-08-20 11:29 - 2015-08-20 11:29 - 00002968 _____ C:\WINDOWS\System32\Tasks\Launch Manager
2015-08-19 03:01 - 2015-08-19 03:01 - 00000000 ____D C:\Users\CJ\Documents\Klei
2015-08-19 03:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2015-08-19 03:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2015-08-19 03:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-08-19 03:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-08-19 03:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-08-19 02:45 - 2015-08-19 02:45 - 00000222 _____ C:\Users\CJ\Desktop\Don't Starve Together Beta.url
2015-08-19 02:45 - 2015-08-19 02:45 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-19 02:38 - 2015-08-19 02:38 - 00000000 ____D C:\Users\CJ\AppData\Local\Steam
2015-08-19 02:38 - 2015-08-19 02:38 - 00000000 ____D C:\Users\CJ\AppData\Local\CEF
2015-08-19 02:33 - 2015-09-02 23:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-19 02:33 - 2015-08-19 02:33 - 00001040 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-19 02:33 - 2015-08-19 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-18 21:28 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-18 21:28 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-18 21:28 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-18 21:28 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 21:28 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-18 21:28 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-18 21:28 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-18 21:28 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-18 21:28 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-18 21:28 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-18 21:28 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-18 21:28 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-18 21:28 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-18 21:28 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-18 21:28 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-18 21:28 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-18 21:28 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-18 21:28 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-18 21:28 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-18 21:28 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-18 21:28 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-18 21:28 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-18 21:28 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-18 21:28 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-18 21:28 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-18 21:28 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-18 21:28 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-18 21:28 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-18 21:28 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-18 21:28 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-18 21:28 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-18 21:28 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-18 21:28 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-18 21:28 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-18 21:28 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 21:28 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-18 21:28 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-18 21:28 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-18 21:28 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-18 21:28 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-18 21:28 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-18 21:28 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-18 21:28 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-18 21:28 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-18 21:28 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-18 21:28 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-18 21:28 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-18 21:28 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-18 21:28 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-18 21:28 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-18 21:28 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-18 21:28 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-18 21:28 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-18 21:28 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-18 21:28 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-18 21:28 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-18 21:28 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-18 21:28 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 21:28 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-18 21:28 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-18 21:28 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-18 21:28 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-18 21:28 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-18 21:28 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-18 21:28 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-18 21:28 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-18 21:28 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-17 10:33 - 2015-08-17 11:00 - 00000000 ____D C:\Users\CJ\AppData\Roaming\OBS
2015-08-17 10:32 - 2015-08-31 20:16 - 00000000 ____D C:\Program Files\OBS
2015-08-17 10:32 - 2015-08-31 20:16 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-15 22:27 - 2015-08-15 22:27 - 00000000 _____ C:\autoexec.bat
2015-08-15 22:06 - 2015-08-15 22:07 - 00005188 _____ C:\AdwCleaner[C1].txt
2015-08-15 22:03 - 2015-08-15 22:05 - 00006000 _____ C:\AdwCleaner[S1].txt
2015-08-15 22:02 - 2015-09-06 21:33 - 00000000 ____D C:\AdwCleaner
2015-08-14 22:27 - 2015-09-07 09:43 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 22:26 - 2015-08-14 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-14 21:38 - 2015-08-14 21:57 - 00000000 ____D C:\PaintToolSAI
2015-08-14 21:38 - 2015-08-14 21:38 - 00000000 ____D C:\Users\CJ\AppData\Roaming\SYSTEMAX Software Development
2015-08-14 21:38 - 2015-08-14 21:38 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2015-08-14 21:35 - 2015-08-20 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-14 21:31 - 2015-08-14 21:31 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Torrentex
2015-08-14 21:22 - 2015-08-08 10:38 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-14 21:22 - 2015-08-08 10:38 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 00:18 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-12 00:18 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-12 00:17 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 00:17 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 00:16 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 00:16 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 00:16 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 00:16 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-12 00:16 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-12 00:16 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-12 00:16 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-12 00:16 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-12 00:16 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-12 00:16 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-12 00:16 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-12 00:16 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-12 00:16 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-12 00:16 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-12 00:16 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-12 00:15 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 00:15 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-12 00:15 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 00:15 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-12 00:15 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 00:15 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 00:15 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-12 00:15 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-12 00:15 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-12 00:15 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-12 00:15 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-12 00:15 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-12 00:15 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-12 00:15 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 00:15 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-12 00:15 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-12 00:15 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-12 00:15 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-12 00:15 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-12 00:15 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-12 00:15 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-12 00:15 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-12 00:15 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-12 00:15 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-12 00:15 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-12 00:15 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-12 00:15 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-12 00:15 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-12 00:15 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-12 00:15 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-12 00:15 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-12 00:15 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-12 00:15 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-12 00:15 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 00:15 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-12 00:15 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-12 00:14 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-12 00:14 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-12 00:14 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-12 00:14 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-12 00:14 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-12 00:14 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-12 00:14 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-12 00:14 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 12:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-09 12:21 - 2015-07-27 21:06 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6C2EF95-F77B-4FF5-A91D-F041D5A46CEF}
2015-09-09 12:19 - 2015-07-28 00:04 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Skype
2015-09-09 12:18 - 2015-07-27 21:20 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8.job
2015-09-09 12:18 - 2015-07-27 21:14 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 05:32 - 2015-07-27 21:14 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 03:55 - 2015-07-27 22:03 - 00000000 ____D C:\Riot Games
2015-09-08 23:07 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-08 17:59 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-07 23:06 - 2015-08-01 18:22 - 00000000 ____D C:\Windows.old
2015-09-07 09:39 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 09:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-07 09:39 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-06 21:34 - 2015-07-10 07:20 - 00210672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-02 23:39 - 2015-08-01 18:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-02 18:24 - 2015-08-01 15:36 - 00000000 ____D C:\Users\CJ
2015-09-01 20:44 - 2015-07-28 00:03 - 00000000 ____D C:\ProgramData\Skype
2015-08-31 21:45 - 2015-07-27 21:14 - 00000000 ____D C:\Users\CJ\AppData\Local\Google
2015-08-31 20:25 - 2014-11-06 04:08 - 00000000 ____D C:\Program Files (x86)\Acer
2015-08-31 20:21 - 2014-11-06 04:08 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-31 16:03 - 2015-07-27 20:34 - 00000000 ____D C:\Users\CJ\AppData\Local\Packages
2015-08-30 21:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-30 21:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-30 00:27 - 2015-07-27 21:20 - 00003782 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8
2015-08-30 00:27 - 2015-07-27 21:14 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 17:08 - 2015-08-01 15:59 - 00000000 ____D C:\Users\CJ\AppData\Local\Comms
2015-08-20 23:38 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 23:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-20 23:08 - 2015-08-01 15:52 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-20 22:43 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-17 11:32 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-14 23:14 - 2015-08-01 15:36 - 00000000 ___RD C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 22:19 - 2015-07-27 20:37 - 00000000 ____D C:\Users\CJ\AppData\Local\clear.fi
2015-08-14 21:34 - 2015-07-27 21:18 - 00002412 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2015-08-14 21:34 - 2015-07-27 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 21:17 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 21:17 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 19:24 - 2015-07-30 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 20:52 - 2014-11-06 02:54 - 00000000 ___HD C:\OEM
2015-08-10 22:24 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
 
==================== Files in the root of some directories =======
 
2015-08-01 15:31 - 2015-08-01 15:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\CJ\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-07 23:06
 
==================== End of FRST.txt ============================


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 09 September 2015 - 01:30 PM

Hey,

well done. :)

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    Task: {2CE45765-038E-4108-9BDA-7DACEA03AA57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {02ED44A9-65D2-4990-831F-AB3893361531} - \PaintTool SAI -> No File <==== ATTENTION
    Task: {336F3EF2-BD8B-4ED8-A324-880F64E57B90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {56729646-24A2-415D-91FD-AC2E5FE517FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {58C5F445-7952-49A0-9298-6358D39AC8A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {67E35232-6230-4109-BAA3-EF50EB1DBCDD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {70BAEC5E-835C-4365-B690-81D3511E1C93} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {7E0CAA68-0FA4-43AE-9E8E-0BB5154DDAAC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {84180AB6-FFAB-4B31-8360-3C5A4C7021CE} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
    Task: {8AB8202D-6AA8-4CAC-84D2-0A48AE63981A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {A6D5FC67-9B96-458C-ADE2-CA4A8D0A90C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A71A8871-DE05-421E-8630-0B5904780E82} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {B0F93D2D-5C9B-4975-8FE2-47B0475864E3} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
    Task: {D0625921-A01F-4431-A33F-D3C1A4FC10D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 SnowwBaker

SnowwBaker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 10 September 2015 - 04:17 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by CJ (2015-09-09 20:00:02) Run:2
Running from C:\Users\CJ\Downloads
Loaded Profiles: CJ (Available Profiles: CJ)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
Task: {2CE45765-038E-4108-9BDA-7DACEA03AA57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {02ED44A9-65D2-4990-831F-AB3893361531} - \PaintTool SAI -> No File <==== ATTENTION
Task: {336F3EF2-BD8B-4ED8-A324-880F64E57B90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {56729646-24A2-415D-91FD-AC2E5FE517FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58C5F445-7952-49A0-9298-6358D39AC8A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67E35232-6230-4109-BAA3-EF50EB1DBCDD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {70BAEC5E-835C-4365-B690-81D3511E1C93} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7E0CAA68-0FA4-43AE-9E8E-0BB5154DDAAC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84180AB6-FFAB-4B31-8360-3C5A4C7021CE} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
Task: {8AB8202D-6AA8-4CAC-84D2-0A48AE63981A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A6D5FC67-9B96-458C-ADE2-CA4A8D0A90C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A71A8871-DE05-421E-8630-0B5904780E82} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B0F93D2D-5C9B-4975-8FE2-47B0475864E3} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
Task: {D0625921-A01F-4431-A33F-D3C1A4FC10D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
end
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CE45765-038E-4108-9BDA-7DACEA03AA57} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02ED44A9-65D2-4990-831F-AB3893361531} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PaintTool SAI => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336F3EF2-BD8B-4ED8-A324-880F64E57B90} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56729646-24A2-415D-91FD-AC2E5FE517FF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58C5F445-7952-49A0-9298-6358D39AC8A9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E35232-6230-4109-BAA3-EF50EB1DBCDD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70BAEC5E-835C-4365-B690-81D3511E1C93} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E0CAA68-0FA4-43AE-9E8E-0BB5154DDAAC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84180AB6-FFAB-4B31-8360-3C5A4C7021CE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AB8202D-6AA8-4CAC-84D2-0A48AE63981A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D5FC67-9B96-458C-ADE2-CA4A8D0A90C0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71A8871-DE05-421E-8630-0B5904780E82} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0F93D2D-5C9B-4975-8FE2-47B0475864E3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Core => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0625921-A01F-4431-A33F-D3C1A4FC10D0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
EmptyTemp: => 5.3 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:00:54 ====
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by CJ (2015-09-09 20:10:28)
Running from C:\Users\CJ\Downloads
Windows 10 Home (X64) (2015-08-01 20:58:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1913913167-4111075594-4248694621-500 - Administrator - Disabled)
CJ (S-1-5-21-1913913167-4111075594-4248694621-1001 - Administrator - Enabled) => C:\Users\CJ
DefaultAccount (S-1-5-21-1913913167-4111075594-4248694621-503 - Limited - Disabled)
Guest (S-1-5-21-1913913167-4111075594-4248694621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913913167-4111075594-4248694621-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3008 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.3.549 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\CJ\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
06-09-2015 12:39:18 JRT Pre-Junkware Removal
09-09-2015 18:28:48 Restore Point Created by FRST
09-09-2015 20:00:05 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CEBC0F0-BCEE-4FB7-BE65-EDC1BFF8C4FA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {154AB5E6-CF8D-4C10-A1C8-DF38A2E684DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1E24D12E-EB79-4F47-95A8-25BA4F6E1846} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {223D23E3-AD11-453C-B5BE-76C916C33F1E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {27596D71-A320-496F-BD01-4CDC8EC6D301} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2D81B705-4990-4A73-A926-68951C373095} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {397E4645-EFC0-428C-BF38-F24AB784B5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {5319A437-4E75-4C09-A218-0A2AFACFC9DF} - System32\Tasks\{63166C9C-6A38-498D-B95A-A918416786EE} => pcalua.exe -a "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe" -c -uninstall
Task: {6B39C6EE-0140-4341-B765-BC68F203DC16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {6BB7F3C1-CB7D-421C-967E-F15B9A1E1D1F} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-12-04] (Acer Incorporated)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8C9C0414-716E-4BDC-B1E1-493A6321FA59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-01] (Microsoft Corporation)
Task: {929AB474-AFDF-43C0-BA36-7E85E59FC7A0} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {988CFBD4-5997-44D6-B333-2A89D8C3A1B4} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {AA587134-A09B-452B-8EE0-8A6F95B46044} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {BA757582-6D36-4864-AC80-55242BC17F95} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {E33A7BC1-A66A-4322-9577-1E6828AC02F9} - System32\Tasks\{DADFAFF1-D1CB-4F8A-8973-83C5D168EACE} => pcalua.exe -a "C:\Program Files (x86)\Acer\AOP Framework\uninstall.exe"
Task: {E96ABA8E-62B5-4B51-9E0C-77BC16E1801F} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {EAE0546F-42AF-4B89-B6DA-A19EFD188138} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {EEAFB7FF-549F-4169-B1FA-99C0A5BA7884} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-01 18:20 - 2015-08-01 18:20 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-18 21:28 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-11-06 04:12 - 2012-04-24 05:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-01 18:20 - 2015-08-01 18:20 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 00:14 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-12 00:14 - 2015-08-02 20:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-18 21:28 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 00:14 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-04-01 14:51 - 2015-04-01 14:51 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-09-04 05:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 05:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 05:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 05:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 05:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-01 15:38 - 2015-08-01 15:38 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 04:57 - 2014-07-01 04:57 - 00279296 ____N () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-09-03 04:38 - 2015-08-27 19:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-03 04:38 - 2015-08-27 19:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-03 04:38 - 2015-08-27 19:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\CJ\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CJ\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 8.8.4.4 - 104.219.55.89
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "RemoteFilesTrayIcon"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{72857A93-3A19-4159-9C4C-B0A7FBD8FDD8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{688F6393-6817-4AE5-8E20-03DEDFCACFE1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{27475F95-7B77-4724-AD01-2E1B5697211D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A54A0D09-FDB9-43B7-94A5-1C5D7FF68188}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{95593DE6-E9DA-47FF-9263-5A8434FB0CCA}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{852EEE34-C61C-4C1A-BF36-34FF845CE6B7}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{86DD3F5A-3557-4B3F-8F0D-2424A6AB5E07}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{77FDD575-B6CA-466A-BC3E-B6BE848E1499}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{94427341-F2CB-4411-A583-93E1ADC99ABC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{187684ED-4217-48CF-846B-AD7354D2CE79}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9BB5CC1-F4AB-4799-8400-A861234839E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC2A8753-8E36-41CD-95BE-D65D085808F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{184567EF-173A-4DB3-B8C7-3C33FB318A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7B628859-F93B-4E0C-85F4-2940A3E8F6C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4D9577CF-29E4-4AA3-B790-4D04432024B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{48316444-BF55-4F40-9DB9-E8E5BF487C68}C:\users\cj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cj\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{562C6B5D-2E5C-4A6C-97B0-C460680C7263}C:\users\cj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cj\appdata\roaming\spotify\spotify.exe
FirewallRules: [{047A32B4-5F51-4DA6-8F61-9F36B68E592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{14F041FB-F72E-4DFE-9D16-1FB7D282E696}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{09C3E265-03D6-4C12-9224-4E19FAF68DEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BBAF25A9-0444-417A-B21F-00D9C6F12851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2015 08:00:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/09/2015 08:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c2f0e2c-016b-42aa-9639-d77606ea0a8a}
 
Error: (09/09/2015 07:57:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (09/09/2015 06:38:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (09/09/2015 06:38:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (09/09/2015 06:38:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (09/09/2015 06:38:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (09/09/2015 06:38:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5560) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/09/2015 06:38:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5560) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/09/2015 06:37:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5560) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
 
System errors:
=============
Error: (09/09/2015 08:05:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (09/09/2015 08:05:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
 
Error: (09/09/2015 08:03:34 PM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (09/09/2015 08:03:33 PM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (09/09/2015 08:03:33 PM) (Source: DCOM) (EventID: 10016) (User: SNOWPUTER)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SnowputerCJS-1-5-21-1913913167-4111075594-4248694621-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (09/09/2015 08:00:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 08:00:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 08:00:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 08:00:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2015 06:45:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
 
Microsoft Office:
=========================
Error: (09/09/2015 08:00:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (09/09/2015 08:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c2f0e2c-016b-42aa-9639-d77606ea0a8a}
 
Error: (09/09/2015 07:57:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\CJ\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2015 06:38:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\CJ\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2015 06:38:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\CJ\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2015 06:38:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestc:\users\cj\downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2015 06:38:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\CJ\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/09/2015 06:38:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5560-1032
 
Error: (09/09/2015 06:38:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5560C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/09/2015 06:37:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5560-1032
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 43%
Total physical RAM: 3977.98 MB
Available physical RAM: 2250.65 MB
Total Virtual: 5513.98 MB
Available Virtual: 3674.6 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.72 GB) (Free:411.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E055A23D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by CJ (administrator) on SNOWPUTER (09-09-2015 20:08:41)
Running from C:\Users\CJ\Downloads
Loaded Profiles: CJ (Available Profiles: CJ)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\CJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [64864 2015-07-23] (Acer Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [OneDrive] => C:\Users\CJ\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-01] (Microsoft Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55100016 2015-08-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [Spotify Web Helper] => C:\Users\CJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 104.219.55.89
Tcpip\..\Interfaces\{bd703062-2477-431f-b2a3-9a7154d6c37d}: [DhcpNameServer] 8.8.4.4 104.219.55.89
 
Internet Explorer:
==================
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1913913167-4111075594-4248694621-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
 
FireFox:
========
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-06]
 
Chrome: 
=======
CHR HomePage: Profile 3 -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Profile 3 -> "hxxp://www.bing.com/"
CHR DefaultSearchKeyword: Profile 3 -> bing.com
CHR Profile: C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-08-31]
CHR HKU\S-1-5-21-1913913167-4111075594-4248694621-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2577640 2013-12-04] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-08-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [121616 2013-09-29] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-17] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-10-17] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 20:02 - 2015-09-09 20:02 - 00016148 _____ C:\WINDOWS\system32\SNOWPUTER_CJ_HistoryPrediction.bin
2015-09-09 19:54 - 2015-09-09 19:54 - 00000334 _____ C:\Users\CJ\Desktop\r4tgyhn.txt
2015-09-09 18:38 - 2015-09-09 18:38 - 02870984 _____ (ESET) C:\Users\CJ\Downloads\esetsmartinstaller_enu.exe
2015-09-09 12:29 - 2015-09-09 12:30 - 00034537 _____ C:\Users\CJ\Downloads\Addition.txt
2015-09-09 12:27 - 2015-09-09 20:10 - 00013840 _____ C:\Users\CJ\Downloads\FRST.txt
2015-09-09 12:27 - 2015-09-09 12:27 - 02190336 _____ (Farbar) C:\Users\CJ\Downloads\FRST64.exe
2015-09-06 21:36 - 2015-09-06 21:36 - 00000836 _____ C:\Users\CJ\Desktop\AdwCleaner[C3].txt
2015-09-06 21:35 - 2015-09-09 20:02 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 21:33 - 2015-09-09 18:31 - 00004306 _____ C:\WINDOWS\PFRO.log
2015-09-06 21:22 - 2015-09-06 21:23 - 01654784 _____ C:\Users\CJ\Downloads\adwcleaner_5.006.exe
2015-09-06 21:21 - 2015-09-07 23:09 - 00000000 ____D C:\Users\CJ\Downloads\New folder
2015-09-06 12:44 - 2015-09-06 12:44 - 00001119 _____ C:\Users\CJ\Desktop\JRT.txt
2015-09-06 12:38 - 2015-09-06 12:39 - 01799392 _____ (Malwarebytes Corporation) C:\Users\CJ\Downloads\JRT.exe
2015-09-06 12:27 - 2015-09-06 12:27 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\CJ\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-04 09:57 - 2015-09-04 09:57 - 00368068 _____ C:\Users\CJ\Desktop\TDSSKiller Scan.txt
2015-09-04 09:48 - 2015-09-04 09:48 - 00058038 _____ C:\Users\CJ\Desktop\FRST.txt
2015-09-04 09:48 - 2015-09-04 09:48 - 00036493 _____ C:\Users\CJ\Desktop\Addition.txt
2015-09-04 05:21 - 2015-09-04 05:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-04 05:11 - 2015-09-04 05:11 - 00001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-09-04 05:11 - 2015-09-04 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-04 05:10 - 2015-09-04 07:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-04 05:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-09-04 05:09 - 2015-09-04 05:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-04 04:57 - 2015-09-04 04:57 - 00000000 ____D C:\Users\CJ\AppData\Roaming\TeamViewer
2015-09-04 04:56 - 2015-09-04 04:56 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-04 04:55 - 2015-09-06 21:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-03 07:30 - 2015-09-09 18:30 - 00000000 ____D C:\Users\CJ\AppData\Local\Spotify
2015-09-03 07:30 - 2015-09-03 07:30 - 00001878 _____ C:\Users\CJ\Desktop\Spotify.lnk
2015-09-03 07:30 - 2015-09-03 07:30 - 00001864 _____ C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-03 07:26 - 2015-09-09 18:21 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Spotify
2015-09-03 04:15 - 2015-09-03 04:15 - 00000000 ____D C:\Users\CJ\AppData\Local\NetworkTiles
2015-09-02 23:40 - 2015-09-02 23:40 - 00237170 _____ C:\Users\CJ\Documents\cc_20150902_234003.reg
2015-09-02 23:37 - 2015-09-02 23:37 - 00002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-09-02 23:36 - 2015-09-02 23:37 - 00000000 ____D C:\Program Files\CCleaner
2015-09-02 23:36 - 2015-09-02 23:36 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 23:36 - 2015-09-02 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-02 21:09 - 2015-09-02 21:09 - 00000000 ____D C:\Users\CJ\AppData\Local\VirtualStore
2015-09-02 20:54 - 2015-09-02 20:30 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-02 20:32 - 2015-08-28 15:28 - 00044765 _____ C:\zoek-results2015-08-28-202806.log
2015-09-02 19:35 - 2015-09-09 20:08 - 00000000 ____D C:\FRST
2015-09-01 20:44 - 2015-09-01 20:44 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-01 20:44 - 2015-09-01 20:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-01 20:44 - 2015-09-01 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-31 21:43 - 2015-08-31 21:43 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-31 20:35 - 2015-09-06 12:28 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-31 20:35 - 2015-09-06 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 20:34 - 2015-09-06 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 20:34 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-31 20:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-31 20:34 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-31 20:33 - 2015-08-31 21:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-31 20:26 - 2015-08-31 20:26 - 00003256 _____ C:\WINDOWS\System32\Tasks\{DADFAFF1-D1CB-4F8A-8973-83C5D168EACE}
2015-08-28 17:19 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 17:19 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 17:19 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 17:19 - 2015-08-20 00:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-28 17:19 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 17:19 - 2015-08-20 00:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-28 17:19 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 17:19 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 17:19 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 17:19 - 2015-08-20 00:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-28 17:19 - 2015-08-19 23:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-28 17:19 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 17:19 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 17:19 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 17:19 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 17:19 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 17:19 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 17:19 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 17:19 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 17:19 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 17:19 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 17:19 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 17:19 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 17:19 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 17:19 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 17:19 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 17:19 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 17:19 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 17:19 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 17:19 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 17:19 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 17:19 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 17:19 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 17:19 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 17:19 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 17:19 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 17:19 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 17:19 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 15:02 - 2015-08-20 23:44 - 00192970 _____ C:\zoek-results2015-08-21-044439.log
2015-08-28 14:57 - 2015-08-28 14:58 - 01308672 _____ C:\Users\CJ\Downloads\zoek.exe
2015-08-21 00:00 - 2015-09-06 21:14 - 00000000 ____D C:\Users\CJ\AppData\Local\CrashDumps
2015-08-20 23:53 - 2015-08-21 00:00 - 00000000 ____D C:\Users\CJ\AppData\Local\NPE
2015-08-20 23:53 - 2015-08-20 23:53 - 00000000 ____D C:\ProgramData\Norton
2015-08-20 23:05 - 2015-09-02 21:03 - 00032762 _____ C:\zoek-results.log
2015-08-20 23:01 - 2015-09-02 20:52 - 00000000 ____D C:\zoek_backup
2015-08-20 11:29 - 2015-08-20 11:29 - 00002968 _____ C:\WINDOWS\System32\Tasks\Launch Manager
2015-08-19 03:01 - 2015-08-19 03:01 - 00000000 ____D C:\Users\CJ\Documents\Klei
2015-08-19 03:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2015-08-19 03:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2015-08-19 03:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-08-19 03:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-08-19 03:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-08-19 03:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-08-19 03:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-08-19 02:45 - 2015-08-19 02:45 - 00000222 _____ C:\Users\CJ\Desktop\Don't Starve Together Beta.url
2015-08-19 02:45 - 2015-08-19 02:45 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-19 02:38 - 2015-08-19 02:38 - 00000000 ____D C:\Users\CJ\AppData\Local\Steam
2015-08-19 02:38 - 2015-08-19 02:38 - 00000000 ____D C:\Users\CJ\AppData\Local\CEF
2015-08-19 02:33 - 2015-09-02 23:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-19 02:33 - 2015-08-19 02:33 - 00001040 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-19 02:33 - 2015-08-19 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-18 21:28 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-18 21:28 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-18 21:28 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-18 21:28 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 21:28 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-18 21:28 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-18 21:28 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-18 21:28 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-18 21:28 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-18 21:28 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-18 21:28 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-18 21:28 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-18 21:28 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-18 21:28 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-18 21:28 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-18 21:28 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-18 21:28 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-18 21:28 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-18 21:28 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-18 21:28 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-18 21:28 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-18 21:28 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-18 21:28 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-18 21:28 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-18 21:28 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-18 21:28 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-18 21:28 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-18 21:28 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-18 21:28 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-18 21:28 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-18 21:28 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-18 21:28 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-18 21:28 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-18 21:28 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-18 21:28 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 21:28 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-18 21:28 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-18 21:28 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-18 21:28 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-18 21:28 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-18 21:28 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-18 21:28 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-18 21:28 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-18 21:28 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-18 21:28 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-18 21:28 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-18 21:28 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-18 21:28 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-18 21:28 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-18 21:28 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-18 21:28 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-18 21:28 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-18 21:28 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-18 21:28 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-18 21:28 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-18 21:28 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-18 21:28 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-18 21:28 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-18 21:28 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-18 21:28 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-18 21:28 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 21:28 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-18 21:28 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-18 21:28 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-18 21:28 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-18 21:28 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-18 21:28 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-18 21:28 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-18 21:28 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-18 21:28 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-17 10:33 - 2015-08-17 11:00 - 00000000 ____D C:\Users\CJ\AppData\Roaming\OBS
2015-08-17 10:32 - 2015-08-31 20:16 - 00000000 ____D C:\Program Files\OBS
2015-08-17 10:32 - 2015-08-31 20:16 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-15 22:27 - 2015-08-15 22:27 - 00000000 _____ C:\autoexec.bat
2015-08-15 22:06 - 2015-08-15 22:07 - 00005188 _____ C:\AdwCleaner[C1].txt
2015-08-15 22:03 - 2015-08-15 22:05 - 00006000 _____ C:\AdwCleaner[S1].txt
2015-08-15 22:02 - 2015-09-06 21:33 - 00000000 ____D C:\AdwCleaner
2015-08-14 22:27 - 2015-09-07 09:43 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 22:26 - 2015-08-14 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-14 21:38 - 2015-08-14 21:57 - 00000000 ____D C:\PaintToolSAI
2015-08-14 21:38 - 2015-08-14 21:38 - 00000000 ____D C:\Users\CJ\AppData\Roaming\SYSTEMAX Software Development
2015-08-14 21:38 - 2015-08-14 21:38 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2015-08-14 21:35 - 2015-08-20 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-14 21:31 - 2015-08-14 21:31 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Torrentex
2015-08-14 21:22 - 2015-08-08 10:38 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-14 21:22 - 2015-08-08 10:38 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 00:18 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-12 00:18 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-12 00:17 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 00:17 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 00:16 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 00:16 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 00:16 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 00:16 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-12 00:16 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-12 00:16 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-12 00:16 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-12 00:16 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-12 00:16 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-12 00:16 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-12 00:16 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-12 00:16 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-12 00:16 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-12 00:16 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-12 00:16 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-12 00:15 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 00:15 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-12 00:15 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 00:15 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-12 00:15 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 00:15 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 00:15 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-12 00:15 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-12 00:15 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-12 00:15 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-12 00:15 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-12 00:15 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-12 00:15 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-12 00:15 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 00:15 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-12 00:15 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-12 00:15 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-12 00:15 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-12 00:15 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-12 00:15 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-12 00:15 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-12 00:15 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-12 00:15 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-12 00:15 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-12 00:15 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-12 00:15 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-12 00:15 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-12 00:15 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-12 00:15 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-12 00:15 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-12 00:15 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-12 00:15 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-12 00:15 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-12 00:15 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 00:15 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 00:15 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-12 00:15 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-12 00:14 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-12 00:14 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-12 00:14 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-12 00:14 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-12 00:14 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-12 00:14 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-12 00:14 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-12 00:14 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-12 00:14 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 20:04 - 2015-07-28 00:04 - 00000000 ____D C:\Users\CJ\AppData\Roaming\Skype
2015-09-09 20:04 - 2015-07-27 21:14 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 20:03 - 2015-07-27 21:20 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8.job
2015-09-09 20:02 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-09 20:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-09 20:01 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-09 19:32 - 2015-07-27 21:14 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 18:28 - 2015-07-27 21:06 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6C2EF95-F77B-4FF5-A91D-F041D5A46CEF}
2015-09-09 18:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-09 12:34 - 2015-07-27 22:03 - 00000000 ____D C:\Riot Games
2015-09-08 17:59 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-07 23:06 - 2015-08-01 18:22 - 00000000 ____D C:\Windows.old
2015-09-07 09:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-06 21:34 - 2015-07-10 07:20 - 00210672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-02 23:39 - 2015-08-01 18:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-02 18:24 - 2015-08-01 15:36 - 00000000 ____D C:\Users\CJ
2015-09-01 20:44 - 2015-07-28 00:03 - 00000000 ____D C:\ProgramData\Skype
2015-08-31 21:45 - 2015-07-27 21:14 - 00000000 ____D C:\Users\CJ\AppData\Local\Google
2015-08-31 20:25 - 2014-11-06 04:08 - 00000000 ____D C:\Program Files (x86)\Acer
2015-08-31 20:21 - 2014-11-06 04:08 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-31 16:03 - 2015-07-27 20:34 - 00000000 ____D C:\Users\CJ\AppData\Local\Packages
2015-08-30 21:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-30 21:56 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-30 00:27 - 2015-07-27 21:20 - 00003782 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0c8dbf7551fd8
2015-08-30 00:27 - 2015-07-27 21:14 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 17:08 - 2015-08-01 15:59 - 00000000 ____D C:\Users\CJ\AppData\Local\Comms
2015-08-20 23:38 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 23:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-20 23:08 - 2015-08-01 15:52 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-20 22:43 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-17 11:32 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-14 23:14 - 2015-08-01 15:36 - 00000000 ___RD C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 22:19 - 2015-07-27 20:37 - 00000000 ____D C:\Users\CJ\AppData\Local\clear.fi
2015-08-14 21:34 - 2015-07-27 21:18 - 00002412 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2015-08-14 21:34 - 2015-07-27 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 21:17 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 21:17 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 19:24 - 2015-07-30 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 20:52 - 2014-11-06 02:54 - 00000000 ___HD C:\OEM
2015-08-10 22:24 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
 
==================== Files in the root of some directories =======
 
2015-08-01 15:31 - 2015-08-01 15:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-07 23:06
 
==================== End of FRST.txt ============================
 
 
 

C:\Program Files (x86)\Google\Chrome\Application\chrome.bat BAT/StartPage.NHN trojan
C:\Program Files (x86)\Internet Explorer\iexplore.bat BAT/StartPage.NHN trojan
 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 10 September 2015 - 04:51 AM

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
    C:\Program Files (x86)\Internet Explorer\iexplore.bat
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

============

 

How is your system running?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 SnowwBaker

SnowwBaker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 11 September 2015 - 08:30 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by CJ (2015-09-11 08:16:58) Run:3
Running from C:\Users\CJ\Downloads
Loaded Profiles: CJ (Available Profiles: CJ)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Program Files (x86)\Internet Explorer\iexplore.bat
EmptyTemp:
end
*****************
 
Restore point was successfully created.
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat => moved successfully
C:\Program Files (x86)\Internet Explorer\iexplore.bat => moved successfully
EmptyTemp: => 43.3 MB temporary data Removed.
 

The system needed a reboot..
 
==== End of Fixlog 08:17:45 ====
 
Google Chrome and Internet Explorer have been removed and Microsft Edge doesn't appear to have the Hijack connected to it. Would it be safe to reinstall Chrome?



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 11 September 2015 - 02:06 PM

That means that you can not start it because my fix didn't remove both programs. It removed two malicious files located in IE and Chrome folder.

 

Reinstall it and tell me if it is better now. :)

 

Thank you.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 SnowwBaker

SnowwBaker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 12 September 2015 - 09:54 AM

It worked. :D Thanks so much.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 13 September 2015 - 01:00 PM

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.

  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,892 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:34 PM

Posted 16 September 2015 - 07:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users