Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can one of you awesome people please check my Pc


  • This topic is locked This topic is locked
9 replies to this topic

#1 the geekfreak

the geekfreak

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:swansea uk
  • Local time:04:43 AM

Posted 13 April 2016 - 04:09 AM

So i noticed a strange process running in my task manager this morning called "Amazon 1 click app" or something similar and i run ADW cleaner , It found a few things which i will post the log of below .

 

I have selected clean on ADW cleaner but want to be sure there are no other nasty`s on my machine .

 

So here is both the FRST log and the ADW cleaner log after the clean .

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Dan (administrator) on BEAST (13-04-2016 10:07:07)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan &  (Available Profiles: Dan)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-11] (Spotify Ltd)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-03-02] (Performix LLC)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-11] (Spotify Ltd)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-03-02] (Performix LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{25854896-eb1c-49bc-bad2-0150b95211f4}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{a88fd2df-9ea2-453e-aa57-aef6b1b1c768}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-105014023-2738048968-2884344003-1001 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-03] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default\Extensions\abs@avira.com [2015-06-11] [not signed]
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default\Extensions\abs@avira.com.xpi [2016-02-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-03-22]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [150008 2016-03-02] (Performix LLC)
S4 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 GalaxyClientService; E:\GalaxyClient\GalaxyClientService.exe [1616440 2015-12-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-03-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-01] (Electronic Arts)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-05-15] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-06-21] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-29] (A-Volute) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [60016 2016-02-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-15] (REALiX™)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [260096 2014-04-16] ()
S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-29] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 10:07 - 2016-04-13 10:07 - 00020722 _____ C:\Users\Dan\Desktop\FRST.txt
2016-04-13 10:06 - 2016-04-13 10:07 - 00000000 ____D C:\FRST
2016-04-13 09:59 - 2016-04-13 09:59 - 02375168 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-04-13 09:52 - 2016-04-13 09:52 - 03465280 _____ C:\Users\Dan\Downloads\adwcleaner_5.110.exe
2016-04-13 09:52 - 2016-04-13 09:52 - 00002419 _____ C:\Users\Dan\Desktop\AdwCleaner[S3].txt
2016-04-11 20:49 - 2016-04-11 20:49 - 00000000 ____D C:\Users\Dan\Desktop\~Junk
2016-04-11 17:05 - 2016-04-13 08:58 - 00002107 _____ C:\Users\Public\Desktop\SONAR Platinum.lnk
2016-04-11 14:46 - 2016-04-13 10:07 - 00000000 ____D C:\ProgramData\Adguard
2016-04-11 14:46 - 2016-04-13 09:53 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-04-11 14:46 - 2016-04-11 14:46 - 00171512 _____ C:\Users\Dan\Downloads\adguardInstaller.exe
2016-04-11 14:46 - 2016-04-11 14:46 - 00000998 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\ProgramData\fontcacheev1.dat
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Performix LLC
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\Performix_LLC
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-04-11 14:46 - 2016-02-28 01:44 - 00060016 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2016-04-11 12:33 - 2016-04-11 12:33 - 00001132 _____ C:\Users\Public\Desktop\LANDR.lnk
2016-04-11 12:33 - 2016-04-11 12:33 - 00000000 ___SD C:\Users\Dan\LANDR Bounces
2016-04-11 12:33 - 2016-04-11 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LANDR
2016-04-11 12:30 - 2016-04-11 12:30 - 00000000 ____D C:\$SysReset
2016-04-09 15:28 - 2016-04-09 15:28 - 00245486 _____ C:\Users\Dan\Downloads\ArchimedesShips-1.7.1.jar
2016-04-09 15:15 - 2016-04-09 15:15 - 57594432 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u77-windows-x64.exe
2016-04-09 15:15 - 2016-04-09 15:15 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-09 15:15 - 2016-04-09 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-09 15:15 - 2016-04-09 15:15 - 00000000 ____D C:\Program Files\Java
2016-04-09 15:10 - 2016-04-09 15:10 - 00000000 _____ C:\WINDOWS\system32\REN56AE.tmp
2016-04-09 15:09 - 2016-04-09 15:09 - 43189344 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u45-windows-x64 (2).exe
2016-04-09 15:09 - 2016-04-09 15:09 - 00000000 _____ C:\WINDOWS\system32\REN224F.tmp
2016-04-09 15:07 - 2016-04-09 15:07 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-04-09 15:05 - 2016-04-09 15:05 - 00734784 _____ (Oracle Corporation) C:\Users\Dan\Downloads\JavaSetup8u77.exe
2016-04-09 14:59 - 2016-04-09 14:59 - 43189344 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u45-windows-x64 (1).exe
2016-04-09 14:49 - 2016-04-09 14:49 - 00000000 _____ C:\WINDOWS\system32\REN38D2.tmp
2016-04-09 14:49 - 2016-04-09 14:49 - 00000000 _____ C:\WINDOWS\system32\REN1D4B.tmp
2016-04-09 14:48 - 2016-04-09 14:48 - 43189344 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u45-windows-x64.exe
2016-04-09 14:45 - 2016-04-12 15:41 - 00000000 ____D C:\ftb
2016-04-09 14:44 - 2016-04-12 16:01 - 00000000 ____D C:\Users\Dan\AppData\Local\ftblauncher
2016-04-09 14:44 - 2016-04-09 14:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\ftblauncher
2016-04-09 14:44 - 2016-04-09 14:44 - 07561844 _____ C:\Users\Dan\Downloads\FTB_Launcher.exe
2016-04-09 14:43 - 2016-04-09 14:43 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-09 14:43 - 2016-04-09 14:43 - 00001032 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-04-07 12:31 - 2016-04-13 09:57 - 00001187 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 12:31 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-07 12:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-07 12:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-06 14:32 - 2016-04-06 14:32 - 05218644 _____ C:\Users\Dan\Downloads\Red Flare V1.4.19.zip
2016-04-06 14:29 - 2016-04-06 14:30 - 00997566 _____ C:\Users\Dan\Downloads\Air-for-Steam-2016-0403.zip
2016-04-05 21:43 - 2016-04-05 21:43 - 00000745 _____ C:\Users\Dan\Downloads\history.csv
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Tokyo Dawn Labs
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Plogue Art et Technologie, Inc
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Plogue
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\helmplugin
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Helm
2016-04-03 16:47 - 2016-04-03 16:47 - 00718497 _____ C:\WINDOWS\unins002.exe
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\Program Files\Steinberg
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\Program Files\Helm
2016-04-03 16:45 - 2016-04-03 16:48 - 00134728 _____ C:\WINDOWS\unins002.dat
2016-04-03 16:44 - 2016-04-03 16:44 - 11782888 _____ (Plogue ) C:\Users\Dan\Downloads\WIN_AlterEgo_v1.070.exe
2016-04-03 16:44 - 2016-04-03 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue
2016-04-03 16:44 - 2016-04-03 16:44 - 00000000 ____D C:\Program Files\Plogue
2016-04-03 16:43 - 2016-04-03 16:45 - 293345972 _____ (One Small Clue ) C:\Users\Dan\Downloads\Setup_Grace_Factory_Content.exe
2016-04-03 16:43 - 2016-04-03 16:43 - 00720033 _____ C:\WINDOWS\unins001.exe
2016-04-03 16:43 - 2016-04-03 16:43 - 00009181 _____ C:\WINDOWS\unins001.dat
2016-04-03 16:43 - 2016-04-03 16:43 - 00000000 ____D C:\ProgramData\One Small Clue
2016-04-03 16:43 - 2013-10-09 13:18 - 00233984 _____ C:\WINDOWS\SysWOW64\r8bsrc.dll
2016-04-03 16:43 - 2011-05-25 23:32 - 00132096 _____ C:\WINDOWS\SysWOW64\MtxVecSpld.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00065536 _____ C:\WINDOWS\SysWOW64\MtxVecLapackd.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00057344 _____ C:\WINDOWS\SysWOW64\MtxVecSparsed.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00013312 _____ C:\WINDOWS\SysWOW64\MtxVecVML4d.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00010240 _____ C:\WINDOWS\SysWOW64\MtxVecVMLd.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00008704 _____ C:\WINDOWS\SysWOW64\MtxVecRandom.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00008704 _____ C:\WINDOWS\SysWOW64\MtxVecFFT.lib
2016-04-03 16:43 - 2011-05-24 00:59 - 05540352 _____ C:\WINDOWS\SysWOW64\MtxVec.Spld4.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 13887488 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Fft.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 10766848 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Lapack4d.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 06381568 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Vmld.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 06333440 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Random.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 02381312 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Sparse4d.dll
2016-04-03 16:43 - 2010-01-06 23:33 - 02474496 _____ C:\WINDOWS\SysWOW64\MtxVec.Vml4d.dll
2016-04-03 16:43 - 2001-06-06 13:59 - 00019968 _____ C:\WINDOWS\SysWOW64\bdsp.lib
2016-04-03 16:43 - 2001-06-06 13:56 - 00479232 _____ C:\WINDOWS\SysWOW64\bdsp.dll
2016-04-03 16:41 - 2016-04-03 16:41 - 01329536 _____ (Alex Hilton / A1AUDIO ) C:\Users\Dan\Downloads\A1TriggerGate-WinRTAS-v1.0.0-Setup.exe
2016-04-03 16:41 - 2016-04-03 16:41 - 00000000 ____D C:\Users\Dan\AppData\Roaming\A1AUDIO.de
2016-04-03 16:41 - 2016-04-03 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1AUDIO
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\Users\Dan\Downloads\MJUCjr-win-installer
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MJUCjr
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\Program Files\Klanghelm
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LVC-Audio
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\Program Files\LVC-Audio
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2016-04-03 16:36 - 2016-04-03 16:36 - 00000000 ____D C:\Users\Dan\Downloads\LimitedZ-1.0.1-Win
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\ProgramData\Tokyo Dawn Labs
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tokyo Dawn Labs
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\Program Files\Tokyo Dawn Labs
2016-04-01 10:10 - 2016-04-13 08:54 - 00001342 _____ C:\Users\Public\Desktop\Command Center.lnk
2016-04-01 09:46 - 2016-04-13 10:02 - 00000000 ____D C:\AdwCleaner
2016-03-30 19:17 - 2016-03-30 19:17 - 00001549 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2016-03-30 19:12 - 2016-03-30 19:17 - 00000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2016-03-30 19:11 - 2016-03-30 19:11 - 00000000 ____D C:\Users\Dan\.thumbnails
2016-03-30 19:10 - 2016-03-31 10:15 - 00000000 ____D C:\Users\Dan\.gimp-2.8
2016-03-30 19:10 - 2016-03-30 19:10 - 00000689 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-03-30 19:10 - 2016-03-30 19:10 - 00000000 ____D C:\Users\Dan\AppData\Local\gegl-0.2
2016-03-30 19:10 - 2016-03-30 19:10 - 00000000 ____D C:\Users\Dan\AppData\Local\fontconfig
2016-03-29 12:09 - 2016-04-07 09:16 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2016-03-29 12:08 - 2016-03-29 12:08 - 02691400 _____ (Safer-Networking Ltd. ) C:\Users\Dan\Downloads\SpybotAntiBeacon-1.5-setup.exe
2016-03-29 08:20 - 2016-04-01 09:51 - 00000000 ____D C:\Users\Dan\AppData\Roaming\SlimCleaner
2016-03-28 09:07 - 2016-03-28 09:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\HMYGSetting
2016-03-28 09:07 - 2016-03-28 09:07 - 00000000 ____D C:\Users\Dan\.android
2016-03-28 09:06 - 2016-03-28 09:22 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2016-03-28 09:06 - 2016-03-28 09:22 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-03-28 09:06 - 2016-03-28 09:07 - 00000000 ____D C:\ProgramData\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\Users\Dan\AppData\Local\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-03-28 09:06 - 2015-12-26 10:18 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-03-27 19:04 - 2016-03-27 19:04 - 00002357 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-26 22:53 - 2016-04-01 09:55 - 47718584 _____ C:\Users\Dan\Downloads\DiscordSetup.exe
2016-03-26 22:53 - 2016-03-26 22:53 - 00002223 _____ C:\Users\Dan\Desktop\Discord.lnk
2016-03-26 22:53 - 2016-03-26 22:53 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-03-26 22:53 - 2016-03-26 22:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Discord
2016-03-26 19:31 - 2016-03-26 19:31 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-26 19:29 - 2016-04-12 07:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-26 19:29 - 2016-03-26 19:29 - 03286208 _____ (Microsoft Corporation) C:\Users\Dan\Downloads\Setup.X86.en-US_O365HomePremRetail_6f22fb0e-733c-4432-b111-c0bc04af8229_TX_DB_.exe
2016-03-26 19:29 - 2016-03-26 19:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-25 21:29 - 2016-03-25 21:29 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-25 21:29 - 2016-03-25 21:29 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-25 12:43 - 2016-03-25 12:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Google
2016-03-25 12:40 - 2016-04-03 12:40 - 00000000 ____D C:\ProgramData\Google
2016-03-25 12:37 - 2016-03-25 12:38 - 450071920 _____ C:\Users\Dan\Downloads\nikcollection-full-1.2.11.exe
2016-03-24 09:43 - 2016-04-13 09:54 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PlaysTV
2016-03-24 09:43 - 2016-03-24 09:44 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Raptr
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\library_dir
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-23 14:54 - 2016-03-23 14:54 - 00000000 ____D C:\Program Files (x86)\directx
2016-03-19 17:55 - 2016-03-19 17:57 - 00000000 ____D C:\Users\Dan\Downloads\adt_vst_win_v1.0.5
2016-03-19 17:43 - 2016-03-19 17:43 - 00000000 ____D C:\Users\Dan\Downloads\Melodyne.4.0.4.001.danielmeredithbutler
2016-03-18 16:44 - 2011-01-25 13:26 - 00051896 _____ C:\Users\Dan\Downloads\cs_regular.ttf
2016-03-18 13:13 - 2016-04-01 09:50 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2016-03-18 10:43 - 2016-03-18 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2016-03-17 11:09 - 2015-12-14 23:24 - 00130880 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2016-03-17 11:09 - 2015-09-22 23:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-03-17 11:08 - 2016-03-17 11:09 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2016-03-17 11:08 - 2016-03-17 11:08 - 00000000 ____D C:\Program Files\Razer Chroma SDK
2016-03-17 10:28 - 2016-03-17 11:09 - 00000000 ____D C:\Program Files (x86)\Razer
2016-03-17 10:28 - 2016-03-17 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-03-15 20:01 - 2016-03-15 20:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Uber Entertainment
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 09:58 - 2015-11-25 09:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 09:58 - 2015-11-15 21:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 09:58 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 09:55 - 2016-02-14 23:55 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-13 09:54 - 2016-02-01 21:30 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 09:53 - 2015-11-25 09:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 09:53 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 09:35 - 2016-02-01 21:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 08:53 - 2016-02-03 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-13 08:42 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 08:42 - 2014-07-26 03:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Packages
2016-04-13 08:39 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 20:03 - 2015-10-26 19:57 - 00000000 ____D C:\Users\Dan\AppData\Roaming\TS3Client
2016-04-12 20:02 - 2016-01-15 23:12 - 00000000 ____D C:\some bleep i just did
2016-04-12 19:09 - 2015-03-12 21:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
2016-04-12 10:52 - 2016-01-01 15:14 - 00000000 ____D C:\Users\Dan\AppData\Local\Spotify
2016-04-12 10:49 - 2016-01-01 15:14 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Spotify
2016-04-12 07:58 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-11 17:29 - 2015-04-19 23:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Celemony Software GmbH
2016-04-11 17:05 - 2015-08-23 08:54 - 00000000 ____D C:\Cakewalk Projects
2016-04-11 17:01 - 2015-05-14 09:36 - 00001192 _____ C:\Users\Public\Desktop\Dimension Pro x64.lnk
2016-04-11 15:54 - 2015-11-25 09:59 - 00000000 ____D C:\Users\Dan\AppData\Local\Comms
2016-04-11 14:46 - 2014-08-01 21:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-11 12:33 - 2016-02-24 21:41 - 00000000 ____D C:\Users\Dan\AppData\Local\LANDR
2016-04-11 12:33 - 2015-11-25 09:40 - 00000000 ____D C:\Users\Dan
2016-04-11 12:26 - 2016-01-30 12:19 - 00001426 _____ C:\Users\Public\Desktop\Rapture Session 64-bit.lnk
2016-04-11 11:12 - 2015-04-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2016-04-11 08:23 - 2015-06-04 22:01 - 00000615 _____ C:\Users\Dan\Desktop\The Elder Scrolls Online.lnk
2016-04-10 21:29 - 2014-08-23 11:37 - 00018432 _____ C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-09 15:15 - 2015-08-28 07:03 - 00000000 ____D C:\Users\Dan\.oracle_jre_usage
2016-04-09 15:13 - 2015-04-11 14:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 15:11 - 2015-04-27 14:07 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-09 15:06 - 2014-08-19 10:13 - 00000000 ____D C:\ProgramData\Oracle
2016-04-09 14:49 - 2016-02-28 13:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-09 14:41 - 2016-01-23 01:03 - 00000000 ____D C:\Users\Dan\AppData\Roaming\.minecraft
2016-04-07 12:31 - 2015-11-15 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 12:31 - 2015-11-15 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 09:05 - 2014-09-04 16:21 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2016-04-05 21:50 - 2015-05-14 10:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Applied Acoustics Systems
2016-04-05 14:37 - 2014-09-14 15:55 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-04 23:48 - 2014-08-26 15:39 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Audacity
2016-04-04 08:11 - 2016-01-31 10:53 - 00401440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-03 16:46 - 2015-04-19 23:48 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-04-03 16:42 - 2015-05-21 08:09 - 00000000 ____D C:\Program Files\VstPlugIns
2016-04-03 16:42 - 2015-05-21 07:54 - 00000000 ____D C:\ProgramData\Audio Damage
2016-04-03 12:40 - 2014-07-29 09:44 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-01 14:22 - 2014-08-01 07:45 - 00000000 ____D C:\ProgramData\Origin
2016-04-01 14:11 - 2014-08-01 07:45 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-30 13:23 - 2014-08-01 15:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Awesomium
2016-03-29 20:00 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Dan\AppData\Roaming\OBS
2016-03-29 14:38 - 2015-06-19 09:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2016-03-29 12:09 - 2015-04-10 23:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-03-26 22:53 - 2016-03-02 09:19 - 00000000 ____D C:\Users\Dan\AppData\Local\SquirrelTemp
2016-03-26 19:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 16:22 - 2015-08-18 11:26 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2016-03-25 20:57 - 2015-05-07 15:58 - 00001186 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2016-03-25 12:41 - 2014-07-29 09:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Google
2016-03-25 12:41 - 2014-07-26 03:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2016-03-24 09:30 - 2016-02-21 10:53 - 00001343 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2016.lnk
2016-03-23 14:36 - 2016-01-23 01:03 - 00001038 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-03-23 12:33 - 2014-10-19 12:55 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Kodi
2016-03-21 19:14 - 2015-06-04 20:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-21 19:14 - 2015-03-12 21:01 - 00000000 ____D C:\ProgramData\Skype
2016-03-19 17:44 - 2015-04-19 23:48 - 00000000 ____D C:\Program Files (x86)\Celemony
2016-03-18 11:41 - 2014-09-10 14:48 - 00000000 ____D C:\Users\Dan\AppData\Local\Battle.net
2016-03-18 10:46 - 2014-09-10 14:48 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Battle.net
2016-03-18 10:44 - 2014-09-10 14:46 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-17 11:09 - 2015-11-15 10:50 - 00000000 ____D C:\ProgramData\Razer
2016-03-17 10:08 - 2015-11-15 10:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Razer
2016-03-14 22:45 - 2016-03-04 15:44 - 00000000 ____D C:\Users\Dan\AppData\Roaming\MeldaProduction
2016-03-14 16:08 - 2016-02-11 13:18 - 00000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2016-03-14 08:49 - 2014-08-04 09:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-14 08:49 - 2014-08-04 09:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-08-23 11:37 - 2016-04-10 21:29 - 0018432 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-30 19:17 - 2016-03-30 19:17 - 0001549 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2015-01-17 11:09 - 2015-10-19 13:18 - 0007602 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2015-04-09 08:26 - 2015-04-09 08:27 - 0011546 _____ () C:\Users\Dan\AppData\Local\Temp-log.txt
2016-02-02 13:26 - 2016-02-02 13:30 - 0000024 _____ () C:\ProgramData\.BusDriver
2015-04-15 16:09 - 2015-04-15 16:09 - 0266293 _____ () C:\ProgramData\1429110562.bdinstall.bin
2015-05-21 08:13 - 2016-03-04 15:36 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-04-11 14:46 - 2016-04-11 14:46 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
C:\Users\Dan\AppData\Local\Temp\libeay32.dll
C:\Users\Dan\AppData\Local\Temp\msvcr120.dll
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-12 07:59
 
==================== End of FRST.txt ============================
 
 
# AdwCleaner v5.110 - Logfile created 13/04/2016 at 09:52:12
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Dan - BEAST
# Running from : C:\Users\Dan\Downloads\adwcleaner_5.110.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Amazon Browser Settings
Folder Found : C:\Users\Dan\AppData\Local\Amazon Browser Settings
 
***** [ Files ] *****
 
File Found : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage
File Found : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : DistromaticSearchProtect-logon
Task Found : DistromaticUpdater-periodic
Task Found : DistromaticSearchProtect-hourly
Task Found : DistromaticUpdater-logon
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Found : HKCU\Software\distromatic
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
Key Found : HKU\S-1-5-21-105014023-2738048968-2884344003-1001\Software\distromatic
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
 
***** [ Web browsers ] *****
 
[C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2217 bytes] - [01/04/2016 09:53:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [2154 bytes] - [01/04/2016 09:46:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [2175 bytes] - [01/04/2016 09:51:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [2267 bytes] - [13/04/2016 09:52:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2340 bytes] ##########
 
 


BC AdBot (Login to Remove)

 


#2 the geekfreak

the geekfreak
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:swansea uk
  • Local time:04:43 AM

Posted 13 April 2016 - 04:10 AM

So i noticed a strange process running in my task manager this morning called "Amazon 1 click app" or something similar and i run ADW cleaner , It found a few things which i will post the log of below .

 

I have selected clean on ADW cleaner but want to be sure there are no other nasty`s on my machine .

 

So here is both the FRST log and the ADW cleaner log after the clean .

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Dan (administrator) on BEAST (13-04-2016 10:07:07)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan &  (Available Profiles: Dan)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-11] (Spotify Ltd)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-03-02] (Performix LLC)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-11] (Spotify Ltd)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-03-02] (Performix LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{25854896-eb1c-49bc-bad2-0150b95211f4}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{a88fd2df-9ea2-453e-aa57-aef6b1b1c768}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-105014023-2738048968-2884344003-1001 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-03] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default\Extensions\abs@avira.com [2015-06-11] [not signed]
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default\Extensions\abs@avira.com.xpi [2016-02-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-03-22]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [150008 2016-03-02] (Performix LLC)
S4 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 GalaxyClientService; E:\GalaxyClient\GalaxyClientService.exe [1616440 2015-12-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-03-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-01] (Electronic Arts)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-05-15] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-06-21] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-29] (A-Volute) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [60016 2016-02-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-15] (REALiX™)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [260096 2014-04-16] ()
S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-29] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 10:07 - 2016-04-13 10:07 - 00020722 _____ C:\Users\Dan\Desktop\FRST.txt
2016-04-13 10:06 - 2016-04-13 10:07 - 00000000 ____D C:\FRST
2016-04-13 09:59 - 2016-04-13 09:59 - 02375168 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-04-13 09:52 - 2016-04-13 09:52 - 03465280 _____ C:\Users\Dan\Downloads\adwcleaner_5.110.exe
2016-04-13 09:52 - 2016-04-13 09:52 - 00002419 _____ C:\Users\Dan\Desktop\AdwCleaner[S3].txt
2016-04-11 20:49 - 2016-04-11 20:49 - 00000000 ____D C:\Users\Dan\Desktop\~Junk
2016-04-11 17:05 - 2016-04-13 08:58 - 00002107 _____ C:\Users\Public\Desktop\SONAR Platinum.lnk
2016-04-11 14:46 - 2016-04-13 10:07 - 00000000 ____D C:\ProgramData\Adguard
2016-04-11 14:46 - 2016-04-13 09:53 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-04-11 14:46 - 2016-04-11 14:46 - 00171512 _____ C:\Users\Dan\Downloads\adguardInstaller.exe
2016-04-11 14:46 - 2016-04-11 14:46 - 00000998 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\ProgramData\fontcacheev1.dat
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Performix LLC
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\Performix_LLC
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-04-11 14:46 - 2016-02-28 01:44 - 00060016 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2016-04-11 12:33 - 2016-04-11 12:33 - 00001132 _____ C:\Users\Public\Desktop\LANDR.lnk
2016-04-11 12:33 - 2016-04-11 12:33 - 00000000 ___SD C:\Users\Dan\LANDR Bounces
2016-04-11 12:33 - 2016-04-11 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LANDR
2016-04-11 12:30 - 2016-04-11 12:30 - 00000000 ____D C:\$SysReset
2016-04-09 15:28 - 2016-04-09 15:28 - 00245486 _____ C:\Users\Dan\Downloads\ArchimedesShips-1.7.1.jar
2016-04-09 15:15 - 2016-04-09 15:15 - 57594432 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u77-windows-x64.exe
2016-04-09 15:15 - 2016-04-09 15:15 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-09 15:15 - 2016-04-09 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-09 15:15 - 2016-04-09 15:15 - 00000000 ____D C:\Program Files\Java
2016-04-09 15:10 - 2016-04-09 15:10 - 00000000 _____ C:\WINDOWS\system32\REN56AE.tmp
2016-04-09 15:09 - 2016-04-09 15:09 - 43189344 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u45-windows-x64 (2).exe
2016-04-09 15:09 - 2016-04-09 15:09 - 00000000 _____ C:\WINDOWS\system32\REN224F.tmp
2016-04-09 15:07 - 2016-04-09 15:07 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-04-09 15:05 - 2016-04-09 15:05 - 00734784 _____ (Oracle Corporation) C:\Users\Dan\Downloads\JavaSetup8u77.exe
2016-04-09 14:59 - 2016-04-09 14:59 - 43189344 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u45-windows-x64 (1).exe
2016-04-09 14:49 - 2016-04-09 14:49 - 00000000 _____ C:\WINDOWS\system32\REN38D2.tmp
2016-04-09 14:49 - 2016-04-09 14:49 - 00000000 _____ C:\WINDOWS\system32\REN1D4B.tmp
2016-04-09 14:48 - 2016-04-09 14:48 - 43189344 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jre-8u45-windows-x64.exe
2016-04-09 14:45 - 2016-04-12 15:41 - 00000000 ____D C:\ftb
2016-04-09 14:44 - 2016-04-12 16:01 - 00000000 ____D C:\Users\Dan\AppData\Local\ftblauncher
2016-04-09 14:44 - 2016-04-09 14:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\ftblauncher
2016-04-09 14:44 - 2016-04-09 14:44 - 07561844 _____ C:\Users\Dan\Downloads\FTB_Launcher.exe
2016-04-09 14:43 - 2016-04-09 14:43 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-09 14:43 - 2016-04-09 14:43 - 00001032 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-04-07 12:31 - 2016-04-13 09:57 - 00001187 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 12:31 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-07 12:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-07 12:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-06 14:32 - 2016-04-06 14:32 - 05218644 _____ C:\Users\Dan\Downloads\Red Flare V1.4.19.zip
2016-04-06 14:29 - 2016-04-06 14:30 - 00997566 _____ C:\Users\Dan\Downloads\Air-for-Steam-2016-0403.zip
2016-04-05 21:43 - 2016-04-05 21:43 - 00000745 _____ C:\Users\Dan\Downloads\history.csv
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Tokyo Dawn Labs
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Plogue Art et Technologie, Inc
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Plogue
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\helmplugin
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Helm
2016-04-03 16:47 - 2016-04-03 16:47 - 00718497 _____ C:\WINDOWS\unins002.exe
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\Program Files\Steinberg
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\Program Files\Helm
2016-04-03 16:45 - 2016-04-03 16:48 - 00134728 _____ C:\WINDOWS\unins002.dat
2016-04-03 16:44 - 2016-04-03 16:44 - 11782888 _____ (Plogue ) C:\Users\Dan\Downloads\WIN_AlterEgo_v1.070.exe
2016-04-03 16:44 - 2016-04-03 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue
2016-04-03 16:44 - 2016-04-03 16:44 - 00000000 ____D C:\Program Files\Plogue
2016-04-03 16:43 - 2016-04-03 16:45 - 293345972 _____ (One Small Clue ) C:\Users\Dan\Downloads\Setup_Grace_Factory_Content.exe
2016-04-03 16:43 - 2016-04-03 16:43 - 00720033 _____ C:\WINDOWS\unins001.exe
2016-04-03 16:43 - 2016-04-03 16:43 - 00009181 _____ C:\WINDOWS\unins001.dat
2016-04-03 16:43 - 2016-04-03 16:43 - 00000000 ____D C:\ProgramData\One Small Clue
2016-04-03 16:43 - 2013-10-09 13:18 - 00233984 _____ C:\WINDOWS\SysWOW64\r8bsrc.dll
2016-04-03 16:43 - 2011-05-25 23:32 - 00132096 _____ C:\WINDOWS\SysWOW64\MtxVecSpld.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00065536 _____ C:\WINDOWS\SysWOW64\MtxVecLapackd.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00057344 _____ C:\WINDOWS\SysWOW64\MtxVecSparsed.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00013312 _____ C:\WINDOWS\SysWOW64\MtxVecVML4d.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00010240 _____ C:\WINDOWS\SysWOW64\MtxVecVMLd.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00008704 _____ C:\WINDOWS\SysWOW64\MtxVecRandom.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00008704 _____ C:\WINDOWS\SysWOW64\MtxVecFFT.lib
2016-04-03 16:43 - 2011-05-24 00:59 - 05540352 _____ C:\WINDOWS\SysWOW64\MtxVec.Spld4.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 13887488 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Fft.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 10766848 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Lapack4d.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 06381568 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Vmld.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 06333440 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Random.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 02381312 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Sparse4d.dll
2016-04-03 16:43 - 2010-01-06 23:33 - 02474496 _____ C:\WINDOWS\SysWOW64\MtxVec.Vml4d.dll
2016-04-03 16:43 - 2001-06-06 13:59 - 00019968 _____ C:\WINDOWS\SysWOW64\bdsp.lib
2016-04-03 16:43 - 2001-06-06 13:56 - 00479232 _____ C:\WINDOWS\SysWOW64\bdsp.dll
2016-04-03 16:41 - 2016-04-03 16:41 - 01329536 _____ (Alex Hilton / A1AUDIO ) C:\Users\Dan\Downloads\A1TriggerGate-WinRTAS-v1.0.0-Setup.exe
2016-04-03 16:41 - 2016-04-03 16:41 - 00000000 ____D C:\Users\Dan\AppData\Roaming\A1AUDIO.de
2016-04-03 16:41 - 2016-04-03 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1AUDIO
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\Users\Dan\Downloads\MJUCjr-win-installer
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MJUCjr
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\Program Files\Klanghelm
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LVC-Audio
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\Program Files\LVC-Audio
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2016-04-03 16:36 - 2016-04-03 16:36 - 00000000 ____D C:\Users\Dan\Downloads\LimitedZ-1.0.1-Win
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\ProgramData\Tokyo Dawn Labs
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tokyo Dawn Labs
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\Program Files\Tokyo Dawn Labs
2016-04-01 10:10 - 2016-04-13 08:54 - 00001342 _____ C:\Users\Public\Desktop\Command Center.lnk
2016-04-01 09:46 - 2016-04-13 10:02 - 00000000 ____D C:\AdwCleaner
2016-03-30 19:17 - 2016-03-30 19:17 - 00001549 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2016-03-30 19:12 - 2016-03-30 19:17 - 00000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2016-03-30 19:11 - 2016-03-30 19:11 - 00000000 ____D C:\Users\Dan\.thumbnails
2016-03-30 19:10 - 2016-03-31 10:15 - 00000000 ____D C:\Users\Dan\.gimp-2.8
2016-03-30 19:10 - 2016-03-30 19:10 - 00000689 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-03-30 19:10 - 2016-03-30 19:10 - 00000000 ____D C:\Users\Dan\AppData\Local\gegl-0.2
2016-03-30 19:10 - 2016-03-30 19:10 - 00000000 ____D C:\Users\Dan\AppData\Local\fontconfig
2016-03-29 12:09 - 2016-04-07 09:16 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2016-03-29 12:08 - 2016-03-29 12:08 - 02691400 _____ (Safer-Networking Ltd. ) C:\Users\Dan\Downloads\SpybotAntiBeacon-1.5-setup.exe
2016-03-29 08:20 - 2016-04-01 09:51 - 00000000 ____D C:\Users\Dan\AppData\Roaming\SlimCleaner
2016-03-28 09:07 - 2016-03-28 09:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\HMYGSetting
2016-03-28 09:07 - 2016-03-28 09:07 - 00000000 ____D C:\Users\Dan\.android
2016-03-28 09:06 - 2016-03-28 09:22 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2016-03-28 09:06 - 2016-03-28 09:22 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-03-28 09:06 - 2016-03-28 09:07 - 00000000 ____D C:\ProgramData\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\Users\Dan\AppData\Local\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-03-28 09:06 - 2015-12-26 10:18 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-03-27 19:04 - 2016-03-27 19:04 - 00002357 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-26 22:53 - 2016-04-01 09:55 - 47718584 _____ C:\Users\Dan\Downloads\DiscordSetup.exe
2016-03-26 22:53 - 2016-03-26 22:53 - 00002223 _____ C:\Users\Dan\Desktop\Discord.lnk
2016-03-26 22:53 - 2016-03-26 22:53 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-03-26 22:53 - 2016-03-26 22:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Discord
2016-03-26 19:31 - 2016-03-26 19:31 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-26 19:29 - 2016-04-12 07:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-26 19:29 - 2016-03-26 19:29 - 03286208 _____ (Microsoft Corporation) C:\Users\Dan\Downloads\Setup.X86.en-US_O365HomePremRetail_6f22fb0e-733c-4432-b111-c0bc04af8229_TX_DB_.exe
2016-03-26 19:29 - 2016-03-26 19:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-25 21:29 - 2016-03-25 21:29 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-25 21:29 - 2016-03-25 21:29 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-25 12:43 - 2016-03-25 12:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Google
2016-03-25 12:40 - 2016-04-03 12:40 - 00000000 ____D C:\ProgramData\Google
2016-03-25 12:37 - 2016-03-25 12:38 - 450071920 _____ C:\Users\Dan\Downloads\nikcollection-full-1.2.11.exe
2016-03-24 09:43 - 2016-04-13 09:54 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PlaysTV
2016-03-24 09:43 - 2016-03-24 09:44 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Raptr
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\library_dir
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-23 14:54 - 2016-03-23 14:54 - 00000000 ____D C:\Program Files (x86)\directx
2016-03-19 17:55 - 2016-03-19 17:57 - 00000000 ____D C:\Users\Dan\Downloads\adt_vst_win_v1.0.5
2016-03-19 17:43 - 2016-03-19 17:43 - 00000000 ____D C:\Users\Dan\Downloads\Melodyne.4.0.4.001.danielmeredithbutler
2016-03-18 16:44 - 2011-01-25 13:26 - 00051896 _____ C:\Users\Dan\Downloads\cs_regular.ttf
2016-03-18 13:13 - 2016-04-01 09:50 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2016-03-18 10:43 - 2016-03-18 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2016-03-17 11:09 - 2015-12-14 23:24 - 00130880 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2016-03-17 11:09 - 2015-09-22 23:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-03-17 11:08 - 2016-03-17 11:09 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2016-03-17 11:08 - 2016-03-17 11:08 - 00000000 ____D C:\Program Files\Razer Chroma SDK
2016-03-17 10:28 - 2016-03-17 11:09 - 00000000 ____D C:\Program Files (x86)\Razer
2016-03-17 10:28 - 2016-03-17 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-03-15 20:01 - 2016-03-15 20:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Uber Entertainment
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 09:58 - 2015-11-25 09:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 09:58 - 2015-11-15 21:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 09:58 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 09:55 - 2016-02-14 23:55 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-13 09:54 - 2016-02-01 21:30 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 09:53 - 2015-11-25 09:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 09:53 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 09:35 - 2016-02-01 21:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 08:53 - 2016-02-03 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-13 08:42 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 08:42 - 2014-07-26 03:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Packages
2016-04-13 08:39 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 20:03 - 2015-10-26 19:57 - 00000000 ____D C:\Users\Dan\AppData\Roaming\TS3Client
2016-04-12 20:02 - 2016-01-15 23:12 - 00000000 ____D C:\some bleep i just did
2016-04-12 19:09 - 2015-03-12 21:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
2016-04-12 10:52 - 2016-01-01 15:14 - 00000000 ____D C:\Users\Dan\AppData\Local\Spotify
2016-04-12 10:49 - 2016-01-01 15:14 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Spotify
2016-04-12 07:58 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-11 17:29 - 2015-04-19 23:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Celemony Software GmbH
2016-04-11 17:05 - 2015-08-23 08:54 - 00000000 ____D C:\Cakewalk Projects
2016-04-11 17:01 - 2015-05-14 09:36 - 00001192 _____ C:\Users\Public\Desktop\Dimension Pro x64.lnk
2016-04-11 15:54 - 2015-11-25 09:59 - 00000000 ____D C:\Users\Dan\AppData\Local\Comms
2016-04-11 14:46 - 2014-08-01 21:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-11 12:33 - 2016-02-24 21:41 - 00000000 ____D C:\Users\Dan\AppData\Local\LANDR
2016-04-11 12:33 - 2015-11-25 09:40 - 00000000 ____D C:\Users\Dan
2016-04-11 12:26 - 2016-01-30 12:19 - 00001426 _____ C:\Users\Public\Desktop\Rapture Session 64-bit.lnk
2016-04-11 11:12 - 2015-04-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2016-04-11 08:23 - 2015-06-04 22:01 - 00000615 _____ C:\Users\Dan\Desktop\The Elder Scrolls Online.lnk
2016-04-10 21:29 - 2014-08-23 11:37 - 00018432 _____ C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-09 15:15 - 2015-08-28 07:03 - 00000000 ____D C:\Users\Dan\.oracle_jre_usage
2016-04-09 15:13 - 2015-04-11 14:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 15:11 - 2015-04-27 14:07 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-09 15:06 - 2014-08-19 10:13 - 00000000 ____D C:\ProgramData\Oracle
2016-04-09 14:49 - 2016-02-28 13:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-09 14:41 - 2016-01-23 01:03 - 00000000 ____D C:\Users\Dan\AppData\Roaming\.minecraft
2016-04-07 12:31 - 2015-11-15 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 12:31 - 2015-11-15 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 09:05 - 2014-09-04 16:21 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2016-04-05 21:50 - 2015-05-14 10:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Applied Acoustics Systems
2016-04-05 14:37 - 2014-09-14 15:55 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-04 23:48 - 2014-08-26 15:39 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Audacity
2016-04-04 08:11 - 2016-01-31 10:53 - 00401440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-03 16:46 - 2015-04-19 23:48 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-04-03 16:42 - 2015-05-21 08:09 - 00000000 ____D C:\Program Files\VstPlugIns
2016-04-03 16:42 - 2015-05-21 07:54 - 00000000 ____D C:\ProgramData\Audio Damage
2016-04-03 12:40 - 2014-07-29 09:44 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-01 14:22 - 2014-08-01 07:45 - 00000000 ____D C:\ProgramData\Origin
2016-04-01 14:11 - 2014-08-01 07:45 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-30 13:23 - 2014-08-01 15:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Awesomium
2016-03-29 20:00 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Dan\AppData\Roaming\OBS
2016-03-29 14:38 - 2015-06-19 09:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2016-03-29 12:09 - 2015-04-10 23:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-03-26 22:53 - 2016-03-02 09:19 - 00000000 ____D C:\Users\Dan\AppData\Local\SquirrelTemp
2016-03-26 19:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 16:22 - 2015-08-18 11:26 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2016-03-25 20:57 - 2015-05-07 15:58 - 00001186 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2016-03-25 12:41 - 2014-07-29 09:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Google
2016-03-25 12:41 - 2014-07-26 03:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2016-03-24 09:30 - 2016-02-21 10:53 - 00001343 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2016.lnk
2016-03-23 14:36 - 2016-01-23 01:03 - 00001038 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-03-23 12:33 - 2014-10-19 12:55 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Kodi
2016-03-21 19:14 - 2015-06-04 20:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-21 19:14 - 2015-03-12 21:01 - 00000000 ____D C:\ProgramData\Skype
2016-03-19 17:44 - 2015-04-19 23:48 - 00000000 ____D C:\Program Files (x86)\Celemony
2016-03-18 11:41 - 2014-09-10 14:48 - 00000000 ____D C:\Users\Dan\AppData\Local\Battle.net
2016-03-18 10:46 - 2014-09-10 14:48 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Battle.net
2016-03-18 10:44 - 2014-09-10 14:46 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-17 11:09 - 2015-11-15 10:50 - 00000000 ____D C:\ProgramData\Razer
2016-03-17 10:08 - 2015-11-15 10:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Razer
2016-03-14 22:45 - 2016-03-04 15:44 - 00000000 ____D C:\Users\Dan\AppData\Roaming\MeldaProduction
2016-03-14 16:08 - 2016-02-11 13:18 - 00000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2016-03-14 08:49 - 2014-08-04 09:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-14 08:49 - 2014-08-04 09:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-08-23 11:37 - 2016-04-10 21:29 - 0018432 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-30 19:17 - 2016-03-30 19:17 - 0001549 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2015-01-17 11:09 - 2015-10-19 13:18 - 0007602 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2015-04-09 08:26 - 2015-04-09 08:27 - 0011546 _____ () C:\Users\Dan\AppData\Local\Temp-log.txt
2016-02-02 13:26 - 2016-02-02 13:30 - 0000024 _____ () C:\ProgramData\.BusDriver
2015-04-15 16:09 - 2015-04-15 16:09 - 0266293 _____ () C:\ProgramData\1429110562.bdinstall.bin
2015-05-21 08:13 - 2016-03-04 15:36 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-04-11 14:46 - 2016-04-11 14:46 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
C:\Users\Dan\AppData\Local\Temp\libeay32.dll
C:\Users\Dan\AppData\Local\Temp\msvcr120.dll
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-12 07:59
 
==================== End of FRST.txt ============================
 
 
# AdwCleaner v5.110 - Logfile created 13/04/2016 at 09:52:12
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Dan - BEAST
# Running from : C:\Users\Dan\Downloads\adwcleaner_5.110.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Amazon Browser Settings
Folder Found : C:\Users\Dan\AppData\Local\Amazon Browser Settings
 
***** [ Files ] *****
 
File Found : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage
File Found : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : DistromaticSearchProtect-logon
Task Found : DistromaticUpdater-periodic
Task Found : DistromaticSearchProtect-hourly
Task Found : DistromaticUpdater-logon
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Found : HKCU\Software\distromatic
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
Key Found : HKU\S-1-5-21-105014023-2738048968-2884344003-1001\Software\distromatic
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
 
***** [ Web browsers ] *****
 
[C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2217 bytes] - [01/04/2016 09:53:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [2154 bytes] - [01/04/2016 09:46:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [2175 bytes] - [01/04/2016 09:51:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [2267 bytes] - [13/04/2016 09:52:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2340 bytes] ##########
 
 

Attached Files



#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:43 AM

Posted 13 April 2016 - 07:10 AM

Hi, the geekfreak! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

For the record, you double-posted this topic, so I merged it into one for cleanliness. :)

 

The AdwCleaner log you provided seems to be from before you deleted anything, but considering that you said that you did in fact clean with it, I'll assume everything there has been removed.

 

I don't see anything of notable alarm on your system, but you have numerous orphans and junk files I would like to get rid of.

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    GroupPolicyScripts: Restriction <======= ATTENTION
    Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
    Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
    Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
    Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
    C:\Users\Dan\Downloads\adguardInstaller.exe
    C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
    C:\ProgramData\fontcacheev1.dat
    C:\Users\Dan\Downloads\jre-8u77-windows-x64.exe
    C:\WINDOWS\system32\REN56AE.tmp
    C:\Users\Dan\Downloads\jre-8u45-windows-x64 (2).exe
    C:\WINDOWS\system32\REN224F.tmp
    C:\Users\Dan\Downloads\JavaSetup8u77.exe
    C:\Users\Dan\Downloads\jre-8u45-windows-x64 (1).exe
    C:\WINDOWS\system32\REN38D2.tmp
    C:\WINDOWS\system32\REN1D4B.tmp
    C:\Users\Dan\Downloads\jre-8u45-windows-x64.exe
    C:\WINDOWS\unins002.exe
    C:\WINDOWS\unins002.dat
    C:\Users\Dan\Downloads\WIN_AlterEgo_v1.070.exe
    C:\Users\Dan\Downloads\Setup_Grace_Factory_Content.exe
    C:\WINDOWS\unins001.exe
    C:\WINDOWS\unins001.dat
    C:\Users\Dan\Downloads\A1TriggerGate-WinRTAS-v1.0.0-Setup.exe
    C:\Program Files (x86)\Spybot Anti-Beacon
    C:\Users\Dan\Downloads\SpybotAntiBeacon-1.5-setup.exe
    C:\Users\Dan\Downloads\DiscordSetup.exe
    C:\Users\Dan\Downloads\Setup.X86.en-US_O365HomePremRetail_6f22fb0e-733c-4432-b111-c0bc04af8229_TX_DB_.exe
    C:\Users\Dan\Downloads\nikcollection-full-1.2.11.exe
    C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    C:\Users\Dan\AppData\Local\Temp-log.txt
    C:\ProgramData\1429110562.bdinstall.bin
    C:\Users\Dan\AppData\Local\Temp\avgnt.exe
    C:\Users\Dan\AppData\Local\Temp\libeay32.dll
    C:\Users\Dan\AppData\Local\Temp\msvcr120.dll
    C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
    Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden
    Contents64 (Version: 18.0.0.181 - Corel Corporation) Hidden
    Corel VideoStudio Pro Title Pack (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    ICA (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
    IPM_VS_Pro64 (Version: 18.0 - Corel Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    proDAD Adorage 3.0 (64bit) (Version: 3.0.110.2 - proDAD GmbH) Hidden
    proDAD Mercalli 2.0 (64bit) (Version: 2.0.120 - proDAD GmbH) Hidden
    proDAD Route 4.0 (64bit) (Version: 4.0.233.1 - proDAD GmbH) Hidden
    proDAD Script 4.0 (64bit) (Version: 4.0.233.1 - proDAD GmbH) Hidden
    proDAD Vitascene 2.0 (64bit) (Version: 2.0.233 - proDAD GmbH) Hidden
    Setup (x32 Version: 17.1.0.37 - Corel Corporation) Hidden
    Setup (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
    Share64 (Version: 18.0.0.181 - Corel Corporation) Hidden
    SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
    VSClassic64 (Version: 18.0.0.181 - Corel Corporation) Hidden
    VSUltimate64 (Version: 18.0.0.181 - Corel Corporation) Hidden
    Task: {0C9E3121-BEED-45F9-A792-387AE1E25A37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1A7F4FA2-5A47-42AF-BCDE-FE5DC3B8DE88} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {23FB8143-6583-4176-A71E-4F1EC63C0810} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {250786F7-36E2-4A7A-8D57-F36D8F1CE413} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {317A60D0-395A-4DDE-A267-03A50C8D4D8C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {49CFCF6D-C0CB-4BD5-A633-B6A412A44ED1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
    Task: {4AC59B54-7CD8-46FD-B383-81C0215477EC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {792B6BC0-6947-4E02-BA04-276A997EFAD5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {A3843458-0C86-4502-B99E-685A7AB43C2F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {ACE85687-2711-48D1-8E6E-5968BD37C043} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {AF18CA69-5A85-4387-92D3-F7E8FA390395} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B4FE5E90-1E4B-4A00-8BE6-E585F4EBDFC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    IE trusted site: HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\amazon.co.uk -> hxxps://amazon.co.uk
    IE trusted site: HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\amazon.co.uk -> hxxps://amazon.co.uk
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

 

It seems you have Amazon 1Button App installed, but if you found the process "suspicious," I can assume you didn't do so yourself. With the previous fix, I've un-hidden its installation entry, so you should be able to uninstall it now. Also, System Requirements Lab Detection is pretty much useless after you use it once, so I'd advise removing it for cleanliness.

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

If you want to use Programs and Features:

  • Right click on the Windows logo on the left corner of your screen, click Control Panel, and then Uninstall a program.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Amazon 1Button App

    System Requirements Lab Detection
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Open Revo Uninstaller, and once it loads all the programs, uninstall the following, if present, one at a time:
    Amazon 1Button App
    System Requirements Lab Detection
  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Final Notes

 

I see you've disabled numerous items in the Task Manager:

HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BGPKiller.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ControlCenterCount"
HKLM\...\StartupApproved\Run32: => "InstallerLauncher"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "Sound Blaster Recon3D SBX Control Panel"
HKLM\...\StartupApproved\Run32: => "OODefragTray"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\StartupApproved\StartupFolder: => "LCore - Shortcut.lnk"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "LCore - Shortcut.lnk"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "MP3 Skype recorder"

 

As you can see, this method is rather messy and still leaves entries behind. I'd be happy to use FRST to delete the entries entirely, without disturbing the files. So, if you'd like me to do so, please re-enable all of these entries.

 

Regardless of your decision regarding the startup entries, please run a new FRST scan after all of this is done, and post the fresh log for my review. :)

 

How'd all that go? Are you having any problems?
 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:43 AM

Posted 13 April 2016 - 07:11 AM

sorry, didn't realize someone already picked up this thread. Please disregard this post.


Edited by loki2007, 13 April 2016 - 07:12 AM.

 
Member of the Bleeping Computer A.I.I. early response team!

#5 the geekfreak

the geekfreak
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:swansea uk
  • Local time:04:43 AM

Posted 13 April 2016 - 07:40 AM

Did all that , some of the startup entries you mention are no longer there allowing me to enable them so i think i will just leave that part for now .

 

Here is the new FRST logs 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Dan (administrator) on BEAST (13-04-2016 13:37:26)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-11] (Spotify Ltd)
HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-03-02] (Performix LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{25854896-eb1c-49bc-bad2-0150b95211f4}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{a88fd2df-9ea2-453e-aa57-aef6b1b1c768}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-105014023-2738048968-2884344003-1001 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-03] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default\Extensions\abs@avira.com [2015-06-11] [not signed]
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\gKToqDbf.default\Extensions\abs@avira.com.xpi [2016-02-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-03-22]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [150008 2016-03-02] (Performix LLC)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
S3 GalaxyClientService; E:\GalaxyClient\GalaxyClientService.exe [1616440 2015-12-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-03-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-01] (Electronic Arts)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-05-15] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-06-21] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-29] (A-Volute) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [60016 2016-02-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-15] (REALiX™)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [260096 2014-04-16] ()
S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-29] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 13:37 - 2016-04-13 13:37 - 00018420 _____ C:\Users\Dan\Desktop\FRST.txt
2016-04-13 13:30 - 2016-04-13 13:30 - 00000259 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2016-04-13 13:30 - 2016-04-13 13:30 - 00000259 _____ C:\ProgramData\fontcacheev1.dat
2016-04-13 12:35 - 2016-04-06 19:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 12:35 - 2016-04-06 19:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 10:06 - 2016-04-13 13:37 - 00000000 ____D C:\FRST
2016-04-13 09:59 - 2016-04-13 09:59 - 02375168 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-04-13 09:52 - 2016-04-13 09:52 - 03465280 _____ C:\Users\Dan\Downloads\adwcleaner_5.110.exe
2016-04-13 08:41 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 08:41 - 2016-03-29 09:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 08:41 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 08:41 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 08:41 - 2016-03-29 08:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 08:41 - 2016-03-29 08:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 08:41 - 2016-03-29 08:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 08:41 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 08:41 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 08:41 - 2016-03-29 08:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 08:41 - 2016-03-29 07:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 08:41 - 2016-03-29 07:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 08:41 - 2016-03-29 07:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 08:41 - 2016-03-29 07:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 08:41 - 2016-03-29 07:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 08:41 - 2016-03-29 06:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 08:41 - 2016-03-29 06:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 08:41 - 2016-03-29 06:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 08:40 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 08:40 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 08:40 - 2016-04-02 05:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 08:40 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 08:40 - 2016-04-02 04:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 08:40 - 2016-04-02 04:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 08:40 - 2016-04-02 04:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 08:40 - 2016-04-02 04:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 08:40 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 08:40 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 08:40 - 2016-04-02 04:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 08:40 - 2016-04-02 04:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 08:40 - 2016-04-02 04:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 08:40 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 08:40 - 2016-04-02 04:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 08:40 - 2016-04-02 04:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 08:40 - 2016-04-02 04:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 08:40 - 2016-04-02 04:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 08:40 - 2016-04-02 04:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 08:40 - 2016-04-02 04:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 08:40 - 2016-04-02 04:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 08:40 - 2016-04-02 04:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 08:40 - 2016-04-02 04:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 08:40 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 08:40 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 08:40 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 08:40 - 2016-03-29 11:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 08:40 - 2016-03-29 11:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 08:40 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 08:40 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 08:40 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 08:40 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 08:40 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 08:40 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 08:40 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 08:40 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 08:40 - 2016-03-29 10:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 08:40 - 2016-03-29 10:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 08:40 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 08:40 - 2016-03-29 10:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 08:40 - 2016-03-29 10:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 08:40 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 08:40 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 08:40 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 08:40 - 2016-03-29 10:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 08:40 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 08:40 - 2016-03-29 10:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 08:40 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 08:40 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 08:40 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 08:40 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 08:40 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 08:40 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 08:40 - 2016-03-29 09:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 08:40 - 2016-03-29 09:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 08:40 - 2016-03-29 09:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 08:40 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 08:40 - 2016-03-29 09:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 08:40 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 08:40 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 08:40 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 08:40 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 08:40 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 08:40 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 08:40 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 08:40 - 2016-03-29 09:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 08:40 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 08:40 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 08:40 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 08:40 - 2016-03-29 09:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 08:40 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 08:40 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 08:40 - 2016-03-29 09:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 08:40 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 08:40 - 2016-03-29 09:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 08:40 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 08:40 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 08:40 - 2016-03-29 09:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 08:40 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 08:40 - 2016-03-29 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 08:40 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 08:40 - 2016-03-29 08:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 08:40 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 08:40 - 2016-03-29 08:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 08:40 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 08:40 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 08:40 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 08:40 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 08:40 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 08:40 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 08:40 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 08:40 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 08:40 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 08:40 - 2016-03-29 08:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 08:40 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 08:40 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 08:40 - 2016-03-29 08:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 08:40 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 08:40 - 2016-03-29 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 08:40 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 08:40 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 08:40 - 2016-03-29 08:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 08:40 - 2016-03-29 08:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 08:40 - 2016-03-29 08:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 08:40 - 2016-03-29 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 08:40 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 08:40 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 08:40 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 08:40 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 08:40 - 2016-03-29 08:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 08:40 - 2016-03-29 08:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 08:40 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 08:40 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 08:40 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 08:40 - 2016-03-29 08:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 08:40 - 2016-03-29 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 08:40 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 08:40 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 08:40 - 2016-03-29 08:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 08:40 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 08:40 - 2016-03-29 08:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 08:40 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 08:40 - 2016-03-29 08:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 08:40 - 2016-03-29 08:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 08:40 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 08:40 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 08:40 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 08:40 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 08:40 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 08:40 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 08:40 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 08:40 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 08:40 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 08:40 - 2016-03-29 08:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 08:40 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 08:40 - 2016-03-29 08:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 08:40 - 2016-03-29 08:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 08:40 - 2016-03-29 08:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 08:40 - 2016-03-29 08:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 08:40 - 2016-03-29 08:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 08:40 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 08:40 - 2016-03-29 08:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 08:40 - 2016-03-29 08:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 08:40 - 2016-03-29 08:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 08:40 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 08:40 - 2016-03-29 08:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 08:40 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 08:40 - 2016-03-29 08:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 08:40 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 08:40 - 2016-03-29 08:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 08:40 - 2016-03-29 08:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 08:40 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 08:40 - 2016-03-29 08:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 08:40 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 08:40 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 08:40 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 08:40 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 08:40 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 08:40 - 2016-03-29 08:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 08:40 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 08:40 - 2016-03-29 08:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 08:40 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 08:40 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 08:40 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 08:40 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 08:40 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 08:40 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 08:40 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 08:40 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 08:40 - 2016-03-29 08:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 08:40 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 08:40 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 08:40 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 08:40 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 08:40 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 08:40 - 2016-03-29 07:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 08:40 - 2016-03-29 07:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 08:40 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 08:40 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 08:40 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 08:40 - 2016-03-29 07:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 08:40 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 08:40 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 08:40 - 2016-03-29 07:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 08:40 - 2016-03-29 07:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 08:40 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 08:40 - 2016-03-29 07:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 08:40 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 08:40 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 08:40 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 08:40 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 08:40 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 08:40 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 08:40 - 2016-03-29 07:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 08:40 - 2016-03-29 07:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 08:40 - 2016-03-29 07:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 08:40 - 2016-03-29 07:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 08:40 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 08:40 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 08:40 - 2016-03-29 07:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 08:40 - 2016-03-29 07:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 08:40 - 2016-03-29 07:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 08:40 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 08:40 - 2016-03-29 07:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 08:40 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 08:40 - 2016-03-29 07:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 08:40 - 2016-03-29 07:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 08:40 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 08:40 - 2016-03-29 07:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 08:40 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 08:40 - 2016-03-29 07:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 08:40 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 08:40 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 08:40 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 08:40 - 2016-03-29 07:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 08:40 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 08:40 - 2016-03-29 07:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 08:40 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 08:40 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 08:40 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 08:40 - 2016-03-29 07:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 08:40 - 2016-03-29 07:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 08:40 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 08:40 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 08:40 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 08:40 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 08:40 - 2016-03-29 07:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 08:40 - 2016-03-29 07:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 08:40 - 2016-03-29 07:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 08:40 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 08:40 - 2016-03-29 07:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 08:40 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 08:40 - 2016-03-29 07:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 08:40 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 08:40 - 2016-03-29 07:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 08:40 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 08:40 - 2016-03-29 07:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 08:40 - 2016-03-29 06:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 08:40 - 2016-03-29 06:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 08:40 - 2016-03-29 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 08:40 - 2016-03-29 06:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 08:40 - 2016-03-29 06:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 08:40 - 2016-03-29 06:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 08:40 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 08:40 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 08:40 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 08:40 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 08:40 - 2016-03-29 06:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 08:40 - 2016-03-29 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 08:40 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 08:40 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 08:40 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 08:40 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 08:40 - 2016-03-29 06:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 08:40 - 2016-03-29 06:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 08:40 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 08:40 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 08:40 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 08:40 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 08:40 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 08:40 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-11 20:49 - 2016-04-11 20:49 - 00000000 ____D C:\Users\Dan\Desktop\~Junk
2016-04-11 17:05 - 2016-04-13 08:58 - 00002107 _____ C:\Users\Public\Desktop\SONAR Platinum.lnk
2016-04-11 14:46 - 2016-04-13 13:36 - 00000000 ____D C:\ProgramData\Adguard
2016-04-11 14:46 - 2016-04-13 13:30 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-04-11 14:46 - 2016-04-11 14:46 - 00000998 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-04-11 14:46 - 2016-04-11 14:46 - 00000259 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Performix LLC
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\Performix_LLC
2016-04-11 14:46 - 2016-04-11 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-04-11 14:46 - 2016-02-28 01:44 - 00060016 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2016-04-11 12:33 - 2016-04-11 12:33 - 00001132 _____ C:\Users\Public\Desktop\LANDR.lnk
2016-04-11 12:33 - 2016-04-11 12:33 - 00000000 ___SD C:\Users\Dan\LANDR Bounces
2016-04-11 12:33 - 2016-04-11 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LANDR
2016-04-11 12:30 - 2016-04-11 12:30 - 00000000 ____D C:\$SysReset
2016-04-09 15:28 - 2016-04-09 15:28 - 00245486 _____ C:\Users\Dan\Downloads\ArchimedesShips-1.7.1.jar
2016-04-09 15:15 - 2016-04-09 15:15 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-09 15:15 - 2016-04-09 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-09 15:15 - 2016-04-09 15:15 - 00000000 ____D C:\Program Files\Java
2016-04-09 14:45 - 2016-04-12 15:41 - 00000000 ____D C:\ftb
2016-04-09 14:44 - 2016-04-12 16:01 - 00000000 ____D C:\Users\Dan\AppData\Local\ftblauncher
2016-04-09 14:44 - 2016-04-09 14:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\ftblauncher
2016-04-09 14:44 - 2016-04-09 14:44 - 07561844 _____ C:\Users\Dan\Downloads\FTB_Launcher.exe
2016-04-09 14:43 - 2016-04-09 14:43 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-09 14:43 - 2016-04-09 14:43 - 00001032 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-04-07 12:31 - 2016-04-13 09:57 - 00001187 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 12:31 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-07 12:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-07 12:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-06 14:32 - 2016-04-06 14:32 - 05218644 _____ C:\Users\Dan\Downloads\Red Flare V1.4.19.zip
2016-04-06 14:29 - 2016-04-06 14:30 - 00997566 _____ C:\Users\Dan\Downloads\Air-for-Steam-2016-0403.zip
2016-04-05 21:43 - 2016-04-05 21:43 - 00000745 _____ C:\Users\Dan\Downloads\history.csv
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Tokyo Dawn Labs
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Plogue Art et Technologie, Inc
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Plogue
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\helmplugin
2016-04-03 16:49 - 2016-04-03 16:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Helm
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\Program Files\Steinberg
2016-04-03 16:46 - 2016-04-03 16:46 - 00000000 ____D C:\Program Files\Helm
2016-04-03 16:44 - 2016-04-03 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue
2016-04-03 16:44 - 2016-04-03 16:44 - 00000000 ____D C:\Program Files\Plogue
2016-04-03 16:43 - 2016-04-03 16:43 - 00000000 ____D C:\ProgramData\One Small Clue
2016-04-03 16:43 - 2013-10-09 13:18 - 00233984 _____ C:\WINDOWS\SysWOW64\r8bsrc.dll
2016-04-03 16:43 - 2011-05-25 23:32 - 00132096 _____ C:\WINDOWS\SysWOW64\MtxVecSpld.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00065536 _____ C:\WINDOWS\SysWOW64\MtxVecLapackd.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00057344 _____ C:\WINDOWS\SysWOW64\MtxVecSparsed.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00013312 _____ C:\WINDOWS\SysWOW64\MtxVecVML4d.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00010240 _____ C:\WINDOWS\SysWOW64\MtxVecVMLd.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00008704 _____ C:\WINDOWS\SysWOW64\MtxVecRandom.lib
2016-04-03 16:43 - 2011-05-25 23:32 - 00008704 _____ C:\WINDOWS\SysWOW64\MtxVecFFT.lib
2016-04-03 16:43 - 2011-05-24 00:59 - 05540352 _____ C:\WINDOWS\SysWOW64\MtxVec.Spld4.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 13887488 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Fft.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 10766848 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Lapack4d.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 06381568 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Vmld.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 06333440 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Random.dll
2016-04-03 16:43 - 2010-01-08 01:25 - 02381312 _____ (DewResearch) C:\WINDOWS\SysWOW64\MtxVec.Sparse4d.dll
2016-04-03 16:43 - 2010-01-06 23:33 - 02474496 _____ C:\WINDOWS\SysWOW64\MtxVec.Vml4d.dll
2016-04-03 16:43 - 2001-06-06 13:59 - 00019968 _____ C:\WINDOWS\SysWOW64\bdsp.lib
2016-04-03 16:43 - 2001-06-06 13:56 - 00479232 _____ C:\WINDOWS\SysWOW64\bdsp.dll
2016-04-03 16:41 - 2016-04-03 16:41 - 00000000 ____D C:\Users\Dan\AppData\Roaming\A1AUDIO.de
2016-04-03 16:41 - 2016-04-03 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1AUDIO
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\Users\Dan\Downloads\MJUCjr-win-installer
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MJUCjr
2016-04-03 16:40 - 2016-04-03 16:40 - 00000000 ____D C:\Program Files\Klanghelm
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LVC-Audio
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\Program Files\LVC-Audio
2016-04-03 16:37 - 2016-04-03 16:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2016-04-03 16:36 - 2016-04-03 16:36 - 00000000 ____D C:\Users\Dan\Downloads\LimitedZ-1.0.1-Win
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\ProgramData\Tokyo Dawn Labs
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tokyo Dawn Labs
2016-04-03 16:35 - 2016-04-03 16:35 - 00000000 ____D C:\Program Files\Tokyo Dawn Labs
2016-04-01 10:10 - 2016-04-13 08:54 - 00001342 _____ C:\Users\Public\Desktop\Command Center.lnk
2016-04-01 09:46 - 2016-04-13 10:02 - 00000000 ____D C:\AdwCleaner
2016-03-30 19:17 - 2016-03-30 19:17 - 00001549 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2016-03-30 19:12 - 2016-03-30 19:17 - 00000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2016-03-30 19:11 - 2016-03-30 19:11 - 00000000 ____D C:\Users\Dan\.thumbnails
2016-03-30 19:10 - 2016-03-31 10:15 - 00000000 ____D C:\Users\Dan\.gimp-2.8
2016-03-30 19:10 - 2016-03-30 19:10 - 00000689 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-03-30 19:10 - 2016-03-30 19:10 - 00000000 ____D C:\Users\Dan\AppData\Local\gegl-0.2
2016-03-30 19:10 - 2016-03-30 19:10 - 00000000 ____D C:\Users\Dan\AppData\Local\fontconfig
2016-03-29 08:20 - 2016-04-01 09:51 - 00000000 ____D C:\Users\Dan\AppData\Roaming\SlimCleaner
2016-03-28 09:07 - 2016-03-28 09:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\HMYGSetting
2016-03-28 09:07 - 2016-03-28 09:07 - 00000000 ____D C:\Users\Dan\.android
2016-03-28 09:06 - 2016-03-28 09:22 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2016-03-28 09:06 - 2016-03-28 09:22 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-03-28 09:06 - 2016-03-28 09:07 - 00000000 ____D C:\ProgramData\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\Users\Dan\AppData\Local\Wondershare
2016-03-28 09:06 - 2016-03-28 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-03-28 09:06 - 2015-12-26 10:18 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-03-27 19:04 - 2016-03-27 19:04 - 00002357 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-26 22:53 - 2016-03-26 22:53 - 00002223 _____ C:\Users\Dan\Desktop\Discord.lnk
2016-03-26 22:53 - 2016-03-26 22:53 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-03-26 22:53 - 2016-03-26 22:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Discord
2016-03-26 19:31 - 2016-03-26 19:31 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-26 19:31 - 2016-03-26 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-26 19:29 - 2016-04-12 07:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-26 19:29 - 2016-03-26 19:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-25 21:29 - 2016-03-25 21:29 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-25 21:29 - 2016-03-25 21:29 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-25 12:43 - 2016-03-25 12:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Google
2016-03-25 12:40 - 2016-04-03 12:40 - 00000000 ____D C:\ProgramData\Google
2016-03-24 09:43 - 2016-04-13 13:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PlaysTV
2016-03-24 09:43 - 2016-03-24 09:44 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Raptr
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\library_dir
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-03-24 09:43 - 2016-03-24 09:43 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-23 14:54 - 2016-03-23 14:54 - 00000000 ____D C:\Program Files (x86)\directx
2016-03-19 17:55 - 2016-03-19 17:57 - 00000000 ____D C:\Users\Dan\Downloads\adt_vst_win_v1.0.5
2016-03-19 17:43 - 2016-03-19 17:43 - 00000000 ____D C:\Users\Dan\Downloads\Melodyne.4.0.4.001.danielmeredithbutler
2016-03-18 16:44 - 2011-01-25 13:26 - 00051896 _____ C:\Users\Dan\Downloads\cs_regular.ttf
2016-03-18 13:13 - 2016-04-01 09:50 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2016-03-18 10:43 - 2016-03-18 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2016-03-17 11:09 - 2015-12-14 23:24 - 00130880 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2016-03-17 11:09 - 2015-09-22 23:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-03-17 11:08 - 2016-03-17 11:09 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2016-03-17 11:08 - 2016-03-17 11:08 - 00000000 ____D C:\Program Files\Razer Chroma SDK
2016-03-17 10:28 - 2016-03-17 11:09 - 00000000 ____D C:\Program Files (x86)\Razer
2016-03-17 10:28 - 2016-03-17 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-03-15 20:01 - 2016-03-15 20:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Uber Entertainment
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 13:36 - 2015-11-25 09:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 13:36 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 13:35 - 2016-02-01 21:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 13:32 - 2016-02-14 23:55 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-13 13:31 - 2016-02-01 21:30 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 13:31 - 2015-11-25 09:40 - 00000000 ____D C:\Users\Dan
2016-04-13 13:30 - 2016-01-31 10:53 - 00401440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 13:30 - 2015-11-25 09:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 13:30 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-13 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-13 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 13:29 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-13 12:39 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 12:39 - 2014-07-29 10:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 12:35 - 2014-07-29 10:54 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 09:58 - 2015-11-15 21:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 08:53 - 2016-02-03 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-13 08:42 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 08:42 - 2014-07-26 03:01 - 00000000 ____D C:\Users\Dan\AppData\Local\Packages
2016-04-12 20:03 - 2015-10-26 19:57 - 00000000 ____D C:\Users\Dan\AppData\Roaming\TS3Client
2016-04-12 20:02 - 2016-01-15 23:12 - 00000000 ____D C:\some bleep i just did
2016-04-12 19:09 - 2015-03-12 21:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
2016-04-12 10:52 - 2016-01-01 15:14 - 00000000 ____D C:\Users\Dan\AppData\Local\Spotify
2016-04-12 10:49 - 2016-01-01 15:14 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Spotify
2016-04-12 07:58 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-11 17:29 - 2015-04-19 23:49 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Celemony Software GmbH
2016-04-11 17:05 - 2015-08-23 08:54 - 00000000 ____D C:\Cakewalk Projects
2016-04-11 17:01 - 2015-05-14 09:36 - 00001192 _____ C:\Users\Public\Desktop\Dimension Pro x64.lnk
2016-04-11 15:54 - 2015-11-25 09:59 - 00000000 ____D C:\Users\Dan\AppData\Local\Comms
2016-04-11 14:46 - 2014-08-01 21:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-11 12:33 - 2016-02-24 21:41 - 00000000 ____D C:\Users\Dan\AppData\Local\LANDR
2016-04-11 12:26 - 2016-01-30 12:19 - 00001426 _____ C:\Users\Public\Desktop\Rapture Session 64-bit.lnk
2016-04-11 11:12 - 2015-04-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2016-04-11 08:23 - 2015-06-04 22:01 - 00000615 _____ C:\Users\Dan\Desktop\The Elder Scrolls Online.lnk
2016-04-09 15:15 - 2015-08-28 07:03 - 00000000 ____D C:\Users\Dan\.oracle_jre_usage
2016-04-09 15:13 - 2015-04-11 14:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 15:11 - 2015-04-27 14:07 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-09 15:06 - 2014-08-19 10:13 - 00000000 ____D C:\ProgramData\Oracle
2016-04-09 14:49 - 2016-02-28 13:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-09 14:41 - 2016-01-23 01:03 - 00000000 ____D C:\Users\Dan\AppData\Roaming\.minecraft
2016-04-07 12:31 - 2015-11-15 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 12:31 - 2015-11-15 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 09:05 - 2014-09-04 16:21 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2016-04-05 21:50 - 2015-05-14 10:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Applied Acoustics Systems
2016-04-05 14:37 - 2014-09-14 15:55 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-04 23:48 - 2014-08-26 15:39 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Audacity
2016-04-03 16:46 - 2015-04-19 23:48 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-04-03 16:42 - 2015-05-21 08:09 - 00000000 ____D C:\Program Files\VstPlugIns
2016-04-03 16:42 - 2015-05-21 07:54 - 00000000 ____D C:\ProgramData\Audio Damage
2016-04-03 12:40 - 2014-07-29 09:44 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-01 14:22 - 2014-08-01 07:45 - 00000000 ____D C:\ProgramData\Origin
2016-04-01 14:11 - 2014-08-01 07:45 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-30 13:23 - 2014-08-01 15:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Awesomium
2016-03-29 20:00 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Dan\AppData\Roaming\OBS
2016-03-29 14:38 - 2015-06-19 09:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2016-03-29 12:09 - 2015-04-10 23:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-03-26 22:53 - 2016-03-02 09:19 - 00000000 ____D C:\Users\Dan\AppData\Local\SquirrelTemp
2016-03-26 19:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-26 16:22 - 2015-08-18 11:26 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2016-03-25 20:57 - 2015-05-07 15:58 - 00001186 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2016-03-25 12:41 - 2014-07-29 09:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Google
2016-03-25 12:41 - 2014-07-26 03:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2016-03-24 09:30 - 2016-02-21 10:53 - 00001343 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2016.lnk
2016-03-23 14:36 - 2016-01-23 01:03 - 00001038 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-03-23 12:33 - 2014-10-19 12:55 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Kodi
2016-03-21 19:14 - 2015-06-04 20:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-21 19:14 - 2015-03-12 21:01 - 00000000 ____D C:\ProgramData\Skype
2016-03-19 17:44 - 2015-04-19 23:48 - 00000000 ____D C:\Program Files (x86)\Celemony
2016-03-18 11:41 - 2014-09-10 14:48 - 00000000 ____D C:\Users\Dan\AppData\Local\Battle.net
2016-03-18 10:46 - 2014-09-10 14:48 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Battle.net
2016-03-18 10:44 - 2014-09-10 14:46 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-17 11:09 - 2015-11-15 10:50 - 00000000 ____D C:\ProgramData\Razer
2016-03-17 10:08 - 2015-11-15 10:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Razer
2016-03-14 22:45 - 2016-03-04 15:44 - 00000000 ____D C:\Users\Dan\AppData\Roaming\MeldaProduction
2016-03-14 16:08 - 2016-02-11 13:18 - 00000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2016-03-14 08:49 - 2014-08-04 09:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-14 08:49 - 2014-08-04 09:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2016-03-30 19:17 - 2016-03-30 19:17 - 0001549 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2015-01-17 11:09 - 2015-10-19 13:18 - 0007602 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2016-02-02 13:26 - 2016-02-02 13:30 - 0000024 _____ () C:\ProgramData\.BusDriver
2015-05-21 08:13 - 2016-03-04 15:36 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-04-13 13:30 - 2016-04-13 13:30 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-12 07:59
 
==================== End of FRST.txt ============================

Attached Files



#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:43 AM

Posted 13 April 2016 - 12:23 PM

Hi,

 

Excellent, that seemed to work as planned. However, it seems you didn't post Fixlog.txt; I'd greatly appreciate it if you did. To prevent it from being overwritten by the next fix, please rename the current text file before running the below script, so that you can post both. :)

 

Assuming you are having no problems, we are almost done here!

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST. Just a few more leftovers to get rid of.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
    C:\ProgramData\fontcacheev1.dat
    C:\WINDOWS\System32\Tasks\Safer-Networking
    C:\Users\Dan\AppData\Local\Temp\avgnt.exe
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware to check for any leftovers.

  • Open MBAM, and click Update Now >> to check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then select the Custom Scan option, and hit the Configure Scan button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Export button, select Copy to Clipboard, and paste it into your reply.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 the geekfreak

the geekfreak
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:swansea uk
  • Local time:04:43 AM

Posted 13 April 2016 - 01:20 PM

Ok sorry for not posting the first FixLog , I have got both which i will  post below .

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Dan (2016-04-13 13:29:05) Run:1
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan &  (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
C:\Users\Dan\Downloads\adguardInstaller.exe
C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
C:\ProgramData\fontcacheev1.dat
C:\Users\Dan\Downloads\jre-8u77-windows-x64.exe
C:\WINDOWS\system32\REN56AE.tmp
C:\Users\Dan\Downloads\jre-8u45-windows-x64 (2).exe
C:\WINDOWS\system32\REN224F.tmp
C:\Users\Dan\Downloads\JavaSetup8u77.exe
C:\Users\Dan\Downloads\jre-8u45-windows-x64 (1).exe
C:\WINDOWS\system32\REN38D2.tmp
C:\WINDOWS\system32\REN1D4B.tmp
C:\Users\Dan\Downloads\jre-8u45-windows-x64.exe
C:\WINDOWS\unins002.exe
C:\WINDOWS\unins002.dat
C:\Users\Dan\Downloads\WIN_AlterEgo_v1.070.exe
C:\Users\Dan\Downloads\Setup_Grace_Factory_Content.exe
C:\WINDOWS\unins001.exe
C:\WINDOWS\unins001.dat
C:\Users\Dan\Downloads\A1TriggerGate-WinRTAS-v1.0.0-Setup.exe
C:\Program Files (x86)\Spybot Anti-Beacon
C:\Users\Dan\Downloads\SpybotAntiBeacon-1.5-setup.exe
C:\Users\Dan\Downloads\DiscordSetup.exe
C:\Users\Dan\Downloads\Setup.X86.en-US_O365HomePremRetail_6f22fb0e-733c-4432-b111-c0bc04af8229_TX_DB_.exe
C:\Users\Dan\Downloads\nikcollection-full-1.2.11.exe
C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Dan\AppData\Local\Temp-log.txt
C:\ProgramData\1429110562.bdinstall.bin
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
C:\Users\Dan\AppData\Local\Temp\libeay32.dll
C:\Users\Dan\AppData\Local\Temp\msvcr120.dll
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden
Contents64 (Version: 18.0.0.181 - Corel Corporation) Hidden
Corel VideoStudio Pro Title Pack (x32 Version: 1.00.0000 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
ICA (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
IPM_VS_Pro64 (Version: 18.0 - Corel Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (64bit) (Version: 3.0.110.2 - proDAD GmbH) Hidden
proDAD Mercalli 2.0 (64bit) (Version: 2.0.120 - proDAD GmbH) Hidden
proDAD Route 4.0 (64bit) (Version: 4.0.233.1 - proDAD GmbH) Hidden
proDAD Script 4.0 (64bit) (Version: 4.0.233.1 - proDAD GmbH) Hidden
proDAD Vitascene 2.0 (64bit) (Version: 2.0.233 - proDAD GmbH) Hidden
Setup (x32 Version: 17.1.0.37 - Corel Corporation) Hidden
Setup (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
Share64 (Version: 18.0.0.181 - Corel Corporation) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
VSClassic64 (Version: 18.0.0.181 - Corel Corporation) Hidden
VSUltimate64 (Version: 18.0.0.181 - Corel Corporation) Hidden
Task: {0C9E3121-BEED-45F9-A792-387AE1E25A37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1A7F4FA2-5A47-42AF-BCDE-FE5DC3B8DE88} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {23FB8143-6583-4176-A71E-4F1EC63C0810} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {250786F7-36E2-4A7A-8D57-F36D8F1CE413} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {317A60D0-395A-4DDE-A267-03A50C8D4D8C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {49CFCF6D-C0CB-4BD5-A633-B6A412A44ED1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {4AC59B54-7CD8-46FD-B383-81C0215477EC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {792B6BC0-6947-4E02-BA04-276A997EFAD5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A3843458-0C86-4502-B99E-685A7AB43C2F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ACE85687-2711-48D1-8E6E-5968BD37C043} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AF18CA69-5A85-4387-92D3-F7E8FA390395} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B4FE5E90-1E4B-4A00-8BE6-E585F4EBDFC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-105014023-2738048968-2884344003-1001\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\amazon.co.uk -> hxxps://amazon.co.uk
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.7.0" => key removed successfully
C:\Users\Dan\Downloads\adguardInstaller.exe => moved successfully
C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp => moved successfully
C:\ProgramData\fontcacheev1.dat => moved successfully
C:\Users\Dan\Downloads\jre-8u77-windows-x64.exe => moved successfully
C:\WINDOWS\system32\REN56AE.tmp => moved successfully
C:\Users\Dan\Downloads\jre-8u45-windows-x64 (2).exe => moved successfully
C:\WINDOWS\system32\REN224F.tmp => moved successfully
C:\Users\Dan\Downloads\JavaSetup8u77.exe => moved successfully
C:\Users\Dan\Downloads\jre-8u45-windows-x64 (1).exe => moved successfully
C:\WINDOWS\system32\REN38D2.tmp => moved successfully
C:\WINDOWS\system32\REN1D4B.tmp => moved successfully
C:\Users\Dan\Downloads\jre-8u45-windows-x64.exe => moved successfully
C:\WINDOWS\unins002.exe => moved successfully
C:\WINDOWS\unins002.dat => moved successfully
C:\Users\Dan\Downloads\WIN_AlterEgo_v1.070.exe => moved successfully
C:\Users\Dan\Downloads\Setup_Grace_Factory_Content.exe => moved successfully
C:\WINDOWS\unins001.exe => moved successfully
C:\WINDOWS\unins001.dat => moved successfully
C:\Users\Dan\Downloads\A1TriggerGate-WinRTAS-v1.0.0-Setup.exe => moved successfully
C:\Program Files (x86)\Spybot Anti-Beacon => moved successfully
C:\Users\Dan\Downloads\SpybotAntiBeacon-1.5-setup.exe => moved successfully
C:\Users\Dan\Downloads\DiscordSetup.exe => moved successfully
C:\Users\Dan\Downloads\Setup.X86.en-US_O365HomePremRetail_6f22fb0e-733c-4432-b111-c0bc04af8229_TX_DB_.exe => moved successfully
C:\Users\Dan\Downloads\nikcollection-full-1.2.11.exe => moved successfully
C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Dan\AppData\Local\Temp-log.txt => moved successfully
C:\ProgramData\1429110562.bdinstall.bin => moved successfully
C:\Users\Dan\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Dan\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Dan\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CDDC143-E149-4945-A5C9-8B366D8C2FC6}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2DD67752-A84F-493D-884B-A857CEE14A88}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A22A80C4-F237-4B5A-825F-0731971ECBE6}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEE838EA-72D1-4149-91F5-5591AFE0CBBC}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38F03569-A636-4CF3-BDDE-032C8C251304}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\proDAD-Adorage-3.0\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\proDAD-Mercalli-2.0\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\proDAD-HeroglyphRoute-4.0\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\proDAD-HeroglyphScript-4.0\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\proDAD-Vitascene-2.0\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3BB9B652-3725-419E-869F-7A5F7FE82C28}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8686FE2-D759-4304-9791-66ED3C1A7789}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BBC9291-7961-42EE-9CDA-6EC4BD6EB782}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C9E3121-BEED-45F9-A792-387AE1E25A37}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C9E3121-BEED-45F9-A792-387AE1E25A37}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A7F4FA2-5A47-42AF-BCDE-FE5DC3B8DE88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A7F4FA2-5A47-42AF-BCDE-FE5DC3B8DE88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23FB8143-6583-4176-A71E-4F1EC63C0810}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23FB8143-6583-4176-A71E-4F1EC63C0810}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{250786F7-36E2-4A7A-8D57-F36D8F1CE413}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{250786F7-36E2-4A7A-8D57-F36D8F1CE413}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{317A60D0-395A-4DDE-A267-03A50C8D4D8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{317A60D0-395A-4DDE-A267-03A50C8D4D8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{49CFCF6D-C0CB-4BD5-A633-B6A412A44ED1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49CFCF6D-C0CB-4BD5-A633-B6A412A44ED1}" => key removed successfully
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AC59B54-7CD8-46FD-B383-81C0215477EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AC59B54-7CD8-46FD-B383-81C0215477EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{792B6BC0-6947-4E02-BA04-276A997EFAD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792B6BC0-6947-4E02-BA04-276A997EFAD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3843458-0C86-4502-B99E-685A7AB43C2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3843458-0C86-4502-B99E-685A7AB43C2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACE85687-2711-48D1-8E6E-5968BD37C043}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACE85687-2711-48D1-8E6E-5968BD37C043}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF18CA69-5A85-4387-92D3-F7E8FA390395}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF18CA69-5A85-4387-92D3-F7E8FA390395}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4FE5E90-1E4B-4A00-8BE6-E585F4EBDFC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4FE5E90-1E4B-4A00-8BE6-E585F4EBDFC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKU\S-1-5-21-105014023-2738048968-2884344003-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.co.uk" => key removed successfully
"HKU\S-1-5-21-105014023-2738048968-2884344003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.co.uk" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 13:29:07 ====
 
Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Dan (2016-04-13 18:29:20) Run:2
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
C:\ProgramData\fontcacheev1.dat
C:\WINDOWS\System32\Tasks\Safer-Networking
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp => moved successfully
C:\ProgramData\fontcacheev1.dat => moved successfully
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
C:\Users\Dan\AppData\Local\Temp\avgnt.exe => moved successfully
 
==== End of Fixlog 18:29:21 ====
 
 
  Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/04/2016
Scan Time: 18:32
Logfile: logk.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.13.04
Rootkit Database: v2016.04.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Dan
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 759062
Time Elapsed: 43 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 


#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:43 AM

Posted 13 April 2016 - 03:12 PM

Hi,

 

No problem! Everything looks good!

 

And with that... congrats! Your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. Since you have FileHippo App Manager, you've got a good start here. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe and .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 the geekfreak

the geekfreak
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:swansea uk
  • Local time:04:43 AM

Posted 14 April 2016 - 01:31 AM

# DelFix v1.012 - Logfile created 14/04/2016 at 07:30:53
# Updated 04/03/2015 by Xplode
# Username : Dan - BEAST
# Operating System : Windows 10 Pro  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Dan\Desktop\Addition.txt
Deleted : C:\Users\Dan\Desktop\Fixlog.txt
Deleted : C:\Users\Dan\Desktop\FRST.txt
Deleted : C:\Users\Dan\Desktop\FRST64.exe
Deleted : C:\Users\Dan\Desktop\logk.txt
Deleted : C:\Users\Dan\Downloads\adwcleaner_5.110.exe
 
~ Cleaning system restore ...
 
Deleted : RP #51 [Installed DirectX | 04/04/2016 14:11:36]
Deleted : RP #52 [Removed Java 8 Update 77 | 04/09/2016 14:11:35]
Deleted : RP #53 [LANDR | 04/11/2016 11:33:00]
Deleted : RP #54 [Removed System Requirements Lab Detection | 04/13/2016 12:34:14]
 
New restore point created !
 
########## - EOF - ##########


#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:43 AM

Posted 14 April 2016 - 05:37 AM

Looks good! :thumbup2:

 

Since your problems seem to be solved, I'm locking this topic. However, if you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users