Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something tried to change settings in IE and Chrome Portable


  • This topic is locked This topic is locked
24 replies to this topic

#1 juniorelson4

juniorelson4

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 03 May 2016 - 12:36 PM

But I don't know what is. I'm suspecting it might be a new adware or rootkit. Please help me clean this computer from whatever nasty it may have. Thanks.

Note: I had to attach both files because the post was too long.

Attached Files



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 04 May 2016 - 09:53 PM

Hello juniorelson4,

My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 07 May 2016 - 04:42 PM

Hello juniorelson4, and welcome to Bleeping Computer.

I will be helping you with your computer problem. My nickname is Ray. Please tell me yours.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

Please confirm that you have backed up your important files before we proceed.


I'd like more information about the problem

 

  • Please explain in greater detail what you mean by "change settings".
  • Are addresses being redirected?
  • Is default search engine being replaced?
  • Is download location being changed?
  • Are sites being blocked?
  • If you restore changed settings, what kind of events cause changes to recur? E.g., rebooting, re-launching the browsers, visiting particular websites?
  • Do you move Google Chrome Portable to other devices? If so, do you notice changes in Google Chrome Portable when you return to this PC?
  • What exactly is being changed? Please be specific.


Scan with AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Copy and paste the contents of the logfile into your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • Thank you,

    Ray

Edited by RayS, 07 May 2016 - 04:43 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 07 May 2016 - 05:58 PM

1. When I opened Chrome Portable and IE, extensions were disabled except for an unknown one and the browsers asked if I wanted to restore settings. I immediately accepted to restore settings - that's why I don't know the name of the extension that was there when all the others appeared to be disabled.

2. Not that I can notice now

3. Not that I can notice now

4. Not that I can notice now

5. Not that I can notice now

6. I don't know, but I imagine it could be some malicious hidden add on or extension, or maybe a leftover from some uninstalled software

7. It is located on a different partition but in the same drive
8. I can't be more specific, sorry!

 

 

Log from AdwCleaner:

 

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 19:56:07
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : juniorelson4 - JUNIORELSON4-PC
# Running from : C:\Users\juniorelson4\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : br.ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [776 bytes] - [07/05/2016 19:56:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [848 bytes] ##########
 


#5 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 08 May 2016 - 02:23 PM

Hi juniorelson4,

 

1. When I opened Chrome Portable and IE, extensions were disabled except for an unknown one and the browsers asked if I wanted to restore settings. I immediately accepted to restore settings - that's why I don't know the name of the extension that was there when all the others appeared to be disabled.

 

 

  1. Has this occurred more than once?
  2. How often?
  3. What sites were you visiting before the changes occurred?

 

If you see these changes again, please tell me as much as you can about the substituted extension (name, location, its apparent function, any associated website, etc.). Don't restore your usual extensions immediately. Instead obtain another full scan with FRST64.exe and send me Frst.txt and Addition.txt logs. (Place a checkmark next to Addition.txt in the FRST tool before you run it.)

 

 

 

Search engine

Thank you for the AdwCleaner log. It shows that you are using the Ask.com search engine. If you want to keep that, ignore the AdwCleaner result. If you want to change your search engine, I can help configure your browsers in my next reply.



Uninstall programs

I recommend uninstalling all AVG security products and the jv16 PowerTools. If you desire to keep either or both, I would ask that you reinstall after we close this topic.

Please visit https://support.avg.com/SupportArticleView?l=en_US&urlName=How-to-uninstall-AVG and download the AVG Remover tool as indicated in step C-1 on that page. Save all your work and close all open documents, then complete instructions C-2 through C-4 on that page.

Next

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time.
  • Type appwiz.cpl and press Enter.
  • A list of installed programs will be displayed.
  • Uninstall the following by clicking on the program below (and any other similar names) and selecting Remove or Uninstall

jv16 PowerTools 2016 Beta4

  • Reboot your computer

 

 

Submit a file to VirusTotal.com

The following file may or may not be legitimate. Please submit it to VirusTotal for an online scan:

ggdllhost.exe

  • Please visit https://www.virustotal.com/.
  • Click the File tab.
  • Click Choose File.
  • Use the File Upload window to navigate to H:\Movable\Games\Garena Plus\GarenaPlus\ggdllhost.exe on your local PC and click Open.
  • Click the Scan it! button on the VirusTotal website.
  • If a File already analyzed window pops up, click Reanalyze.
  • After a short time, the analysis will be presented on a web page.
  • Please copy the URL of that page (https:// etc.) and paste it into your reply to me.



Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

 

  • Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
  • Type Notepad into the Run box and click OK.
  • Please copy and paste the entire contents of the code box below into a new file.
start

folder: C:\Users\juniorelson4\AppData\Roaming\xim
folder: C:\Program Files\inRQttUZ
2016-04-16 01:18 - 2016-04-16 01:18 - 0000020 _____ () C:\Users\juniorelson4\AppData\Roaming\colthy
2016-04-16 08:39 - 2016-04-16 10:02 - 0000238 _____ () C:\Users\juniorelson4\AppData\Roaming\comhsx
2016-04-16 07:42 - 2016-04-16 07:42 - 0000016 _____ () C:\Users\juniorelson4\AppData\Roaming\orsiii
ask: {1277311D-24AD-4683-B328-D2C32110B723} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2940BF73-92B8-4750-9FB8-3C2D4E1AA373} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3727A470-662D-4635-B2DC-0AB84A9EABAD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3F0DE292-31D7-4459-A09B-D1719A1DBE26} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5AE9CF35-4AA7-4636-9836-ECEB16635412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5E3DC92E-DD92-4E3E-9C25-A6992A17EBAF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66141793-A698-494F-B4C5-03362ED9B532} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77577EA2-117B-4EF5-8C26-A5DCE6DB0544} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9C5CF62A-8AD0-4615-B18B-A7710D88735A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B6ABD9D6-0C16-4CD8-9EA7-A4B9475DF708} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C632B52D-C523-4E26-BC33-9A3F3E79C20B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C667331B-9C49-4CF2-910B-CB9998EA1EE8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E70C0B6A-8E3E-408D-88EB-0AB7A1FB0AD2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\juniorelson4\Downloads\ABPro.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\BackupperFull.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\blackdproxy_installer_37.9.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\drw_trial.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\FreeAlarmClockSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\HWVendorDetection.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\ImmunetSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\Intel Driver Update Utility Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\jv16PT2016_beta4.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\lastpass_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\mbae-setup-1.08.1.1189.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\MoveOnBootSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\pd14.0_pro_be.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\PeerBlock-Setup_v1.2_r693.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\prey-windows-1.5.1-x86.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\privatefirewall.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\processlassosetup64.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\PSISetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\reducethelag_v3.1.33-installer.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\SetupNoPing_v11.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\setup_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\Smart Switch PC_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\sosintwr.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\tibia1092.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\unchecky_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\wsamgravt.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\XnView-win-full.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\Zemana_AntiLogger_1.9.3.602.exe:BDU [0]
C:\ProgramData\1460459330.bdinstall.bin
C:\ProgramData\1460511204.bdinstall.bin
C:\ProgramData\1461212436.bdinstall.bin
C:\ProgramData\1461597970.bdinstall.bin
C:\ProgramData\1461597989.bdinstall.bin
C:\ProgramData\1462225914.bdinstall.bin
C:\ProgramData\1462225921.bdinstall.bin
C:\ProgramData\1462226386.bdinstall.bin
C:\ProgramData\1462226618.bdinstall.bin
C:\ProgramData\1462226622.bdinstall.bin

End
  • On the Notepad menu, click Format and remove the checkmark from Word Wrap.
  • Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
  • The location is listed in the 3rd line of the FRST.txt log you have submitted.
  • Run FRST64.exe and click Fix only once and wait until the program completes execution.
  • If requested, restart the computer normally to reset the registry.
  • The tool will create a log (Fixlog.txt). Please post it into your reply.



In your next reply...

  • Please answer my questions about unintentional disabling of your browser extensions.
  • Tell me whether you want your browser to keep using the Ask.com search engine.
  • Confirm that you have uninstalled all AVG security products and the jv16 PowerTools.
  • Send me the URL for the VirusTotal scan results.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.

How is your PC running now?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 May 2016 - 03:57 PM

1. No.
2. One time only.
3. I was opening the browsers, so their homepages:
- Chrome Portable: the homepage is a new tab page set by the extension 'Home - New Tab Page'
 
I don't use Ask.com search engine in any program. I have no idea how it appeared.
 
I uninstalled AVG products (I don't remember installing other AVG products besides AVG PC TuneUp) and jv16 PowerTools.
 
Talking about Garena, it isn't working as well. 
I submitted ggdllhost.exe to VirusTotal. Here is the link:
 
Log:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by juniorelson4 (2016-05-08 17:55:56) Run:1
Running from C:\Users\juniorelson4\Desktop
Loaded Profiles: juniorelson4 (Available Profiles: juniorelson4)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
folder: C:\Users\juniorelson4\AppData\Roaming\xim
folder: C:\Program Files\inRQttUZ
2016-04-16 01:18 - 2016-04-16 01:18 - 0000020 _____ () C:\Users\juniorelson4\AppData\Roaming\colthy
2016-04-16 08:39 - 2016-04-16 10:02 - 0000238 _____ () C:\Users\juniorelson4\AppData\Roaming\comhsx
2016-04-16 07:42 - 2016-04-16 07:42 - 0000016 _____ () C:\Users\juniorelson4\AppData\Roaming\orsiii
ask: {1277311D-24AD-4683-B328-D2C32110B723} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2940BF73-92B8-4750-9FB8-3C2D4E1AA373} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3727A470-662D-4635-B2DC-0AB84A9EABAD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3F0DE292-31D7-4459-A09B-D1719A1DBE26} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5AE9CF35-4AA7-4636-9836-ECEB16635412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5E3DC92E-DD92-4E3E-9C25-A6992A17EBAF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66141793-A698-494F-B4C5-03362ED9B532} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77577EA2-117B-4EF5-8C26-A5DCE6DB0544} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9C5CF62A-8AD0-4615-B18B-A7710D88735A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B6ABD9D6-0C16-4CD8-9EA7-A4B9475DF708} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C632B52D-C523-4E26-BC33-9A3F3E79C20B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C667331B-9C49-4CF2-910B-CB9998EA1EE8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E70C0B6A-8E3E-408D-88EB-0AB7A1FB0AD2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\juniorelson4\Downloads\ABPro.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\BackupperFull.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\blackdproxy_installer_37.9.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\drw_trial.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\FreeAlarmClockSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\HWVendorDetection.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\ImmunetSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\Intel Driver Update Utility Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\jv16PT2016_beta4.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\lastpass_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\mbae-setup-1.08.1.1189.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\MoveOnBootSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\pd14.0_pro_be.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\PeerBlock-Setup_v1.2_r693.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\prey-windows-1.5.1-x86.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\privatefirewall.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\processlassosetup64.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\PSISetup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\reducethelag_v3.1.33-installer.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\SetupNoPing_v11.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\setup_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\Smart Switch PC_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\sosintwr.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\tibia1092.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\unchecky_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\wsamgravt.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\XnView-win-full.exe:BDU [0]
AlternateDataStreams: C:\Users\juniorelson4\Downloads\Zemana_AntiLogger_1.9.3.602.exe:BDU [0]
C:\ProgramData\1460459330.bdinstall.bin
C:\ProgramData\1460511204.bdinstall.bin
C:\ProgramData\1461212436.bdinstall.bin
C:\ProgramData\1461597970.bdinstall.bin
C:\ProgramData\1461597989.bdinstall.bin
C:\ProgramData\1462225914.bdinstall.bin
C:\ProgramData\1462225921.bdinstall.bin
C:\ProgramData\1462226386.bdinstall.bin
C:\ProgramData\1462226618.bdinstall.bin
C:\ProgramData\1462226622.bdinstall.bin
 
End
*****************
 
 
========================= folder: C:\Users\juniorelson4\AppData\Roaming\xim ========================
 
2016-05-01 21:31 - 2016-05-01 21:31 - 0000000 ____D () C:\Users\juniorelson4\AppData\Roaming\xim\2020438128
2016-05-01 21:31 - 2016-05-01 21:31 - 0000000 ____D () C:\Users\juniorelson4\AppData\Roaming\xim\2020438128\100000463999476@chat.facebook.com
 
====== End of Folder: ======
 
 
========================= folder: C:\Program Files\inRQttUZ ========================
 
2016-04-22 09:05 - 2016-04-22 09:05 - 0873584 _____ (Webroot) C:\Program Files\inRQttUZ\fsjHGpCl.exe
 
====== End of Folder: ======
 
C:\Users\juniorelson4\AppData\Roaming\colthy => moved successfully
C:\Users\juniorelson4\AppData\Roaming\comhsx => moved successfully
C:\Users\juniorelson4\AppData\Roaming\orsiii => moved successfully
ask: {1277311D-24AD-4683-B328-D2C32110B723} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2940BF73-92B8-4750-9FB8-3C2D4E1AA373}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2940BF73-92B8-4750-9FB8-3C2D4E1AA373}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3727A470-662D-4635-B2DC-0AB84A9EABAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3727A470-662D-4635-B2DC-0AB84A9EABAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F0DE292-31D7-4459-A09B-D1719A1DBE26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0DE292-31D7-4459-A09B-D1719A1DBE26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE9CF35-4AA7-4636-9836-ECEB16635412} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E3DC92E-DD92-4E3E-9C25-A6992A17EBAF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66141793-A698-494F-B4C5-03362ED9B532} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77577EA2-117B-4EF5-8C26-A5DCE6DB0544}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77577EA2-117B-4EF5-8C26-A5DCE6DB0544}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C5CF62A-8AD0-4615-B18B-A7710D88735A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C5CF62A-8AD0-4615-B18B-A7710D88735A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6ABD9D6-0C16-4CD8-9EA7-A4B9475DF708} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C632B52D-C523-4E26-BC33-9A3F3E79C20B} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C667331B-9C49-4CF2-910B-CB9998EA1EE8} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E70C0B6A-8E3E-408D-88EB-0AB7A1FB0AD2} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"C:\Users\juniorelson4\Downloads\ABPro.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\BackupperFull.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\blackdproxy_installer_37.9.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\drw_trial.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\FreeAlarmClockSetup.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\HWVendorDetection.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\ImmunetSetup.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\Intel Driver Update Utility Installer.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\jv16PT2016_beta4.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\lastpass_x64.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\mbae-setup-1.08.1.1189.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\mbam-setup-2.2.1.1043.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\MoveOnBootSetup.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\pd14.0_pro_be.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\PeerBlock-Setup_v1.2_r693.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\prey-windows-1.5.1-x86.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\privatefirewall.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\processlassosetup64.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\PSISetup.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\reducethelag_v3.1.33-installer.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\SetupNoPing_v11.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\setup_x64.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\Smart Switch PC_setup.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\sosintwr.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\tibia1092.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\unchecky_setup.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\wsamgravt.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\XnView-win-full.exe" => ":BDU" ADS not found.
"C:\Users\juniorelson4\Downloads\Zemana_AntiLogger_1.9.3.602.exe" => ":BDU" ADS not found.
C:\ProgramData\1460459330.bdinstall.bin => moved successfully
C:\ProgramData\1460511204.bdinstall.bin => moved successfully
C:\ProgramData\1461212436.bdinstall.bin => moved successfully
C:\ProgramData\1461597970.bdinstall.bin => moved successfully
C:\ProgramData\1461597989.bdinstall.bin => moved successfully
C:\ProgramData\1462225914.bdinstall.bin => moved successfully
C:\ProgramData\1462225921.bdinstall.bin => moved successfully
C:\ProgramData\1462226386.bdinstall.bin => moved successfully
C:\ProgramData\1462226618.bdinstall.bin => moved successfully
C:\ProgramData\1462226622.bdinstall.bin => moved successfully
 
==== End of Fixlog 17:55:57 ====
 
 
 
The computer is apparently running OK. Browsers are a bit laggy sometimes.

Edited by juniorelson4, 08 May 2016 - 03:59 PM.


#7 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 10 May 2016 - 06:01 PM

Hi juniorelson4,

 

I don't use Ask.com search engine in any program. I have no idea how it appeared.

It's possible your search provider was changed as a subtle option when you installed some software from the internet. In this case, however, I think it is more likely that your search provider was changed by the same event that disabled your extensions.

Please rerun AdwCleaner in Scan mode as you did following the instructions in Post #3. When you see the following message in the AdwCleaner window, "Pending. Please uncheck the elements you don't want to remove.", click Clean. I don't need to see the AdwCleaner report unless you have a question about it. The search provider for MSIE will default to Bing, and for Chrome, it will default to Google.


 

I uninstalled AVG products (I don't remember installing other AVG products besides AVG PC TuneUp) and jv16 PowerTools.

Thank you.


 

Talking about Garena, it isn't working as well.

Please explain this in detail.


 

I submitted ggdllhost.exe to VirusTotal.

Thank you for the link. No threats were found in that instance, however, some users remove Garena+ Plugin Host Service. For example, see: http://fxexe.com/file/ggdllhost.exe/185169. Please tell me whether you installed Garena intentionally. Do you intend to keep it?




Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

Task: {1277311D-24AD-4683-B328-D2C32110B723} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
File: H:\Movable\Games\Garena Plus\GarenaPlus\ggdllhost.exe
File: C:\Program Files\inRQttUZ\fsjHGpCl.exe
Emptytemp:

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Slow Browsers
 

Browsers are a bit laggy sometimes.

  1. Is this new?
  2. Could it be because of congestion at your Internet Service Provider? Sometimes response times vary depending on time of day.
  3. Is it because of slow response from the remote website?
  4. The Fixlist above may boost the performance of your browsers. In addition, please temporarily disable all your browser add-ons. Does this improve browser performance?

 

In your next reply...

  • Please describe how Garena "isn't working as well".
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Explain in more detail, "Browsers are a bit laggy sometimes".
  • Tell me whether your browser performance improved.

 

How is your PC running now? Any more disabled extensions?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#8 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 10 May 2016 - 11:12 PM

1. Somewhat.

2. Not sure, but I don't think so.

3. But then only the webpage loading would lag, not the entire browser.

4. Disabling all addons always improve performance, but I lose essential functionality and can't maintain my browsers in that state.

 

IMPORTANT: I forgot to mention one weird issue with IE that I noticed weeks ago. The New Tab always exposes a dark background that I didn't put there. Look: http://i.imgur.com/MqAtBD1.jpg

 

Garena isn't working as it used to work here. In fact, my Garena is a folder where I copied files from a previous installation. This "portable" Garena used to work in several computers. All I had to do was open GarenaMessenger.exe, install all updates, login, click on LAN Games and voila. However, LAN Games is always stopping in the "Auth in Main Server" phase now (regardless of the state of their servers). See: https://i.imgur.com/JTDwJOm.jpg

Regarding ggdllhost.exe: Garena always used to add some startup entries which are hard to remove. This may be related. I don't know if it is safe to remove and how to do it.

 

Log: 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by juniorelson4 (2016-05-11 00:31:10) Run:2
Running from C:\Users\juniorelson4\Desktop
Loaded Profiles: juniorelson4 (Available Profiles: juniorelson4)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {1277311D-24AD-4683-B328-D2C32110B723} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
File: H:\Movable\Games\Garena Plus\GarenaPlus\ggdllhost.exe
File: C:\Program Files\inRQttUZ\fsjHGpCl.exe
Emptytemp:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1277311D-24AD-4683-B328-D2C32110B723}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1277311D-24AD-4683-B328-D2C32110B723}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
 
========================= File: H:\Movable\Games\Garena Plus\GarenaPlus\ggdllhost.exe ========================
 
File is digitally signed
MD5: 92E3B9223934E3A632FF9A2DAB7E87C5
Creation and modification date: 2016-04-06 14:17 - 2016-02-22 08:24
Size: 0174632
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: Garena+ Plugin Host Service
File Version: 2.1.6.0
Product Version: 2.1.6.0
Copyright: Copyright © 2013
 
====== End of File: ======
 
 
========================= File: C:\Program Files\inRQttUZ\fsjHGpCl.exe ========================
 
File is digitally signed
MD5: A1D8292D937C537194843E8D3B047071
Creation and modification date: 2016-04-22 09:05 - 2016-04-22 09:05
Size: 0873584
Attributes: ----A
Company Name: Webroot
Internal Name: WRSA.exe
Original Name: WRSA.exe
Product: Webroot SecureAnywhere
Description: Webroot SecureAnywhere
File Version: 9.0.8.80
Product Version: 9.0.8.80
Copyright: © Webroot 2006-2016
 
====== End of File: ======
 
EmptyTemp: => 507.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 00:31:42 ====

Edited by juniorelson4, 10 May 2016 - 11:17 PM.


#9 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 13 May 2016 - 02:01 PM

Hi juniorelson4,

Before we go any farther, please answer my question about the original problem: have the extensions in your browsers been unintentionally disabled any more? Has the original problem recurred since we have been working together?


Browsers slow
 

But then only the webpage loading would lag, not the entire browser.

  • Are both Microsoft Internet Explorer (MSIE) and Chrome slow to launch (while all other functions of PC operate at normal speed)?
  • Are MSIE and Chrome equally slow?
  • Do browsers scroll slowly? What exactly lags?
  • After browsers launch, do web pages display at normal speed?

Possible fixes for "lagging" browsers

Sometimes, disabling all add-ons/extensions then re-enabling them resolves the issue.

Microsoft Internet Explorer

  • Launch Microsoft Internet Explorer.
  • Click Tools, then Manage add-ons.
  • Disable all add-ons by right clicking any that are enabled and selecting Disable.
  • Enable each add-on one at a time, and close then relaunch Internet Explorer after each add-on is enabled.
  • Check to see if the performance changes with the newly enabled add-on.

 

Chrome

  • Type chrome://plugins into your URL bar.
  • Click Disable in the lower left corner of the entries for all plug-ins.
  • Enable each plug-in one at a time, and close then relaunch Chrome after each plug-in is enabled.
  • Check to see if the performance changes with the newly enabled plug-in.

 

 

Let me know which add-on(s) or plug-in(s), if any, cause slow-downs.



MSIE new tab background color

IMPORTANT: I forgot to mention one weird issue with IE that I noticed weeks ago. The New Tab always exposes a dark background that I didn't put there. Look: http://i.imgur.com/MqAtBD1.jpg

 

Change to a different Windows theme, and then change back to the one you were using.

  1. Right click on your desktop and choose Personalize.
  2. Clicking on Save theme.
  3. Choose and apply any different theme.
  4. Select your saved theme and reapply it.
  5. Open MSIE and new tab should be back to the normal background color.

 

If this procedure does not work, reboot after step 3. Then resume with step 4. Reboot again.


"Auth in Main Server" problem

LAN Games is always stopping in the "Auth in Main Server" phase now (regardless of the state of their servers)

 

See the final post dated May 29, 2014 here:

Garena removed the LAN feature from many countries - allegedly the ones with low traffic (under 250 PERMANENT players). If you're in singapur and other eastern asian countries you can play but the other won't be back. Sorry, better moving on.

 

Any further questions you have about Garena would be best directed to that same gamer's forum or others like it.


Startup Entries

Regarding ggdllhost.exe: Garena always used to add some startup entries which are hard to remove. This may be related. I don't know if it is safe to remove and how to do it.

 

What startup entries do you want removed? We can do that with a Fixlist script if they are not required.



In your next reply...

  • Please tell me whether the original problem has recurred. Are browser extensions being involuntarily disabled?
  • Please describe in more detail, "Browsers are a bit laggy sometimes".
  • Which add-on(s) or plug-in(s), if any, are causing slow-downs.
  • Is background color in MSIE new tab back to normal?
  • What startup entries do you want removed?

 

How is your PC running now?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#10 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 13 May 2016 - 11:20 PM

No, the extensions are ok & the original problem didn't recur. 
 
1. No, they load fast
2. MSIE seems faster
3. Only on big webpages but not always
4. Yes - lags may happen on big webpages
 
I did as indicated with Chrome Portable.  It felt somewhat (not too much) faster when disabling:
Widevine Content Decryption Module - Version: 1.4.8.885 Enables Widevine licenses for playback of HTML audio/video content. (version: 1.4.8.885) & Adobe Flash Player - Version: 21.0.0.216 Shockwave Flash 21.0 r0
My test was to open Outlook.com and then open a new tab, close Outlook.com tab and open Facebook.com in the new tab and see how this whole process felt. I did these procedures with the addons and restarting the browser as you previously indicated.
As for MSIE, when I was going to test it, I began without changing and when I opened Facebook.com it freeze for a few seconds (freezing the entire system with it), but then returned. It was the kind of froze that I was talking about: inexplicable and the system (a Dell Inspiron 14R 5421) felt hotter too. 
I then tried with LastPass disabled and it passed my test without issues. When I enabled LastPass again and disabled OneNote, it passed my test without issues as well (surprise!). When I enabled OneNote again and disabled Xmarks for IE, it passed my test without issues as well. When I enabled Xmarks for IE again and disabled Send by Bluetooth to, it passed my test without issues as well. When testing again as I began, the issue didn't repeat.
 
The fix for the MSIE new tab background color worked perfectly! Thank you very much!
 
Any startup entry or service related to Garena can be removed. I don't think I'm going to use it now.

Edited by juniorelson4, 13 May 2016 - 11:24 PM.


#11 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 15 May 2016 - 06:38 PM

Hi juniorelson4,

 

No, the extensions are ok & the original problem didn't recur.

Please keep me informed about this. If the problem recurs, I need to know about it. Thank you.


Update Adobe players

Thank you for the details about browser slowdowns and momentary freezes. As you disabled and re-enabled add-ons, did you see any that you can do without? If so, please disable them again.

Both Adobe Flash player and Adobe Shockwave player are out of date. Current versions are:

When you visit these sites, be sure to remove the checkmarks from any optional offers. During the update process, you will be offered the option to allow automatic updates. Please allow Adobe to do this for you. Outdated products like these not only cause poor performance, but they also are often exploited by malware.

Close your browsers and reopen them after you install the updates.


Check for conflicts in Chrome

Type chrome://conflicts into Chrome’s address bar. This will open a window that shows all modules loaded into Google Chrome, and it reports conflicts, if any. Update or delete any conflicting module(s). Copy and paste all available info about any conflict(s) if you need help.

After updating the Adobe players and removing conflicts (if any), close and relaunch your browsers and test performance as before. Please tell me whether you see any improvement.

 

Any startup entry or service related to Garena can be removed. I don't think I'm going to use it now.


Uninstall Garena and associated files

Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.


CloseProcesses:
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [GarenaPlus] => H:\Movable\Games\Garena Plus\GarenaPlus\GarenaMessenger.exe [9862184 2016-03-17] ()
FF Plugin-x32: @t.garena.com/garenatalk -> H:\Movable\Games\Garena Plus\GarenaPlus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
S3 GGSAFERDriver; \??\H:\Movable\Games\Garena Plus\GarenaPlus\Room\safedrv.sys [X]
2016-04-29 00:57 - 2016-05-03 13:38 - 00003506 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-04-29 00:57 - 2016-05-02 14:27 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\GarenaPlus
2016-04-29 00:57 - 2016-05-02 14:21 - 00000000 ____D C:\ProgramData\GarenaMessenger
Task: {F197BDBC-4F22-4124-A425-AE1CFC038754} - System32\Tasks\Garena+ Plugin Host Service => H:\Movable\Games\Garena Plus\GarenaPlus\ggdllhost.exe [2016-02-22] ()
FirewallRules: [{B3E723DD-1873-4EA4-B7BE-39FDE062519A}] => (Allow) H:\Movable\Games\Garena Plus\GarenaPlus\Room\garena_room.exe
H:\Movable\Games\Garena Plus

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.


 

As for MSIE, when I was going to test it, I began without changing and when I opened Facebook.com it freeze for a few seconds (freezing the entire system with it), but then returned. It was the kind of froze that I was talking about: inexplicable and the system (a Dell Inspiron 14R 5421) felt hotter too.


Momentary freeze and overheating

We will troubleshoot freezes and overheating after we resolve the issues above.



In your next reply...

  • Did you disable any non-essential add-ons?
  • Did browser performance improve after updating Adobe players and resolving conflicts in Chrome?
  • Copy and paste the entire contencts of Fixlog.txt into the body of your message.
  • Please keep me informed about how your PC is running.

    Ray

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#12 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 16 May 2016 - 05:06 AM

Hello,

 

I disabled the following addons in IE (and I think performance improved):

- Send to OneNote

- Send by Bluetooth to

- OneNote Linked to Notes

Performance improved when disabling LastPass but I need it,

 

I didn't disable addons in Chrome but there are 2 PDF related addons that I think may be overlapping and one which I don't know where is needed ( Widevine Content Decryption Module ). Performance improved in Chrome when disabling Flash again. The 2 PDF addons are:

 

 


Chrome PDF Viewer (2 files)
Name: Chrome PDF Viewer
 
Version:  
Location: chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/
Type: BROWSER PLUGIN
MIME types: MIME type Description File extensions application/pdf   .pdf
Name: Chrome PDF Viewer
Description: Portable Document Format
Version:  
Location: internal-pdf-viewer
Type: PPAPI (out-of-process)
MIME types: MIME type Description File extensions application/x-google-chrome-pdf Portable Document Format .pdf

 

There was no conflict in Chrome. Performance in Chrome improved after the Flash update - but this happened with an update from PortableApps.com (the flash update doesn't work for Chrome) which initially made Chrome stop starting (this issue was fixed by installing Chrome x64 Portable again to the same location, as advised here: http://portableapps.com/node/54305 ).

 

Regarding IE, when I started my previously described test, it initially froze the same way but for less seconds. After that, similar results. I think this may indicate that performance improved too.

 

Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by juniorelson4 (2016-05-15 23:14:42) Run:3
Running from C:\Users\juniorelson4\Desktop
Loaded Profiles: juniorelson4 (Available Profiles: juniorelson4)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [GarenaPlus] => H:\Movable\Games\Garena Plus\GarenaPlus\GarenaMessenger.exe [9862184 2016-03-17] ()
FF Plugin-x32: @t.garena.com/garenatalk -> H:\Movable\Games\Garena Plus\GarenaPlus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
S3 GGSAFERDriver; \??\H:\Movable\Games\Garena Plus\GarenaPlus\Room\safedrv.sys [X]
2016-04-29 00:57 - 2016-05-03 13:38 - 00003506 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-04-29 00:57 - 2016-05-02 14:27 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\GarenaPlus
2016-04-29 00:57 - 2016-05-02 14:21 - 00000000 ____D C:\ProgramData\GarenaMessenger
Task: {F197BDBC-4F22-4124-A425-AE1CFC038754} - System32\Tasks\Garena+ Plugin Host Service => H:\Movable\Games\Garena Plus\GarenaPlus\ggdllhost.exe [2016-02-22] ()
FirewallRules: [{B3E723DD-1873-4EA4-B7BE-39FDE062519A}] => (Allow) H:\Movable\Games\Garena Plus\GarenaPlus\Room\garena_room.exe
H:\Movable\Games\Garena Plus
*****************
 
Processes closed successfully.
HKU\S-1-5-21-411181793-808532874-1999897628-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GarenaPlus => value not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key removed successfully
H:\Movable\Games\Garena Plus\GarenaPlus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll => not found.
GGSAFERDriver => service not found.
C:\Windows\System32\Tasks\Garena+ Plugin Host Service => moved successfully
"C:\Users\juniorelson4\AppData\Roaming\GarenaPlus" => not found.
C:\ProgramData\GarenaMessenger => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F197BDBC-4F22-4124-A425-AE1CFC038754} => key not found. 
C:\Windows\System32\Tasks\Garena+ Plugin Host Service => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Garena+ Plugin Host Service" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3E723DD-1873-4EA4-B7BE-39FDE062519A} => value not found.
"H:\Movable\Games\Garena Plus" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 23:14:44 ====
 
 
 
Microsoft issued several updates in the last days which were installed. New issues that I can remember now didn't happen.

Edited by juniorelson4, 16 May 2016 - 11:37 AM.


#13 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 16 May 2016 - 11:11 PM

Hi juniorelson4,
 

Performance improved when disabling LastPass but I need it,

LastPass uses very few resources and is probably not the source of reduced performance.

 

I didn't disable addons in Chrome but there are 2 PDF related addons that I think may be overlapping and one which I don't know where is needed ( Widevine Content Decryption Module ).

The two PDF readers may be a source of contention for resources. Please enter chrome://conflicts again into the Chrome address bar and disable the second Chrome PDF Viewer which is in "Location: internal-pdf-viewer".

The Widevine Content Decryption Module is bundled along with Chrome. It allows Chrome to play back DRM-protected HTML5 video and audio. For example, you need this to watch Netflix’s HTML5 videos in Chrome. If you disable it and try to watch Netflix, you’ll see an error message saying there’s a problem with the Widevine component. You can optionally disable this module. Just remember how to re-enable it if you ever get the Widevine error message or HTML5 video refuses to play.


Re-scan with Farbar Recovery and Scan tool
After disabling the second instance of PDF reader, please download a fresh copy of FRST64.exe and perform another complete Scan. Be sure to put a checkmark into the Addition.txt box and all the boxes in the Whitelist section. Copy and paste FRST.txt and Addition.txt into your reply. Use two consecutive posts if necessary.

 

Regarding IE, when I started my previously described test, it initially froze the same way but for less seconds.

Please confirm that the entire PC freezes in these instances -- not just the browsers.

Momentary freeze and overheating

These could be signs of incipient hardware failure, high CPU usage, or CPU overheating. In my first post, I asked you to back up all your important files. Please confirm that you have done so. We will troubleshoot freezes and overheating using two built-in tools and a third-party utility called Speccy.

Device Manager

  • Press the Windows key and type devmgmt.msc into the search box and click on devmgmt.msc in the search results.
  • Look for any device flagged with a yellow exclamation point (!) or red X icon or a problem code next to its name.

Device%20Manager%20Yellow%20Exclamation.

  • Click the plus sign (+) next to the device category (such as Disk drives or Display adapters) and double-click any flagged device to open its Properties window.
  • Copy and paste all info shown for the problem device into your next reply.

For more info see Troubleshooting Device Conflicts with Device Manager


Monitor CPU usage in Task Manager
While running applications that tend to slow your computer, do the following:

  • Click the Windows Start key and enter Task Manager into the search box.
  • Click View running processes with Task Manager in search results.
  • Click Processes tab.
  • In lower left corner of the Windows Task Manager window, add a checkmark to Show processes from all users.
  • Record the CPU Usage % shown at the bottom of the Windows Task Manager window.
  • Record the Physical Memory % shown at the bottom of the Windows Task Manager window.
  • Click the CPU column to sort the values.
  • Record the names and CPU percentages for all processes that show persistently high usage.
  • Include these recorded percentages in your next reply to me.

Save Speccy Snapshot(s)

  • Please visit http://www.piriform.com/speccy
  • Click Free Download in the Speccy Free panel.
  • Click Download from: Piriform.com.
  • Save spsetup129.exe on your PC.
  • Double-click spsetup129.exe and accept UAC warning (if any).
  • Allow Speccy to profile your computer.
  • When the PC temperature seems high and it is running slowly, click File > Save Snapshot... (do not click Save as XML or Save as Text file).
  • Upload the snapshot file to here. Be sure to provide a link to your current topic as follows:

http://www.bleepingcomputer.com/forums/t/612909/something-tried-to-change-settings-in-ie-and-chrome-portable/

  • Click Submit Query.

While Speccy is running, you can click on any of the categories listed on the left side of its window. You can click on any green rectangle to open a real-time graph for the parameter selected. I suggest that you open the CPU category and open the Average Temperature graph. After observing for a while, let me know the average and the peak temperature you see. A little lower on that same window, you can see temperatures of individual processors. Tell me if any processor(s) is running significantly hotter than most of the others and what its temperature is.

It's OK to upload one or two more snapshots if the PC freezes or gets very hot.



In your next reply...

  • Confirm disabling second instance of PDF reader.
  • Confirm you have backed up all your important files.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Tell me whether momentary freezes affect the whole PC?
  • Did you find any problems in Device Manager? If so, post verbatim info.
  • Post high usage percentages seen in Windows Task Manager.
  • Tell me how many Speccy snapshots you uploaded.
  • Tell me about any high temperatures revealed by the Speccy utility.

 

How's your PC running now?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 17 May 2016 - 01:25 PM

I disabled the second instance of PDF reader.
I have a software called AOMEI Backupper Professional that makes backups automatically. I also have other backups saved in external locations. So, yes.
Yes, the momentary freezes seem to affect the whole PC, sometimes even the mouse pointer stops working and I have to replug the mouse.
No, Device Manager is okay. Even if I click to show hidden devices. No yellow marks at all.
 
 
System Idle Process - 93 to 99 % usually
When loading IE: 
CPU usage reached 61% when loading IE (the message "not respoding" appeared and disappeared)
CPU Usage usually at 0 to 4% but reaches more than 40% when loading pages with IE (reduces and varies fast after loaded)
Physical memory remained at 36%
After closed, IE remains in Task Manager (several instances of iexplore.exe *32 and others). 
Some related processes keep appearing and reappearing on top of the list such as:
SteganosBrowserMonitor.exe *32
node.exe *32
fsjHGpCl.exe *32
and others
When loading Chrome:
CPU usage reached 100% when loading Chrome
CPU usage usually at 0 to 6% but reaches 63% when loading pages with Chrome (reduces and varies very fast after loaded)
Physical Memory at 50% - 51%
After closed, Chrome disappears from Task Manager.
 
I made 3 uploads on that page. 
The average and the peak temperatures:
Average: 65 ºC
Peak: 67 ºC
When loading IE: Peak 70 ºC
When loading Chrome: Peak 76 ºC
Temperatures of individual processors:
Core 0: 64º C
Core 1: 64º C
Sometimes one or the other gets hotter by 2 or 3 ºC
Their core speeds varies. 
Intel Turbo Boost Technology Monitor 2.6 seems to be acting here.
 
 
Logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by juniorelson4 (administrator) on JUNIORELSON4-PC (17-05-2016 14:00:55)
Running from C:\Users\juniorelson4\Desktop
Loaded Profiles: juniorelson4 (Available Profiles: juniorelson4)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\inRQttUZ\fsjHGpCl.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Webroot) C:\Program Files\inRQttUZ\fsjHGpCl.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Lau Han Ching) C:\Program Files (x86)\Lau Han Ching\KeepNetworkAlive\KeepNetworkAlive.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\Notifier.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.5.1\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.5.1\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(PortableApps.com) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\GoogleChromePortable.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Google Inc.) H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\inRQttUZ\fsjHGpCl.exe [877224 2016-05-12] (Webroot)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [14679464 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SOS Notifier] => C:\Program Files (x86)\Steganos Online Shield\Notifier.exe [3969032 2016-03-18] (Steganos Software GmbH)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [SOS Browser Monitor] => C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe [992768 2016-03-18] (Steganos Software GmbH)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KeyCryptSDK\KeyCrypt32(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-04-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2016-04-11]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeepNetworkAlive.lnk [2016-05-11]
ShortcutTarget: KeepNetworkAlive.lnk -> C:\Program Files (x86)\Lau Han Ching\KeepNetworkAlive\KeepNetworkAlive.exe (Lau Han Ching)
BootExecute: autocheck autochk /r \??\M:autocheck autochk /r \??\H:autocheck autochk /r \??\C:PDBoot.exeautocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{40AEA452-D880-45C6-BD71-00BCFB6334E5}: [NameServer] 200.225.197.34,8.8.8.8
Tcpip\..\Interfaces\{BC43EE2E-1316-432C-A0AD-B2DA74DD7DCA}: [NameServer] 200.225.197.34,8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-411181793-808532874-1999897628-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-411181793-808532874-1999897628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-411181793-808532874-1999897628-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?pc=UE09&ocid=UE09DHP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-19] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-04-22] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-10-16] (Atheros Commnucations)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-19] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-04-22] (Webroot)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-19] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-19] (LastPass)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-19] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-19] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-29] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: SkypePlugin -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: SkypePlugin64 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR Profile: C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-19]
CHR Extension: (Google Docs) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-19]
CHR Extension: (Google Drive) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-19]
CHR Extension: (YouTube) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-19]
CHR Extension: (Google Sheets) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (Gmail) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-19]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [219776 2012-10-16] (Atheros Commnucations) [File not signed]
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [591408 2016-04-06] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911464 2016-04-29] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-04-21] (Fork, Ltd.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [347696 2016-03-18] (Steganos Software GmbH)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202288 2016-04-28] (Microsoft Corporation) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S2 ReduceTheLag-v3; C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [264192 2016-04-19] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-11] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-04-21] (RaMMicHaeL)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-11] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\inRQttUZ\fsjHGpCl.exe [877224 2016-05-12] (Webroot)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-16] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-10-16] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2016-04-24] (Zemana Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2016-04-19] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-04-11] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-04-22] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [54512 2016-04-22] (Webroot)
S3 gkernel; \??\C:\Users\JUNIOR~1\AppData\Local\Temp\gkernel.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-17 13:59 - 2016-05-17 13:59 - 02382336 _____ (Farbar) C:\Users\juniorelson4\Desktop\FRST64.exe
2016-05-16 09:52 - 2016-05-16 09:52 - 00006576 ____N C:\bootsqm.dat
2016-05-15 23:02 - 2016-05-15 23:02 - 00001102 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-05-15 23:02 - 2016-05-15 23:02 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\VS Revo Group
2016-05-15 23:02 - 2016-05-15 23:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-05-15 23:02 - 2016-05-15 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-05-15 23:02 - 2016-05-15 23:02 - 00000000 ____D C:\Program Files\VS Revo Group
2016-05-15 23:02 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-05-15 23:00 - 2016-05-15 23:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-05-15 22:57 - 2016-04-23 14:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-15 22:57 - 2016-04-23 13:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-15 22:57 - 2016-04-23 02:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-15 22:57 - 2016-04-23 02:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-15 22:57 - 2016-04-23 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-15 22:57 - 2016-04-23 02:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-15 22:57 - 2016-04-23 02:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-15 22:57 - 2016-04-23 02:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-15 22:57 - 2016-04-23 02:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-15 22:57 - 2016-04-23 02:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-15 22:57 - 2016-04-23 02:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-15 22:57 - 2016-04-23 01:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-15 22:57 - 2016-04-23 01:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-15 22:57 - 2016-04-23 01:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-15 22:57 - 2016-04-23 01:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-15 22:57 - 2016-04-23 01:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-15 22:57 - 2016-04-23 01:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-15 22:57 - 2016-04-23 01:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-15 22:57 - 2016-04-23 01:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-15 22:57 - 2016-04-23 01:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-15 22:57 - 2016-04-23 01:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-15 22:57 - 2016-04-23 01:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-15 22:57 - 2016-04-23 01:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-15 22:57 - 2016-04-23 01:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-15 22:57 - 2016-04-23 01:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-15 22:57 - 2016-04-23 01:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-15 22:57 - 2016-04-23 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-15 22:57 - 2016-04-23 01:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-15 22:57 - 2016-04-23 01:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-15 22:57 - 2016-04-23 01:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-15 22:57 - 2016-04-23 01:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-15 22:57 - 2016-04-23 01:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-15 22:57 - 2016-04-23 01:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-15 22:57 - 2016-04-23 01:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-15 22:57 - 2016-04-23 01:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-15 22:57 - 2016-04-23 01:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-15 22:57 - 2016-04-23 01:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-15 22:57 - 2016-04-23 01:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-15 22:57 - 2016-04-23 01:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-15 22:57 - 2016-04-23 01:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-15 22:57 - 2016-04-23 01:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-15 22:57 - 2016-04-23 01:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-15 22:57 - 2016-04-23 01:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-15 22:57 - 2016-04-23 00:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-15 22:57 - 2016-04-23 00:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-15 22:57 - 2016-04-23 00:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-15 22:57 - 2016-04-23 00:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-15 22:57 - 2016-04-23 00:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-15 22:57 - 2016-04-23 00:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-15 22:57 - 2016-04-23 00:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-15 22:57 - 2016-04-23 00:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-15 22:57 - 2016-04-23 00:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-15 22:57 - 2016-04-23 00:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-15 22:57 - 2016-04-23 00:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-15 22:57 - 2016-04-23 00:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-15 22:57 - 2016-04-23 00:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-15 22:57 - 2016-04-23 00:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-15 22:57 - 2016-04-23 00:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-15 22:57 - 2016-04-23 00:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-15 22:57 - 2016-04-23 00:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-15 22:57 - 2016-04-23 00:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-15 22:57 - 2016-04-23 00:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-15 22:57 - 2016-04-23 00:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-15 22:57 - 2016-04-23 00:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-15 22:57 - 2016-04-23 00:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-15 22:57 - 2016-04-23 00:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-15 22:55 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-15 22:55 - 2016-04-14 10:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-15 22:55 - 2016-04-09 04:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-15 22:55 - 2016-04-09 04:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-15 22:55 - 2016-04-09 04:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-15 22:55 - 2016-04-09 04:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-15 22:55 - 2016-04-09 04:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-15 22:55 - 2016-04-09 04:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-15 22:55 - 2016-04-09 04:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-15 22:55 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-15 22:55 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-15 22:55 - 2016-04-09 03:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-15 22:55 - 2016-04-09 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-15 22:55 - 2016-04-09 02:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-15 22:55 - 2016-04-09 02:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-15 22:55 - 2016-04-09 02:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-15 22:55 - 2016-04-09 02:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-15 22:55 - 2016-04-09 02:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-15 22:55 - 2016-04-09 02:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-15 22:55 - 2016-04-09 02:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-15 22:55 - 2016-04-09 02:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-15 22:55 - 2016-04-09 02:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-15 22:55 - 2016-04-09 02:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-15 22:55 - 2016-04-09 02:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-15 22:55 - 2016-04-09 02:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-15 22:55 - 2016-04-09 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-15 22:55 - 2016-04-09 02:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-15 22:55 - 2016-04-09 02:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-15 22:55 - 2016-04-09 02:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-15 22:55 - 2016-04-09 02:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-15 22:55 - 2016-04-09 02:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-15 22:55 - 2016-04-09 02:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 02:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 02:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 22:55 - 2016-04-09 02:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-15 22:55 - 2016-04-06 12:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-15 22:54 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-15 22:54 - 2016-04-09 00:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-15 22:47 - 2016-05-15 22:47 - 00000000 ____D C:\Users\juniorelson4\AppData\LocalLow\Adobe
2016-05-15 22:46 - 2016-05-15 22:46 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-05-15 21:11 - 2016-05-15 21:11 - 00000000 ___RD C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-05-15 21:02 - 2016-05-15 21:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2016-05-15 21:02 - 2016-05-15 21:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2016-05-15 20:56 - 2016-05-15 20:56 - 00000932 _____ C:\Users\Public\Desktop\DS3 Tool.lnk
2016-05-15 20:56 - 2016-05-15 20:56 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\MotioninJoy
2016-05-15 20:56 - 2016-05-15 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-05-15 20:56 - 2016-05-15 20:56 - 00000000 ____D C:\Program Files\MotioninJoy
2016-05-15 20:56 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2016-05-15 20:56 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2016-05-15 20:56 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2016-05-14 10:38 - 2016-05-14 10:38 - 01575808 _____ (PortableApps.com) C:\Users\juniorelson4\Downloads\GoogleChromePortable64_50.0.2661.102_online.paf.exe
2016-05-14 09:40 - 2016-05-14 09:40 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\WaterfoxProject
2016-05-13 00:07 - 2016-05-13 00:07 - 00000000 ____D C:\Users\juniorelson4\.idlerc
2016-05-13 00:05 - 2016-05-13 00:05 - 00000000 ____D C:\Python25
2016-05-13 00:05 - 2016-05-13 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.5
2016-05-12 15:22 - 2016-05-12 15:22 - 00000056 _____ C:\Users\juniorelson4\Desktop\mega sena numeros.txt
2016-05-11 00:21 - 2016-05-11 00:22 - 03640384 _____ C:\Users\juniorelson4\Desktop\adwcleaner_5.116.exe
2016-05-10 15:07 - 2016-05-10 15:07 - 00000000 ____D C:\Users\juniorelson4\Documents\Samsung
2016-05-10 15:05 - 2016-05-10 15:05 - 00002140 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2016-05-10 15:05 - 2016-05-10 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-05-10 15:05 - 2016-01-08 05:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2016-05-10 15:05 - 2016-01-08 05:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2016-05-10 01:15 - 2016-04-14 02:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-10 01:15 - 2016-04-14 02:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-10 01:15 - 2016-04-14 02:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-08 17:55 - 2016-05-15 23:14 - 00002583 _____ C:\Users\juniorelson4\Desktop\Fixlog.txt
2016-05-08 17:55 - 2016-05-15 23:14 - 00000000 ____D C:\Users\juniorelson4\Desktop\FRST-OlderVersion
2016-05-08 17:21 - 2016-05-08 17:26 - 00000000 ____D C:\AVG_Remover
2016-05-08 10:59 - 2016-05-08 17:30 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Steganos
2016-05-08 10:59 - 2016-05-08 11:05 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Steganos VPN
2016-05-08 10:59 - 2016-05-08 11:00 - 00000000 ____D C:\Program Files (x86)\Steganos Online Shield
2016-05-08 10:59 - 2016-05-08 10:59 - 00001222 _____ C:\Users\Public\Desktop\Steganos Online Shield.lnk
2016-05-08 10:59 - 2016-05-08 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2016-05-07 19:55 - 2016-05-11 00:24 - 00000000 ____D C:\AdwCleaner
2016-05-07 09:57 - 2016-05-07 09:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-05-06 14:47 - 2016-05-06 14:47 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\NVIDIA
2016-05-06 14:26 - 2016-05-08 17:27 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2016-05-06 14:26 - 2016-05-06 14:56 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\SecondLife
2016-05-05 07:29 - 2016-05-11 12:20 - 00000000 ____D C:\Program Files (x86)\Blackd Safe Cheats
2016-05-05 07:29 - 2016-05-05 07:29 - 00001075 _____ C:\Users\Public\Desktop\Blackd Safe Cheats.lnk
2016-05-05 07:29 - 2016-05-05 07:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackd Safe Cheats
2016-05-05 07:28 - 2016-05-06 16:19 - 00000000 ____D C:\Program Files (x86)\Tibia
2016-05-05 07:28 - 2016-05-05 07:28 - 00000970 _____ C:\Users\Public\Desktop\Tibia.lnk
2016-05-05 07:28 - 2016-05-05 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
2016-05-05 07:18 - 2016-05-05 07:18 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\FreeDownloadManager.ORG
2016-05-03 14:31 - 2016-05-03 14:31 - 00038072 _____ C:\Users\juniorelson4\Desktop\Addition.txt
2016-05-03 14:29 - 2016-05-17 14:01 - 00027549 _____ C:\Users\juniorelson4\Desktop\FRST.txt
2016-05-03 14:29 - 2016-05-17 14:00 - 00000000 ____D C:\FRST
2016-05-02 12:06 - 2016-05-02 12:06 - 00001024 ____H C:\SYSTAG.BIN
2016-05-02 00:15 - 2016-05-11 01:18 - 00045270 _____ C:\Users\juniorelson4\AppData\Roaming\room_v3.dat
2016-05-01 21:31 - 2016-05-01 21:31 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\xim
2016-05-01 17:40 - 2016-05-02 18:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-01 10:49 - 2016-05-01 10:49 - 00002900 _____ C:\Windows\system32\lic2.xml20039
2016-04-30 08:55 - 2016-05-05 09:07 - 00002288 ____H C:\Users\juniorelson4\Documents\Default.rdp
2016-04-29 10:35 - 2016-04-29 10:35 - 00002900 _____ C:\Windows\system32\lic2.xml15370
2016-04-29 08:59 - 2016-04-29 09:01 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-04-29 00:47 - 2016-04-29 00:48 - 00000000 ____D C:\Users\juniorelson4\Documents\GTA Vice City User Files
2016-04-29 00:15 - 2016-04-29 00:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JUNIORELSON4-PC-Windows-7-Professional-(64-bit).dat
2016-04-29 00:15 - 2016-04-29 00:15 - 00000000 ____D C:\RegBackup
2016-04-29 00:08 - 2016-05-05 08:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-29 00:08 - 2016-05-05 08:27 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-28 23:53 - 2016-04-29 00:33 - 00236938 _____ C:\Windows\ntbtlog.txt
2016-04-28 19:50 - 2016-04-28 19:50 - 00000009 _____ C:\Users\juniorelson4\Desktop\ttt.txt
2016-04-28 12:08 - 2016-05-15 23:17 - 00424424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-28 10:58 - 2016-04-29 00:37 - 00111056 _____ C:\Users\juniorelson4\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-26 18:15 - 2016-04-27 13:22 - 00001049 _____ C:\Users\juniorelson4\Desktop\grid.csv - Shortcut.lnk
2016-04-26 11:42 - 2016-04-26 11:42 - 00001074 _____ C:\Users\Public\Desktop\AOMEI Backupper Professional.lnk
2016-04-26 11:42 - 2016-04-26 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2016-04-26 11:41 - 2016-05-02 12:36 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2016-04-26 08:20 - 2016-04-26 08:20 - 00066560 _____ C:\Windows\dm_batch.bak
2016-04-26 08:20 - 2016-04-26 08:20 - 00000032 _____ C:\Windows\dm.dmap
2016-04-26 08:09 - 2016-05-02 12:33 - 00000000 ____D C:\ProgramData\AomeiBR
2016-04-26 08:09 - 2016-05-02 12:06 - 00000082 _____ C:\Windows\SysWOW64\winsevr.dat
2016-04-26 08:09 - 2015-02-26 00:00 - 00151480 _____ C:\Windows\system32\ammntdrv.sys
2016-04-26 08:09 - 2015-02-26 00:00 - 00030648 _____ C:\Windows\system32\ambakdrv.sys
2016-04-26 08:09 - 2015-02-26 00:00 - 00017848 _____ C:\Windows\system32\amwrtdrv.sys
2016-04-25 12:32 - 2016-04-25 12:32 - 00002741 ____T C:\Windows\system32\lic2tmp.xml10961
2016-04-25 12:27 - 2016-04-25 12:28 - 00002842 _____ C:\Windows\system32\lic2.xml10129
2016-04-25 06:53 - 2016-04-25 06:53 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-25 06:53 - 2016-04-25 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-25 02:00 - 2016-04-25 02:00 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\EMCO
2016-04-25 01:59 - 2016-04-25 01:59 - 00002034 _____ C:\Users\Public\Desktop\EMCO MoveOnBoot v2.lnk
2016-04-25 01:59 - 2016-04-25 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
2016-04-25 01:59 - 2016-04-25 01:59 - 00000000 ____D C:\Program Files\EMCO
2016-04-25 01:53 - 2016-04-25 07:36 - 00000000 ____D C:\Users\Public\Documents\Heimdal Security
2016-04-25 01:47 - 2016-04-25 12:16 - 00000000 ____D C:\ProgramData\Heimdal Security
2016-04-25 01:47 - 2016-04-25 12:16 - 00000000 ____D C:\Program Files (x86)\Heimdal
2016-04-25 01:43 - 2016-04-25 01:43 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-04-25 01:43 - 2016-04-25 01:43 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-04-24 18:17 - 2016-04-24 18:17 - 00001098 _____ C:\Users\Public\Desktop\Free Alarm Clock.lnk
2016-04-24 18:17 - 2016-04-24 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2016-04-24 18:17 - 2016-04-24 18:17 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2016-04-24 07:38 - 2016-04-24 07:42 - 00000000 ____D C:\Program Files (x86)\ReducetheLag
2016-04-24 07:38 - 2016-04-24 07:38 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReduceTheLag
2016-04-24 00:40 - 2016-05-17 10:42 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-24 00:40 - 2016-05-05 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-04-24 00:40 - 2016-05-05 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-04-24 00:37 - 2016-04-24 00:37 - 00001368 _____ C:\Users\Public\Desktop\KeepNetworkAlive.lnk
2016-04-24 00:37 - 2016-04-24 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepNetworkAlive
2016-04-24 00:37 - 2016-04-24 00:37 - 00000000 ____D C:\Program Files (x86)\Lau Han Ching
2016-04-24 00:24 - 2016-04-28 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
2016-04-24 00:24 - 2016-04-24 00:24 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2016-04-24 00:24 - 2016-04-24 00:24 - 00000924 _____ C:\Users\Public\Desktop\AntiLogger.lnk
2016-04-24 00:24 - 2016-04-24 00:24 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2016-04-24 00:24 - 2016-04-24 00:24 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Zemana
2016-04-24 00:24 - 2016-04-24 00:24 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2016-04-24 00:24 - 2016-04-24 00:24 - 00000000 ____D C:\Program Files (x86)\AntiLogger
2016-04-24 00:24 - 2014-12-30 13:31 - 07039960 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2016-04-24 00:24 - 2014-12-30 13:31 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2016-04-23 22:48 - 2016-05-16 13:23 - 00000000 __SHD C:\Users\juniorelson4\IntelGraphicsProfiles
2016-04-23 22:45 - 2016-04-23 22:45 - 00000700 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-04-23 22:44 - 2016-01-13 15:38 - 00190868 __RSH C:\Windows\system32\resTHA.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00183476 __RSH C:\Windows\system32\resELL.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00179252 __RSH C:\Windows\system32\resRUS.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00164932 __RSH C:\Windows\system32\resARA.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00164404 __RSH C:\Windows\system32\resJPN.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00164356 __RSH C:\Windows\system32\resHEB.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00159732 __RSH C:\Windows\system32\resHUN.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00159716 __RSH C:\Windows\system32\resFRA.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00158004 __RSH C:\Windows\system32\resKOR.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00157892 __RSH C:\Windows\system32\resDEU.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00157860 __RSH C:\Windows\system32\resITA.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00157668 __RSH C:\Windows\system32\resROM.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00157572 __RSH C:\Windows\system32\resESN.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00157140 __RSH C:\Windows\system32\resPLK.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00157012 __RSH C:\Windows\system32\resSKY.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00156836 __RSH C:\Windows\system32\resNLD.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00156228 __RSH C:\Windows\system32\resPTB.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00156132 __RSH C:\Windows\system32\resCSY.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00156116 __RSH C:\Windows\system32\resTRK.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00155940 __RSH C:\Windows\system32\resPTG.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00155460 __RSH C:\Windows\system32\resFIN.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00155060 __RSH C:\Windows\system32\resHRV.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00154628 __RSH C:\Windows\system32\resSVE.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00154484 __RSH C:\Windows\system32\resSLV.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00153508 __RSH C:\Windows\system32\resNOR.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00153028 __RSH C:\Windows\system32\resDAN.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00151684 __RSH C:\Windows\system32\resENU.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00149924 __RSH C:\Windows\system32\resCHT.cui
2016-04-23 22:44 - 2016-01-13 15:38 - 00149060 __RSH C:\Windows\system32\resCHS.cui
2016-04-23 22:44 - 2016-01-13 15:37 - 10948400 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 10475064 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 04604624 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 03793872 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-04-23 22:44 - 2016-01-13 15:37 - 03644664 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2016-04-23 22:44 - 2016-01-13 15:37 - 02027008 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 01987072 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 01786368 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 01758208 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 01137120 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 01133000 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00673280 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00609280 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00530552 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-04-23 22:44 - 2016-01-13 15:37 - 00454760 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00376832 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00372856 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2016-04-23 22:44 - 2016-01-13 15:37 - 00371200 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00366680 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00319096 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-04-23 22:44 - 2016-01-13 15:37 - 00286720 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00280696 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2016-04-23 22:44 - 2016-01-13 15:37 - 00255488 _____ C:\Windows\system32\igfxCPL.cpl
2016-04-23 22:44 - 2016-01-13 15:37 - 00252416 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00247416 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-04-23 22:44 - 2016-01-13 15:37 - 00218848 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00209408 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00195192 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-04-23 22:44 - 2016-01-13 15:37 - 00189440 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4358.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00188496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00184832 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00183840 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00159096 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00155136 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00086528 _____ C:\Windows\system32\igfxCUIServicePS.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00059904 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00031448 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2016-04-23 22:44 - 2016-01-13 15:37 - 00002582 _____ C:\Windows\system32\iglhxs64.vp
2016-04-23 22:44 - 2016-01-13 15:37 - 00001125 _____ C:\Windows\system32\iglhxa64.vp
2016-04-23 22:43 - 2016-01-13 15:37 - 22905344 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 17837568 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 12211184 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 11784216 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 08514048 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 06501376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 04382840 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 04379256 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00959608 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00545912 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00545400 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00463112 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2016-04-23 22:43 - 2016-01-13 15:37 - 00399992 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00399480 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00366080 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 00321536 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 00316245 _____ C:\Windows\system32\DisplayAudiox64.cab
2016-04-23 22:43 - 2016-01-13 15:37 - 00221184 _____ C:\Windows\system32\igdde64.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 00182784 _____ C:\Windows\SysWOW64\igdde32.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 00162304 _____ C:\Windows\system32\igdail64.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 00156280 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-04-23 22:43 - 2016-01-13 15:37 - 00143872 _____ C:\Windows\SysWOW64\igdail32.dll
2016-04-23 22:43 - 2016-01-13 15:37 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2016-04-23 22:43 - 2016-01-13 15:37 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2016-04-23 22:43 - 2016-01-13 15:37 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2016-04-23 22:43 - 2016-01-13 15:37 - 00000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2016-04-23 22:43 - 2016-01-13 15:37 - 00000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2016-04-23 22:43 - 2016-01-13 15:37 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2016-04-23 22:38 - 2016-04-23 22:38 - 00000000 ____D C:\ProgramData\IntelDLM
2016-04-23 22:28 - 2016-04-23 22:32 - 00003038 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-04-23 22:28 - 2016-04-23 22:28 - 00001201 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.4.lnk
2016-04-23 22:28 - 2016-04-23 22:28 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-04-23 22:28 - 2016-04-23 22:28 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Intel
2016-04-23 22:28 - 2016-04-23 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-04-23 22:28 - 2016-04-23 22:28 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-04-23 22:28 - 2016-03-09 20:43 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-04-23 21:35 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-23 21:35 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-23 11:06 - 2016-04-23 11:06 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\TeamViewer
2016-04-23 11:05 - 2016-04-23 11:05 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\TeamViewer
2016-04-22 20:44 - 2016-04-22 20:44 - 00408984 _____ C:\Users\juniorelson4\Documents\Scan0002.pdf
2016-04-22 20:43 - 2016-04-22 20:43 - 00166838 _____ C:\Users\juniorelson4\Documents\Scan0001.pdf
2016-04-22 12:59 - 2016-05-16 13:25 - 00000000 ____D C:\Program Files\PeerBlock
2016-04-22 12:59 - 2016-04-22 12:59 - 00001743 _____ C:\Users\juniorelson4\Desktop\PeerBlock.lnk
2016-04-22 12:59 - 2016-04-22 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-04-22 09:30 - 2016-04-22 09:30 - 00000024 ___SH C:\Users\juniorelson4\AppData\Roaming\Win1347.ConfigCollection.dlx
2016-04-22 09:30 - 2016-04-22 09:30 - 00000024 ___SH C:\Users\juniorelson4\AppData\Roaming\System3465 Conf_Repository.xrd
2016-04-22 09:08 - 2016-04-22 09:08 - 00054512 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2016-04-22 09:08 - 2016-04-22 09:08 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-04-22 09:05 - 2016-05-17 08:30 - 00000000 ____D C:\ProgramData\WRData
2016-04-22 09:05 - 2016-05-12 09:35 - 00182200 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2016-04-22 09:05 - 2016-05-12 09:35 - 00117304 _____ (Webroot) C:\Windows\system32\WRusr.dll
2016-04-22 09:05 - 2016-04-22 09:05 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2016-04-22 09:05 - 2016-04-22 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-04-22 09:05 - 2016-04-22 09:05 - 00000000 ____D C:\Program Files\inRQttUZ
2016-04-22 00:56 - 2016-05-10 15:03 - 00000000 ____D C:\Program Files\Samsung
2016-04-22 00:56 - 2016-04-22 00:56 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2016-04-22 00:55 - 2016-05-10 15:06 - 00000000 ____D C:\ProgramData\Samsung
2016-04-22 00:55 - 2016-05-10 15:04 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Samsung
2016-04-22 00:55 - 2016-05-10 15:04 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-04-22 00:55 - 2015-11-20 15:05 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2016-04-21 03:57 - 2016-05-04 01:49 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\XnView
2016-04-21 03:38 - 2016-05-16 14:00 - 00001062 _____ C:\Users\juniorelson4\Desktop\XnView.lnk
2016-04-21 03:38 - 2016-05-16 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2016-04-21 03:34 - 2016-05-16 14:00 - 00000000 ____D C:\Program Files (x86)\XnView
2016-04-21 03:23 - 2016-04-21 10:46 - 00000000 ____D C:\Program Files\Immunet
2016-04-21 03:23 - 2016-04-21 03:23 - 00000000 ____D C:\ProgramData\Immunet
2016-04-21 03:23 - 2016-04-21 03:23 - 00000000 _____ C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2016-04-21 03:06 - 2016-04-25 01:59 - 00000000 ____D C:\ProgramData\Unchecky
2016-04-21 03:06 - 2016-04-21 03:06 - 00001026 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-04-21 03:06 - 2016-04-21 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-04-21 03:06 - 2016-04-21 03:06 - 00000000 ____D C:\Program Files (x86)\Unchecky
2016-04-21 03:03 - 2016-04-21 03:03 - 00000000 ____D C:\Windows\Prey
2016-04-21 02:47 - 2016-05-03 07:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-21 02:47 - 2016-04-21 02:47 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-21 02:47 - 2016-04-21 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-21 02:47 - 2016-04-21 02:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-21 02:47 - 2016-04-21 02:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-21 02:47 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-21 02:47 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-21 02:47 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-21 01:23 - 2016-03-09 16:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-21 01:23 - 2016-03-09 16:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-21 01:23 - 2016-03-09 15:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-21 01:23 - 2016-03-09 15:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-21 01:20 - 2016-04-21 01:21 - 00101904 _____ C:\ProgramData\1461212439.7604.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 00039128 _____ C:\ProgramData\1461212439.7388.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 00018624 _____ C:\ProgramData\1461212439.7800.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 00006197 _____ C:\ProgramData\1461212439.2832.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 00003556 _____ C:\ProgramData\1461212439.968.bin
2016-04-21 01:10 - 2016-04-21 01:10 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Privatefirewall
2016-04-21 01:08 - 2016-04-21 01:08 - 00000146 _____ C:\Windows\ODBC.INI
2016-04-21 01:08 - 2016-04-21 01:08 - 00000000 ____D C:\ProgramData\Privacyware
2016-04-21 01:08 - 2016-04-21 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2016-04-21 01:08 - 2016-04-21 01:08 - 00000000 ____D C:\Program Files (x86)\Privacyware
2016-04-21 01:08 - 2013-09-29 21:24 - 00133152 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2016-04-20 22:41 - 2016-04-20 22:41 - 00000000 ____D C:\Windows\SysWOW64\games
2016-04-20 20:01 - 2016-04-20 20:01 - 00002566 _____ C:\Users\juniorelson4\Desktop\Windows 7 USB DVD Download Tool.lnk
2016-04-20 20:01 - 2016-04-20 20:01 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-04-20 20:01 - 2016-04-20 20:01 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2016-04-20 04:49 - 2016-04-20 04:49 - 00001221 _____ C:\Users\Public\Desktop\T STFB.lnk
2016-04-20 04:49 - 2016-04-20 04:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safest Tibian - Flash Bot
2016-04-20 04:49 - 2016-04-20 04:49 - 00000000 ____D C:\Program Files (x86)\Safest Tibian - Flash Bot
2016-04-20 04:39 - 2016-04-20 04:39 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-20 04:37 - 2016-04-20 04:37 - 00001741 _____ C:\Users\juniorelson4\Desktop\Chrome App Launcher.lnk
2016-04-20 04:37 - 2016-04-20 04:37 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-04-19 16:31 - 2016-04-19 16:31 - 00180264 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2016-04-19 16:22 - 2016-04-19 16:28 - 00000000 ____D C:\Users\juniorelson4\AppData\LocalLow\Adblock Plus for IE
2016-04-19 16:17 - 2016-04-19 16:17 - 00001192 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2016-04-19 16:17 - 2016-04-19 16:17 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2016-04-19 16:17 - 2016-04-19 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2016-04-19 16:17 - 2016-04-19 16:17 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-04-19 16:16 - 2016-05-08 16:30 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Xmarks
2016-04-19 16:16 - 2016-04-19 16:16 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2016-04-19 16:16 - 2016-04-19 16:16 - 00000000 ____D C:\Program Files (x86)\Xmarks
2016-04-19 12:45 - 2016-04-19 12:45 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\CEF
2016-04-19 12:07 - 2016-04-19 12:48 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Google
2016-04-19 03:08 - 2016-04-19 03:08 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\4kdownload.com
2016-04-19 02:58 - 2016-04-19 02:58 - 00000000 ____D C:\Users\juniorelson4\Tracing
2016-04-19 02:58 - 2016-04-19 02:58 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Skype
2016-04-19 02:57 - 2016-04-19 02:58 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\SkypePlugin
2016-04-19 02:38 - 2016-04-19 02:39 - 00002135 _____ C:\Users\juniorelson4\Documents\NoPing.xml
2016-04-19 02:38 - 2016-04-19 02:38 - 00000000 ____D C:\NpAPI
2016-04-19 02:30 - 2016-04-21 01:19 - 00000000 ____D C:\Program Files (x86)\NoPing Elite v11
2016-04-19 02:30 - 2016-04-19 02:30 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\NT Company
2016-04-19 01:23 - 2016-04-19 01:23 - 01632280 _____ C:\Windows\SysWOW64\d64.dll
2016-04-19 01:23 - 2016-04-19 01:23 - 01286168 _____ C:\Windows\SysWOW64\d32.dll
2016-04-19 01:23 - 2016-04-19 01:23 - 00109080 _____ C:\Windows\SysWOW64\TibiaTunnel32.exe
2016-04-19 01:22 - 2016-04-22 13:36 - 00000000 ____D C:\Program Files (x86)\TibiaTunnel
2016-04-19 01:22 - 2016-04-19 01:23 - 08602648 _____ (TibiaTunnel) C:\Windows\SysWOW64\TibiaTunnel.exe
2016-04-19 01:22 - 2016-04-19 01:23 - 00000000 ____D C:\Windows\SysWOW64\x64
2016-04-19 01:22 - 2016-04-19 01:22 - 01320472 _____ C:\Windows\SysWOW64\LocalGamingServer.exe
2016-04-19 01:22 - 2016-04-19 01:22 - 00002641 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TibiaTunnel.lnk
2016-04-19 01:22 - 2016-04-19 01:22 - 00002629 _____ C:\Users\Public\Desktop\TibiaTunnel.lnk
2016-04-19 00:19 - 2016-04-19 16:29 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\vlc
2016-04-19 00:18 - 2016-04-19 00:18 - 00000878 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-19 00:18 - 2016-04-19 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-19 00:17 - 2016-04-19 00:17 - 00000000 ____D C:\Program Files\VideoLAN
2016-04-18 23:09 - 2016-04-21 01:18 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\TunnelBear
2016-04-18 23:09 - 2016-04-18 23:09 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\IsolatedStorage
2016-04-18 15:44 - 2016-04-19 15:38 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\tor
2016-04-17 11:56 - 2016-05-14 08:08 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\CrashDumps
2016-04-17 10:39 - 2016-04-28 23:49 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 17:46 - 2009-07-14 02:13 - 00779996 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-16 17:46 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-05-16 13:40 - 2016-04-11 14:09 - 00002902 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (juniorelson4)
2016-05-16 13:32 - 2009-07-14 01:45 - 00031696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-16 13:32 - 2009-07-14 01:45 - 00031696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-16 13:20 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-16 12:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-05-16 10:48 - 2016-04-16 10:12 - 00000000 ____D C:\Users\juniorelson4\AppData\LocalLow\LastPass
2016-05-15 23:15 - 2016-04-13 08:50 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-15 23:15 - 2011-04-12 04:51 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 23:07 - 2016-04-11 22:54 - 00000000 ____D C:\Windows\system32\MRT
2016-05-15 22:59 - 2016-04-11 22:54 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-15 22:50 - 2016-04-12 11:22 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\Adobe
2016-05-15 22:50 - 2016-04-11 14:24 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 22:50 - 2016-04-11 14:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 22:46 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-15 22:33 - 2016-04-11 14:09 - 00000000 ____D C:\ProgramData\ProductData
2016-05-14 09:40 - 2016-04-16 10:02 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Mozilla
2016-05-14 09:40 - 2016-04-12 21:10 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\ProcessLasso
2016-05-14 09:40 - 2016-04-12 21:10 - 00000000 ____D C:\Program Files\Process Lasso
2016-05-13 00:07 - 2016-04-10 22:06 - 00000000 ____D C:\Users\juniorelson4
2016-05-10 15:04 - 2016-04-11 13:06 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-05-10 01:16 - 2016-04-12 18:51 - 00001384 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-10 01:16 - 2016-04-12 18:51 - 00000000 ____D C:\Users\juniorelson4\AppData\Local\NVIDIA
2016-05-08 17:37 - 2016-04-12 08:43 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-08 17:32 - 2016-04-12 08:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-05 16:58 - 2016-04-13 11:05 - 00001600 _____ C:\Windows\Sandboxie.ini
2016-05-05 16:53 - 2016-04-11 12:40 - 00000000 ____D C:\Users\juniorelson4\Documents\Bluetooth Folder
2016-05-02 02:39 - 2016-04-12 18:51 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-02 02:39 - 2016-04-12 18:51 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-02 02:38 - 2016-04-12 18:51 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-02 02:38 - 2016-04-12 18:51 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-02 02:38 - 2016-04-12 18:51 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-04-29 08:59 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-04-29 08:59 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-04-29 00:47 - 2016-04-13 21:57 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-29 00:43 - 2016-04-12 21:10 - 00003000 _____ C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2016-04-29 00:43 - 2016-04-12 21:10 - 00002994 _____ C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2016-04-29 00:40 - 2016-04-10 22:48 - 00779410 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-29 00:36 - 2011-04-12 04:51 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-29 00:35 - 2016-04-12 19:32 - 00000000 ____D C:\Windows\SysWOW64\NV
2016-04-29 00:35 - 2016-04-12 19:32 - 00000000 ____D C:\Windows\system32\NV
2016-04-29 00:34 - 2011-04-12 04:51 - 00000000 ____D C:\Windows\CSC
2016-04-29 00:28 - 2009-07-13 23:34 - 00000439 _____ C:\Windows\win.ini
2016-04-28 19:11 - 2009-07-14 00:20 - 00000000 ___RD C:\Users\Public\Libraries
2016-04-28 17:59 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-25 12:17 - 2016-04-11 14:09 - 00000000 ____D C:\Users\juniorelson4\AppData\Roaming\IObit
2016-04-23 22:48 - 2016-04-11 13:34 - 00015810 _____ C:\Windows\system32\results.xml
2016-04-23 22:45 - 2016-04-11 13:16 - 00000000 ____D C:\Program Files\Intel
2016-04-23 22:45 - 2016-04-11 13:06 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-23 22:28 - 2016-04-11 13:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-23 22:28 - 2016-04-11 13:16 - 00000000 ____D C:\ProgramData\Intel
2016-04-22 08:38 - 2009-07-13 23:34 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts_bak_416
2016-04-21 15:05 - 2010-11-21 00:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 09:29 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-19 16:31 - 2016-04-11 14:09 - 00002157 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-04-19 01:15 - 2016-04-16 08:35 - 00000000 ____D C:\Program Files (x86)\SemLag Pro
2016-04-17 12:53 - 2016-04-16 08:39 - 00001966 _____ C:\Users\juniorelson4\Documents\SemLag.xml
2016-04-17 11:47 - 2009-07-14 02:08 - 00020936 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2016-04-19 16:17 - 2016-04-19 16:17 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-05-02 00:15 - 2016-05-11 01:18 - 0045270 _____ () C:\Users\juniorelson4\AppData\Roaming\room_v3.dat
2016-04-16 08:39 - 2016-04-16 08:39 - 0000020 _____ () C:\Users\juniorelson4\AppData\Roaming\system.xml
2016-04-22 09:30 - 2016-04-22 09:30 - 0000024 ___SH () C:\Users\juniorelson4\AppData\Roaming\System3465 Conf_Repository.xrd
2016-04-22 09:30 - 2016-04-22 09:30 - 0000024 ___SH () C:\Users\juniorelson4\AppData\Roaming\Win1347.ConfigCollection.dlx
2016-04-11 14:03 - 2016-04-11 14:03 - 0008540 _____ () C:\Users\juniorelson4\AppData\Local\WiDiSetupLog.20160411.140308.txt
2016-04-12 22:33 - 2016-04-12 22:33 - 0103785 _____ () C:\ProgramData\1460511206.1216.bin
2016-04-12 22:33 - 2016-04-12 22:33 - 0039050 _____ () C:\ProgramData\1460511206.6228.bin
2016-04-12 22:33 - 2016-04-12 22:33 - 0018634 _____ () C:\ProgramData\1460511206.7136.bin
2016-04-12 22:33 - 2016-04-12 22:33 - 0003557 _____ () C:\ProgramData\1460511206.7704.bin
2016-04-12 22:33 - 2016-04-12 22:33 - 0007782 _____ () C:\ProgramData\1460511206.996.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 0006197 _____ () C:\ProgramData\1461212439.2832.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 0039128 _____ () C:\ProgramData\1461212439.7388.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 0101904 _____ () C:\ProgramData\1461212439.7604.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 0018624 _____ () C:\ProgramData\1461212439.7800.bin
2016-04-21 01:20 - 2016-04-21 01:21 - 0003556 _____ () C:\ProgramData\1461212439.968.bin
2016-04-12 13:14 - 2016-04-12 13:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-04-11 14:20 - 2016-04-11 14:20 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-08 00:48
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by juniorelson4 (2016-05-17 14:01:51)
Running from C:\Users\juniorelson4\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-04-11 01:06:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-411181793-808532874-1999897628-500 - Administrator - Disabled)
Guest (S-1-5-21-411181793-808532874-1999897628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-411181793-808532874-1999897628-1008 - Limited - Enabled)
juniorelson4 (S-1-5-21-411181793-808532874-1999897628-1000 - Administrator - Enabled) => C:\Users\juniorelson4
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AOMEI Backupper Professional (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.165 - Atheros)
Blackd Safe Cheats version 2.2.5 (HKLM-x32\...\{F4CFBC5D-12D5-423E-A4A3-BCB2F1631FD8}_is1) (Version: 2.2.5 - blackdtools.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
cFosSpeed v10.13 (HKLM\...\cFosSpeed) (Version: 10.13 - cFos Software GmbH, Bonn)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
EMCO MoveOnBoot 2.3 (HKLM\...\{5723E2BA-B062-4916-B51F-4E910DD1081A}) (Version: 2.3.5.3510 - EMCO Software)
f.lux (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Flux) (Version:  - )
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Universal Fax Driver (HKLM\...\{C2B45120-48BB-41FC-A1A7-4FF24DA5CDA3}) (Version: 1.0.246.0 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.15 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® Driver Update Utility (HKLM-x32\...\{1b09c4de-9cae-4122-b17c-65d395062b50}) (Version: 2.4.0.15 - Intel)
KeepNetworkAlive (HKLM-x32\...\{E1084644-02D2-4EFB-8665-874735C106CD}) (Version: 1.1.4328 - Lau Han Ching)
KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
PeaZip 6.0.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.0.0 - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.890 - Raxco Software Inc.)
Prey Anti-Theft (x32 Version: 1.5.1 - Prey, Inc.) Hidden
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.6 - Bitsum)
Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Reducethelag (HKLM-x32\...\ReducetheLag) (Version:  - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Safest Tibian - Flash Bot version 1.0 (HKLM-x32\...\{8BDCE6F3-1F35-4D29-A408-3ECE3202A384}_is1) (Version: 1.0 - Blackdtools.com)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{7E4C8063-6644-4580-B27F-6B70B1A51F0E}) (Version: 7.17.0.44 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Hidden
Steganos Online Shield (HKLM-x32\...\{896614ED-00BD-4E0C-99AB-01C76EE416D9}) (Version: 1.5.4 - Steganos Software GmbH)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.93 - CipSoft GmbH)
TibiaTunnel (HKLM-x32\...\{5E507836-4B00-46A5-A621-8517BA31923D}) (Version: 8.1.0 - TibiaTunnel)
Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.100 - Webroot)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{0BFBE3EE-00BF-49F9-BC19-26B42AF261C1}\InprocServer32 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\juniorelson4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\juniorelson4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{AC4E242D-28FB-40A2-9C2E-150FF1EE5B49}\localserver32 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\EdgeCalling.exe (Skype Technologies S.A.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {5A110151-51C7-4C3A-B404-3DABEEBBD318} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2016-05-14] (Bitsum LLC)
Task: {69D5D34C-0CED-48B3-A69F-2AA674F5209C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {6A6229FE-28B1-4C85-865C-92706D7028F8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {6FB15ED9-35AB-498C-8EAF-D36EA88E079B} - System32\Tasks\Driver Booster SkipUAC (juniorelson4) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-04-01] (IObit)
Task: {765A722A-C689-41ED-BBF1-7DC6327069AA} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {7CFCB5EF-B6A2-4E0E-82F0-C332700F2CAF} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-03-28] (IObit)
Task: {9F7504B0-8E83-412D-B32A-BBB872494422} - \Garena+ Plugin Host Service -> No File <==== ATTENTION
Task: {AEACC746-C1E6-4F53-A554-6BD258D11A6B} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {D2B29F3B-0C70-4B32-B960-1223FDD3E24D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-04-11] (Realtek Semiconductor)
Task: {E0144A29-B1B3-4A4E-84A1-1212127A5972} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2016-05-14] (Bitsum LLC)
Task: {F022BE3C-9179-497E-8FE8-315316F7D591} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-29] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-12 19:07 - 2016-03-22 01:12 - 00020536 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-04-12 19:16 - 2016-03-21 23:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 08:40 - 2016-04-29 07:29 - 00417472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-12 08:54 - 2016-04-29 11:28 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-14 10:39 - 2016-05-11 00:49 - 02224280 _____ () H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\50.0.2661.102\libglesv2.dll
2016-05-14 10:39 - 2016-05-11 00:49 - 00097944 _____ () H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\50.0.2661.102\libegl.dll
2016-05-14 10:39 - 2016-05-11 00:50 - 31491736 _____ () H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\50.0.2661.102\PepperFlash\pepflashplayer.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-04-26 11:41 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-04-26 11:41 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-04-12 19:07 - 2016-03-22 01:12 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-04-12 18:51 - 2016-05-02 03:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-11 13:16 - 2012-06-25 02:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-05-17 10:35 - 2016-05-17 10:35 - 00010752 _____ () C:\Users\juniorelson4\AppData\Local\Temp\nsh3C6D.tmp\System.dll
2016-05-17 10:35 - 2016-05-17 10:35 - 00016384 _____ () C:\Users\juniorelson4\AppData\Local\Temp\nsh3C6D.tmp\registry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2016-04-29 00:28 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-411181793-808532874-1999897628-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.225.197.34 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{4B448BD7-DA70-47BF-BE6A-C51939D85332}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{4A67C5CA-9216-4644-A70B-96BC2581C57B}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{B35C28D4-3E8C-48E0-A861-5BC272B4D396}] => (Allow) C:\Windows\Prey\versions\1.5.1\bin\node.exe
FirewallRules: [{21AA1F56-39C1-4687-900A-0968ED2A7F63}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{2FACFCB1-05EB-47F6-B097-48C379930F30}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{83D4F30B-6048-4ADA-B167-B1CF9C90DB51}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{EDFB184D-E648-4184-B65F-494F9DF7CE3B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{46D250E5-4DF9-4FE9-826F-28C227B32750}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{C666368D-61C7-4C95-A3EE-84745D15F932}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{13C2E17A-C24C-4AC2-83FD-2F87F444B181}] => (Allow) H:\Movable\SomeApps\Simple Port Tester\Simple Port Tester\spt.exe
FirewallRules: [{11D83F2A-8A68-44A1-9078-34B2FD778F7C}] => (Allow) H:\Movable\SomeApps\Simple Port Tester\Simple Port Tester\spt.exe
FirewallRules: [TCP Query User{A505F913-44B0-47B6-A35C-0DBAE5772333}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{D4C655B2-C173-4215-BBF3-6E878E08D5DF}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{9ADFBFB1-5B6C-4405-86F6-DA43DB5480FA}] => (Allow) C:\Users\juniorelson4\AppData\Roaming\Steganos\OnlineShield\Proxy\node.exe
FirewallRules: [{2CA25ECE-D313-4769-97DA-9F1683A7E2A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B0E5D021-86AC-42A5-95F9-018E786CC62C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{935A5A6A-C0BE-4ED1-92AE-984A97340770}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E04227DA-2E37-408B-9205-19AD504B29A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C27C85B5-EB90-4673-96CA-CD3763A200BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E3093D70-7E28-43E2-B0DD-101930CDC8DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{95F981B5-0E9D-4A50-AE12-E477AD008BC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C984E63-ED97-4800-9BDC-6C4FFF4129FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/17/2016 01:46:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2082629
 
Error: (05/17/2016 01:46:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2082629
 
Error: (05/17/2016 01:46:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/17/2016 01:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4072
 
Error: (05/17/2016 01:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4072
 
Error: (05/17/2016 01:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/17/2016 01:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (05/17/2016 01:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (05/17/2016 01:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/17/2016 01:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
 
 
System errors:
=============
Error: (05/17/2016 03:24:37 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BC43EE2E-1316-432C-A0AD-B2DA74DD7DCA}.
The backup browser is stopping.
 
Error: (05/16/2016 01:24:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
%%1053
 
Error: (05/16/2016 01:24:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
 
Error: (05/16/2016 01:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (05/16/2016 01:22:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (05/16/2016 01:21:49 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (05/16/2016 01:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE service failed to start due to the following error: 
%%1053
 
Error: (05/16/2016 01:21:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE service to connect.
 
Error: (05/16/2016 01:20:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReduceTheLag-v3 service failed to start due to the following error: 
%%1053
 
Error: (05/16/2016 01:20:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ReduceTheLag-v3 service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 66%
Total physical RAM: 8089.04 MB
Available physical RAM: 2709.85 MB
Total Virtual: 16176.26 MB
Available Virtual: 9804.88 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:117.19 GB) (Free:69.89 GB) NTFS
Drive h: (H True Data) (Fixed) (Total:205.08 GB) (Free:114.12 GB) NTFS
Drive m: (Backups) (Fixed) (Total:488.28 GB) (Free:400.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00002DD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#15 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 18 May 2016 - 03:21 PM

Hi juniorelson4,


Thank you for the logs and the Speccy snapshot.

Behavior of MSIE in Task Manager is not uncommon, but the high temperatures and RAM usage of Chrome concern me. The maximum case temperature for your processor is 65°C.

Intel%20i7-3537U%20Temperature%20Chart.j

Check to be sure the air inlets and outlets around your computer's case are unobstructed.

Although it's possible that the CPU's thermal protection is pausing your PC, I'd like to test the health of your physical disk.

Run Seagate's disk diagnostic tool

  • Please visit http://www.seagate.com/support/internal-hard-drives/laptop-hard-drives/spinpoint-m-series/
  • Download and install SeaTools for Windows.
  • After installation, you will see a shortcut for SeaTools for Windows on your desktop. Double-click the shortcut and allow the tool sufficient time to detect your physical drive(s).
  • Place checkmarks next to all detected drives.
  • On the menu bar, click Basic Tests and select Short Drive Self Test (DST).
  • Observe light blue progress bar in right-hand Test Status column. (Note: it takes about 8 minutes to test a 1TB drive.)
  • When test is complete, the Drive Status column should show Short DST in green.
  • Click Help and select View Log File.
  • A Windows Explorer window will open with the log file name preselected. Click Open.
  • If the log shows anything other than "Pass", copy and paste the results into your reply.
  • If your drive passes the short test, Click Basic Tests again and select Long Generic. (Note: This test takes about two hours on a 1TB drive.)
  • If the log shows anything other than "Pass", copy and paste the results into your reply.

 

System Summary Information

I'd like to see a comprehensive summary of your system shortly after a freeze. Please perform the actions that have been causing freezes (e.g., loading Chrome) then follow the next steps.

  • Press the windows key Windows_Logo_key.gif + R on your keyboard at the same time.
  • Type msinfo32 and press Enter.
  • Left click on System Summary.
  • Click File > Save... and name the file Summary.
  • Zip and attach the file to your reply.

 

 

In your next reply...

  • Confirm airflow is unobstructed.
  • Confirm your disk passed the diagnostic tests or copy and paste the test results into the body of your message.
  • Attach the Summary.zip file.

How is your PC running now?

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users