Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with stubborn adware


  • Please log in to reply
5 replies to this topic

#1 aribee

aribee

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 29 June 2016 - 11:51 PM

My browser intermittently opens ads when I click anywhere on the window (not just a link.  Right click can trigger it as well.)  It also tries to open popups, which are blocked by the browser itself. It will behave itself for a few minutes and then spawn with every click for around 3-5 clicks, and then go back to normal for a little while.  There is also some slowness and freezeups.

 

I have already run the following programs, with the following results:

 

-Malwarebytes anti-malware:  turns up the crossrider PUP.  However even when it is removed (and the computer rebooted), the PUP will return when I next open Chrome.

-Spybot Search and Destroy: Was coming up clean last time I checked. I later uninstalled it under advice from a poster here.

-ADWCleaner: Currently coming up clean.

-avast browser cleanup: Claims I'm free of issues, but cannot seem to detect any of my Chrome addons.  Also asks me if I'd like to remove an addon protector called lstartsurf but cannot actually remove it even when I say to do so.

-HitmanPro: Coming up clean.

-CCleaner: used to delete cookies/cache/etc (basically all browser things and system nonsense) on advice from a poster.  Doing this actually caused Malwarebytes to report that I was clean (no Crossrider) for the first time, but when I opened Chrome again, it came back.

-ESET online scanner: Currently coming up clean.

 

Logs follow.  Thanks in advance.

 

-----------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by arielhb (administrator) on GILGAMESH (29-06-2016 21:50:58)
Running from C:\Users\arielhb\Desktop
Loaded Profiles: arielhb (Available Profiles: arielhb)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Flux Software LLC) C:\Users\arielhb\AppData\Local\FluxSoftware\Flux\flux.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\memu\MEmu\adb.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18339_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\memu\MEmu\MEmu.exe
(Microvirt Corporation) C:\Program Files\memu\MEmuHyperv\MEmuSVC.exe
() C:\Program Files\memu\MEmuHyperv\MEmuHeadless.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Run: [f.lux] => C:\Users\arielhb\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3985976 2016-05-30] (GOG.com)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\RunOnce: [Uninstall C:\Users\arielhb\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\arielhb\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{3a634735-2e64-4860-83ab-c3d76070fa6c}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {C322B024-38B0-4FAA-91B9-AC4C82B63A58} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
 
FireFox:
========
FF ProfilePath: C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default
FF DefaultSearchEngine: Google
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-24] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF SearchPlugin: C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\searchplugins\amazon-search-suggestions.xml [2016-03-15]
FF SearchPlugin: C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\searchplugins\denshi-jisho---words-english.xml [2016-03-15]
FF SearchPlugin: C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\searchplugins\denshi-jisho---words-jap.xml [2016-03-15]
FF SearchPlugin: C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\searchplugins\thesauruscom.xml [2016-03-17]
FF Extension: No Name - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [not found]
FF Extension: Rikaichan Japanese Names Dictionary File - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\rikaichan-jpnames@polarcloud.com [2016-03-07]
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\rikaichan-jpen@polarcloud.com [2016-03-07]
FF Extension: Stylish - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-03-07]
FF Extension: LJlogin - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}.xpi [2016-03-07] [not signed]
FF Extension: Tab Mix Plus - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-03-07]
FF Extension: Easy Screenshot - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\easyscreenshot@mozillaonline.com [2016-03-07]
FF Extension: Greasemonkey - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-24]
FF Extension: Web Developer - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-05-24]
FF Extension: Lazarus: Form Recovery - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\lazarus@interclue.com.xpi [2016-05-24]
FF Extension: Classic Theme Restorer - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-05-26]
FF Extension: Dreamwidth Tools - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\dtools@ashleywr.com.xpi [2016-03-07]
FF Extension: YouTube Video and Audio Downloader - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-05-11]
FF Extension: Ghostery - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\firefox@ghostery.com.xpi [2016-05-11]
FF Extension: Word Count Tool - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\jid0-YHLk2psjhEWXNJqMKTU7dDcMJcN@jetpack.xpi [2016-03-13]
FF Extension: The Addon Bar (restored) - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-11]
FF Extension: uBlock Origin - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-11]
FF Extension: Google Reverse Image Search - C:\Users\arielhb\AppData\Roaming\Mozilla\Firefox\Profiles\2h47veuw.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-05-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-04-29]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> gml
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Plurk-Smile) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomdjjfldjbbnojlonpahdajglndlomc [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Web Developer) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-08-16]
CHR Extension: (Dreamwidth Tools) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldhncjmecnkemlfebgpehigfdbihhnd [2016-03-07]
CHR Extension: (EasyReader) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\boamfheepdiallipiieadpmnklbhadhc [2015-08-16]
CHR Extension: (Advanced Font Settings) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2015-08-16]
CHR Extension: (uBlock Origin) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-27]
CHR Extension: (Google Search) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tampermonkey) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-26]
CHR Extension: (Gmelius for Gmail) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2016-06-06]
CHR Extension: (Box) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-08-16]
CHR Extension: (Google Sheets) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (Stylish) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-06]
CHR Extension: (My Cats New Tab) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamgcdlfhmmigjmbffodgkpglbnejkjm [2016-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Downloads - Your Download Box) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2016-01-09]
CHR Extension: (Comments to Cats) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjfibdfedjcopejmhnhcimefdlfdpig [2016-06-23]
CHR Extension: (Imgur Uploader) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2016-05-26]
CHR Extension: (Font Rendering Enhancer) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbmmdjlcdediglgfcdkhinjdelkiock [2015-08-16]
CHR Extension: (Eye Dropper) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2015-08-16]
CHR Extension: (New XKit) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-02-01]
CHR Extension: (Spreed - speed read the web) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-04-03]
CHR Extension: (rikaikun) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-04-24]
CHR Extension: (Drag image To Save) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlepofnflidkndofkhhbalmmijnlpkpl [2016-05-26]
CHR Extension: (LJ Account Juggler) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfnihbghaikdicpdiciecbbdoegcfhc [2016-06-23]
CHR Extension: (WorkFlowy) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2016-03-24]
CHR Extension: (Modified Tab Ordering) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlppppejjiiinhklmlpfkafimagbcbe [2015-08-16]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2015-08-16]
CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-03-24]
CHR Extension: (Lorem Ipsum Generator (Default Text)) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdcbjjoakogbcopinefncmkcamnfkdb [2015-08-17]
CHR Extension: (Ghostery) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]
CHR Extension: (SmoothScroll) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2016-04-03]
CHR Extension: (Text-Only Mode) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelklgbagpchkmoipfpcbbjjbdbjhgid [2015-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Slinky Brushed) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc [2016-06-26]
CHR Extension: (Gmail) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR Extension: (Writer) - C:\Users\arielhb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-08-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2016-01-08] (American Megatrends Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-22] (Broadcom Corporation.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [246328 2016-05-30] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-05-30] (GOG.com)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-24] (SurfRight B.V.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [886096 2016-06-03] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-03] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-03] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-10-05] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-22] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7533784 2015-02-14] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 DuoVMDrv; C:\Windows\system32\DRIVERS\DuoVMDrv.sys [246720 2015-11-04] (American Megatrends Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-05-24] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [987568 2016-04-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R2 memudrv; C:\Program Files\memu\MEmuHyperv\MEmuDrv.sys [260328 2016-01-15] (Microvirt Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek                                            )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-29 21:50 - 2016-06-29 21:52 - 00031253 _____ C:\Users\arielhb\Desktop\FRST.txt
2016-06-29 21:50 - 2016-06-29 21:50 - 00000000 ____D C:\FRST
2016-06-29 19:38 - 2016-06-29 21:50 - 02390016 _____ (Farbar) C:\Users\arielhb\Desktop\FRST64.exe
2016-06-27 19:46 - 2016-06-27 19:46 - 00300208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-27 14:36 - 2016-06-27 14:36 - 00001040 _____ C:\Users\arielhb\Desktop\MOO.txt
2016-06-26 21:17 - 2016-06-26 23:27 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\To the Moon - Freebird Games
2016-06-26 09:16 - 2016-06-26 09:16 - 00000236 _____ C:\Users\arielhb\Desktop\ESETScan.txt
2016-06-26 03:57 - 2016-06-26 03:57 - 02870984 _____ (ESET) C:\Users\arielhb\Desktop\esetsmartinstaller_enu.exe
2016-06-26 03:57 - 2016-06-26 03:57 - 00000000 ____D C:\Program Files (x86)\ESET
2016-06-26 01:37 - 2016-06-26 01:37 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-06-26 01:37 - 2016-06-26 01:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-24 23:54 - 2016-06-24 23:54 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\3909
2016-06-24 23:11 - 2016-06-24 23:11 - 00002587 _____ C:\Users\arielhb\Desktop\JRT.txt
2016-06-24 23:06 - 2016-06-24 23:06 - 01610816 _____ (Malwarebytes) C:\Users\arielhb\Downloads\JRT.exe
2016-06-24 21:55 - 2016-06-24 21:55 - 00000000 ____D C:\Users\arielhb\Documents\ProcAlyzer Dumps
2016-06-24 21:54 - 2015-09-05 10:23 - 00450773 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160624-215429.backup
2016-06-24 21:30 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-24 21:28 - 2016-06-27 19:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-24 21:28 - 2016-06-26 01:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-24 21:26 - 2016-06-24 21:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\arielhb\Downloads\spybot-2.4.exe
2016-06-24 21:09 - 2016-06-24 21:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\arielhb\Downloads\HijackThis.exe
2016-06-24 18:30 - 2016-06-24 22:40 - 00000000 ____D C:\AdwCleaner
2016-06-24 18:29 - 2016-06-24 18:30 - 00014042 _____ C:\Users\arielhb\Documents\cc_20160624_182955.reg
2016-06-24 17:53 - 2016-06-24 17:53 - 03703360 _____ C:\Users\arielhb\Desktop\adwcleaner_5.200.exe
2016-06-24 17:38 - 2016-06-24 18:31 - 00001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-24 17:38 - 2016-06-24 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-24 17:37 - 2016-06-24 18:31 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-24 17:17 - 2016-06-24 23:35 - 02953520 _____ (AVAST Software) C:\Users\arielhb\Desktop\avast-browser-cleanup.exe
2016-06-24 04:30 - 2016-06-24 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-06-24 04:30 - 2016-06-23 14:46 - 00002212 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-06-24 04:28 - 2016-06-27 19:46 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-23 06:57 - 2016-06-23 06:57 - 00000218 _____ C:\Users\arielhb\AppData\Local\recently-used.xbel
2016-06-23 05:47 - 2016-06-23 05:47 - 00012147 _____ C:\Users\arielhb\Downloads\[kat.cr]wonder.woman.001.2016.2.covers.digital.minutemen.thoth.cbz.nem.torrent
2016-06-23 05:37 - 2016-06-23 05:37 - 00014730 _____ C:\Users\arielhb\Downloads\[kat.cr]wonder.woman.rebirth.01.2016.2.covers.digital.minutemen.thoth.cbz.nem (1).torrent
2016-06-21 04:13 - 2016-06-21 04:13 - 00088880 _____ C:\Users\arielhb\Downloads\[kat.cr]chantal.kreviazuk.studio.discography.1996.2009.320kbps.torrent
2016-06-21 04:13 - 2016-06-21 04:13 - 00049590 _____ C:\Users\arielhb\Downloads\[kat.cr]chantal.kreviazuk.discography.1996.2012.flac.h33t.kitlope.torrent
2016-06-21 04:12 - 2016-06-21 04:12 - 00219971 _____ C:\Users\arielhb\Downloads\[kat.cr]jewel.discography.1995.2011.320kbps.torrent
2016-06-21 04:08 - 2016-06-23 05:40 - 00000000 ____D C:\Users\arielhb\Downloads\Heather Nova
2016-06-20 17:37 - 2016-06-20 17:37 - 00049548 _____ C:\Users\arielhb\Downloads\[kat.cr]heather.nova.9.albums.b.sides.rarities.128.256kbps.torrent
2016-06-20 17:36 - 2016-06-20 17:36 - 00038644 _____ C:\Users\arielhb\Downloads\[kat.cr]heather.nova.5.albums.torrent
2016-06-20 17:34 - 2016-06-20 17:34 - 00012088 _____ C:\Users\arielhb\Downloads\[kat.cr]the.craft.soundtrack.big.papi.1996.torrent
2016-06-15 22:44 - 2016-06-15 22:44 - 00013552 _____ C:\Users\arielhb\Downloads\[kat.cr]the.flash.rebirth.01.2016.2.covers.digital.f.minutemen.slayer.cbr.nem.torrent
2016-06-15 22:42 - 2016-06-15 22:42 - 00014457 _____ C:\Users\arielhb\Downloads\[kat.cr]titans.rebirth.001.2016.digital.oroboros.dcp.cbr.nem.torrent
2016-06-14 21:54 - 2016-06-14 21:54 - 00025308 _____ C:\Users\arielhb\Downloads\[kat.cr]voltron.volume.1.torrent
2016-06-14 21:54 - 2016-06-14 21:54 - 00010416 _____ C:\Users\arielhb\Downloads\[kat.cr]voltron.a.legend.forged.ddp.issues.1.2.torrent
2016-06-14 21:32 - 2016-06-14 21:32 - 00016950 _____ C:\Users\arielhb\Downloads\[kat.cr]voltron.from.the.ashes.001.2015.digital.anherogold.empire.cbz.torrent
2016-06-14 14:47 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-14 14:47 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-14 14:47 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-14 14:47 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-14 14:47 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-14 14:47 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-14 14:47 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-14 14:47 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-14 14:47 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-14 14:47 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-14 14:47 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-14 14:47 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-14 14:47 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-14 14:47 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-14 14:47 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-14 14:47 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-14 14:47 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-14 14:47 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-14 14:47 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-14 14:47 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-14 14:47 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-14 14:47 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-14 14:47 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-14 14:47 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-14 14:47 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-14 14:47 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-14 14:47 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-14 14:47 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-14 14:47 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-14 14:47 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-14 14:47 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-14 14:47 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-14 14:47 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-14 14:47 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-14 14:47 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-14 14:47 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-14 14:47 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-14 14:47 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-14 14:47 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-14 14:47 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-14 14:47 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-14 14:47 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-14 14:47 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-14 14:47 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-14 14:47 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-14 14:47 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-14 14:46 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-14 14:46 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-14 14:46 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-14 14:46 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-14 14:46 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-14 14:46 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-14 14:46 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-14 14:46 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-14 14:46 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-14 14:46 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-14 14:46 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-14 14:46 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-14 14:46 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-14 14:46 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-14 14:46 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-14 14:46 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-14 14:46 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-14 14:46 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-14 14:46 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-14 14:46 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-14 14:46 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-14 14:46 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-14 14:46 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-14 14:46 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-14 14:46 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-14 14:46 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-14 14:46 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-14 14:46 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-14 14:46 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-14 14:46 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-14 14:46 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-14 14:46 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-14 14:46 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-14 14:46 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-14 14:46 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-14 14:46 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-14 14:46 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-14 14:46 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-14 14:46 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-14 14:46 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-14 14:46 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-14 14:46 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-14 14:46 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-14 14:46 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-14 14:46 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-14 14:46 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-14 14:46 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-14 14:46 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-14 14:46 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-14 14:46 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-14 14:46 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-14 14:46 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-14 14:46 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-14 14:46 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-14 14:46 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-14 14:46 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-14 14:46 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-14 14:46 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-14 14:46 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-14 14:46 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-14 14:46 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-14 14:46 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-14 14:46 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-14 14:46 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-14 14:46 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-14 14:46 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-14 14:46 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-14 14:46 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-14 14:46 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-14 14:46 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-14 14:46 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-14 14:46 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-14 14:46 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-14 14:46 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-14 14:46 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-14 14:46 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-14 14:46 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-14 14:46 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-14 14:46 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-14 14:46 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-14 14:46 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-14 14:46 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-14 14:46 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-14 14:46 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-14 14:46 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-14 14:46 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-14 14:46 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-14 14:46 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-14 14:46 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-14 14:46 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-14 14:46 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-14 14:46 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-14 14:46 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-14 14:46 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-14 14:46 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-14 14:46 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-14 14:46 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-14 14:46 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-14 14:46 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-14 14:46 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-14 14:46 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-14 14:46 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-14 14:46 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-14 14:46 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-14 14:46 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-14 14:46 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-14 14:46 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-14 14:46 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-14 14:46 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-14 14:46 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-14 14:46 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-14 14:46 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-14 14:46 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-14 14:46 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-14 14:46 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-14 14:46 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-14 14:46 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-14 14:46 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-14 14:46 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-14 14:46 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-14 14:46 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-14 14:46 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-14 14:46 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-14 14:46 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-14 14:46 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-14 14:46 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-14 14:46 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-14 14:46 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-14 14:46 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-14 14:46 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-14 14:46 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-14 14:46 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 14:46 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-14 14:46 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-14 14:46 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-14 14:46 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-14 14:46 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-14 14:46 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-14 14:46 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-14 14:46 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-14 14:46 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-14 14:46 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-14 14:46 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-14 14:46 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-14 14:46 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-14 14:46 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-14 14:46 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-14 14:46 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-14 14:46 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-14 14:46 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-14 14:46 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-14 14:46 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-13 18:42 - 2016-06-27 19:46 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForarielhb.job
2016-06-13 18:42 - 2016-06-27 18:43 - 00003260 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForarielhb
2016-06-13 01:10 - 2016-06-13 01:10 - 00000000 ____D C:\Users\arielhb\AppData\Local\Introversion
2016-06-12 01:41 - 2016-06-12 01:41 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\.mono
2016-06-12 01:41 - 2016-06-12 01:41 - 00000000 ____D C:\ProgramData\.mono
2016-06-12 01:40 - 2016-06-12 01:40 - 00000000 ____D C:\Users\arielhb\AppData\Local\Colossal Order
2016-06-09 00:09 - 2016-06-09 00:10 - 00014730 _____ C:\Users\arielhb\Downloads\[kat.cr]wonder.woman.rebirth.01.2016.2.covers.digital.minutemen.thoth.cbz.nem.torrent
2016-06-06 23:51 - 2016-06-07 00:15 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\Solstice
2016-06-01 17:50 - 2016-06-01 17:50 - 00014023 _____ C:\Users\arielhb\Downloads\[kat.cr]superman.rebirth.001.2016.webrip.the.last.kryptonian.dcp.cbr.nem.torrent
2016-06-01 17:50 - 2016-06-01 17:50 - 00012587 _____ C:\Users\arielhb\Downloads\[kat.cr]green.arrow.rebirth.001.2016.2.covers.digital.zone.empire.cbr.nem.torrent
2016-05-30 02:17 - 2016-05-30 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RollerCoaster Tycoon Deluxe [GOG.com]
2016-05-30 00:57 - 2016-05-30 00:57 - 00014028 _____ C:\Users\arielhb\Downloads\[kat.cr]titans.hunt.001.008.2015.2016.digital.empire.nem.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-29 21:14 - 2015-08-16 15:43 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-29 20:09 - 2015-08-16 19:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-29 19:11 - 2015-08-18 01:08 - 00000000 ____D C:\Users\arielhb\Desktop\Printscreen
2016-06-29 18:16 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-29 17:14 - 2015-08-16 15:43 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-29 14:00 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-29 08:21 - 2016-02-25 12:03 - 00000000 ____D C:\Users\arielhb\.MemuHyperv
2016-06-29 08:16 - 2015-08-20 05:56 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\CDisplayEx
2016-06-27 23:32 - 2015-09-02 12:24 - 00000000 ____D C:\Users\arielhb\Documents\Anki
2016-06-27 23:30 - 2015-08-17 10:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 20:00 - 2015-09-05 08:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-27 19:53 - 2016-01-03 12:59 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-27 19:53 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-27 19:52 - 2016-01-03 13:00 - 00000000 ____D C:\Users\arielhb
2016-06-27 19:47 - 2015-05-29 01:21 - 02746468 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-06-27 19:46 - 2016-01-03 13:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-27 19:46 - 2016-01-03 12:56 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-27 19:46 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-25 16:17 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-24 22:58 - 2015-08-16 15:45 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-24 21:30 - 2016-03-24 00:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-24 21:09 - 2015-08-16 15:30 - 00000000 ____D C:\Users\arielhb\AppData\Local\VirtualStore
2016-06-24 20:39 - 2015-09-03 14:59 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-06-24 20:39 - 2015-08-16 20:54 - 00002824 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Gilgamesh-arielhb
2016-06-24 15:59 - 2016-03-24 00:12 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-24 15:58 - 2016-03-24 00:02 - 00000000 ____D C:\Program Files\TrueKey
2016-06-24 06:12 - 2016-03-24 00:13 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-06-24 04:30 - 2015-09-05 08:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-24 04:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\tracing
2016-06-24 03:17 - 2015-08-17 14:50 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-24 02:00 - 2015-08-16 20:07 - 00000000 ____D C:\Users\arielhb\AppData\Local\Adobe
2016-06-23 22:28 - 2016-05-20 22:08 - 00000000 ____D C:\Users\arielhb\Desktop\ptcb
2016-06-23 14:46 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-23 14:45 - 2015-07-10 05:05 - 00000000 ____D C:\Users\Default.migrated
2016-06-23 14:12 - 2015-08-16 15:26 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-23 13:46 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-06-23 13:44 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-23 13:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-23 13:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-18 06:34 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-15 16:40 - 2015-09-05 08:14 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-15 01:18 - 2015-08-16 18:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 01:06 - 2015-08-16 18:24 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 14:33 - 2016-05-26 06:06 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2016-05-26 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 22:46 - 2015-08-17 21:33 - 00000000 ____D C:\Users\arielhb\AppData\Roaming\RenPy
2016-06-12 03:31 - 2015-08-17 15:09 - 00000000 ____D C:\Users\arielhb\AppData\Local\The Spatials
2016-06-02 11:21 - 2015-09-03 14:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-31 01:48 - 2016-01-30 02:46 - 00000000 ____D C:\Users\arielhb\AppData\Local\Producer
2016-05-30 02:44 - 2015-10-30 03:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-05-30 02:44 - 2015-10-30 03:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-05-30 02:44 - 2015-10-30 03:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-05-30 02:44 - 2015-10-30 03:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-05-30 02:44 - 2015-10-30 03:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-05-30 01:56 - 2015-11-28 00:16 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-05-30 01:54 - 2015-02-12 00:22 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2015-08-19 23:02 - 2015-12-20 06:58 - 0001456 _____ () C:\Users\arielhb\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-23 06:57 - 2016-06-23 06:57 - 0000218 _____ () C:\Users\arielhb\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-27 14:41
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by arielhb (2016-06-29 21:55:37)
Running from C:\Users\arielhb\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-03 17:24:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3669805139-1652810476-796443282-500 - Administrator - Disabled)
arielhb (S-1-5-21-3669805139-1652810476-796443282-1001 - Administrator - Enabled) => C:\Users\arielhb
DefaultAccount (S-1-5-21-3669805139-1652810476-796443282-503 - Limited - Disabled)
Guest (S-1-5-21-3669805139-1652810476-796443282-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Little Lily Princess (HKLM\...\Steam App 449250) (Version:  - Hanabira)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Advanced Batch Image Converter x86 (HKLM-x32\...\ABIC64) (Version: 1.2.2 - Roman Hiestand)
Adventurer Manager (HKLM-x32\...\Steam App 280320) (Version:  - Vigilant Addiction Studios)
AIM for Windows (HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\AIM) (Version:  - AOL Inc.)
All My Gods (HKLM-x32\...\BFG-All My Gods) (Version:  - )
Always Remember Me (HKLM-x32\...\Steam App 291030) (Version:  - Winter Wolves)
AMD Catalyst Install Manager (HKLM\...\{DC2190C5-851F-CD4B-E086-EAF2A5A85055}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Amnesia™: Memories (HKLM\...\Steam App 359390) (Version:  - Idea Factory)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backstage Pass (HKLM-x32\...\Steam App 288220) (Version:  - sakevisual)
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version:  - Beamdog)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Beamdog)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Be a King (HKLM-x32\...\BFG-Be a King) (Version:  - )
Be a King 2 (HKLM-x32\...\BFG-Be a King 2) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Black Closet (HKLM\...\Steam App 400580) (Version:  - Hanako Games)
Blueprint Tycoon (HKLM\...\Steam App 454060) (Version:  - Endless Loop Studios)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.170 - Broadcom Corporation)
Build-a-lot: Fairy Tales (HKLM-x32\...\BFG-Build-a-lot - Fairy Tales) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Champion of the Gods (HKLM-x32\...\Steam App 386520) (Version:  - Choice of Games)
Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version:  - 773)
Cinders (HKLM-x32\...\Steam App 293680) (Version:  - MoaCube)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Coconut Queen (HKLM-x32\...\BFG-Coconut Queen) (Version:  - )
Cookie Domination (HKLM-x32\...\BFG-Cookie Domination) (Version:  - )
CopyWriter 3.03 (HKLM-x32\...\CopyWriter3xx_is1) (Version:  - Laurenz van Gaalen)
CUPID - A free to play Visual Novel (HKLM\...\Steam App 421670) (Version:  - Fervent)
Curse of the Azure Bonds (HKLM-x32\...\1432642138_is1) (Version: 2.0.0.4 - GOG.com)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.5017 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.4.6121 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5103 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
DinerTown Tycoon (HKLM-x32\...\BFG-DinerTown Tycoon) (Version:  - )
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version:  - )
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dream Builder: Amusement Park (HKLM-x32\...\BFG-Dream Builder - Amusement Park) (Version:  - )
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
DuOS (HKLM\...\{1C9938CE-335C-4D7B-93C6-549B8CC6F673}) (Version: 2.0.5.7943 - American Megatrends Inc.)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
Endless Legend (HKLM\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Everlasting Summer (HKLM-x32\...\Steam App 331470) (Version:  - Soviet Games)
f.lux (HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\Flux) (Version:  - )
Fairy Godmother Tycoon (HKLM-x32\...\BFG-Fairy Godmother Tycoon) (Version:  - )
Flower Shop: Winter In Fairbrook (HKLM-x32\...\Steam App 311680) (Version:  - Winter Wolves)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Gateway to the Savage Frontier (HKLM-x32\...\1432649588_is1) (Version: 2.0.0.3 - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Heroes Rise: HeroFall (HKLM-x32\...\Steam App 312300) (Version:  - Choice of Games)
Heroes Rise: The Hero Project (HKLM-x32\...\Steam App 304290) (Version:  - Choice of Games)
Heroes Rise: The Prodigy (HKLM-x32\...\Steam App 299540) (Version:  - Choice of Games)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{CF3BE446-3D26-49D3-B202-C9A13511DEEC}) (Version: 1.6.1 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version:  - Ironhide Game Studio)
Kitty Powers' Matchmaker (HKLM-x32\...\Steam App 285740) (Version:  - Magic Notion)
Leviathan: The Last Day of the Decade (HKLM-x32\...\Steam App 328270) (Version:  - Lostwood)
LibreOffice 5.0.0.5 (HKLM\...\{A4D51ECF-D046-46F5-935F-2B3A6ADF89D9}) (Version: 5.0.0.5 - The Document Foundation)
Life Quest® 2: Metropoville (HKLM-x32\...\BFG-Life Quest 2 - Metropoville) (Version:  - )
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Livestream Producer (HKLM-x32\...\{D7CA2C8B-6A7C-4D50-B8BD-7FE28868C3E7}) (Version: 1.0.13 - Livestream)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
Magic Life (HKLM-x32\...\BFG-Magic Life) (Version:  - )
Magical Diary (HKLM-x32\...\Steam App 211340) (Version:  - Hanako Games)
Mall-a-Palooza (HKLM-x32\...\BFG-Mall-a-Palooza) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Memoria (HKLM-x32\...\Steam App 243200) (Version:  - Daedalic Entertainment)
MEmu (HKLM-x32\...\MEmu) (Version: 2.3.1 - Microvirt)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Monster Loves You! (HKLM\...\Steam App 226740) (Version:  - Radial Games Corp)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Pale Moon 26.1.1 (x64 en-US) (HKLM\...\Pale Moon 26.1.1 (x64 en-US)) (Version: 26.1.1 - Moonchild Productions)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Planescape Torment (HKLM-x32\...\1207658887_is1) (Version: 2.1.0.9 - GOG.com)
Pool of Radiance (HKLM-x32\...\1432640961_is1) (Version: 2.0.0.4 - GOG.com)
Pools of Darkness (HKLM-x32\...\1432643408_is1) (Version: 2.0.0.5 - GOG.com)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
Princess Battles (HKLM-x32\...\Steam App 352740) (Version:  - Nekomura Games)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Pyrite Heart (HKLM\...\Steam App 324170) (Version:  - Winged Cloud)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30176 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Redshirt (HKLM-x32\...\Steam App 247870) (Version:  - The Tiniest Shark)
Revolution : Virtual Playspace (HKLM-x32\...\Steam App 387090) (Version:  - Dragom)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\1207658945_is1) (Version: 2.2.0.20 - GOG.com)
RPG Tycoon (HKLM-x32\...\Steam App 314240) (Version:  - Skatanic Studios)
Secret of the Silver Blades (HKLM-x32\...\1432641528_is1) (Version: 2.0.0.5 - GOG.com)
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version:  - Michaela Laws)
Semagic (remove only) (HKLM-x32\...\Semagic) (Version:  - )
Serena (HKLM-x32\...\Steam App 272060) (Version:  - Senscape)
Solstice (HKLM\...\Steam App 317280) (Version:  - MoaCube)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Bottom of the Well (HKLM\...\Steam App 449020) (Version:  - Red Nettle Studio)
The House in Fata Morgana (HKLM\...\Steam App 303310) (Version:  - Novectacle)
The Mims Beginning (HKLM\...\Steam App 337820) (Version:  - Squatting Penguins)
The Spatials (HKLM-x32\...\Steam App 346420) (Version:  - Weird and Wry)
To the Moon (HKLM\...\Steam App 206440) (Version:  - Freebird Games)
Treasures of the Savage Frontier (HKLM-x32\...\1432641771_is1) (Version: 2.0.0.2 - GOG.com)
Unholy Heights (HKLM-x32\...\Steam App 249330) (Version:  - Petit Depotto)
Viridi (HKLM\...\Steam App 375950) (Version:  - Ice Water Games)
Waterfox 44.0.3 (x64 en-US) (HKLM\...\Waterfox 44.0.3 (x64 en-US)) (Version: 44.0.3 - Mozilla)
Who Is Mike (HKLM\...\Steam App 377430) (Version:  - Fervent)
World of Zellians: Kingdom Builder ™ (HKLM-x32\...\BFG-World of Zellians - Kingdom Builder) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3669805139-1652810476-796443282-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-51C61073799B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3669805139-1652810476-796443282-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\arielhb\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3669805139-1652810476-796443282-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04A5DF35-F278-4A24-AF1C-39468A3E00C2} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-01-30] (Hewlett-Packard)
Task: {0689F0CA-2988-4FB7-ADD2-9B696603F967} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {070C7617-5500-47EE-89E3-4E83CB01E554} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {0CD3F926-769C-4DB0-A803-8D8789024EAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {198A9055-E78E-486D-B03C-ED65149BE7C3} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {248FBABE-FFAC-490C-A0A5-06B34B2026DD} - System32\Tasks\AdobeAAMUpdater-1.0-Gilgamesh-arielhb => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {26D2F6BE-5708-4817-8D82-F1E106771E5D} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-01-30] (Hewlett-Packard)
Task: {55506D8F-3849-422D-A150-75A0E649CB05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5A5C4180-EE30-459A-AB93-DB7D4880C894} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-01-30] (Hewlett-Packard)
Task: {5FC444C8-CC01-4233-BCF1-9BC04082060B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6C438D90-9628-4D08-9470-8185F93AD9D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {87A57CF5-0269-438F-88D6-9F372964E20E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {8B6A0DDF-7FCA-435B-9BC0-9FCDCD33D2AA} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-01-15] ()
Task: {8F9A16C5-0789-4C1D-908A-9BEBC69D1286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {908C2500-0D5D-4B11-A2F9-74A9F10A375E} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {A18B3C8F-E258-4AEB-A301-4E078C19BAC0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {B70E7DBB-79F7-40C7-9552-F769AF70D273} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {B88D0D8F-897A-4675-BEB4-D88956FB7B85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {C8FA2A3B-F133-4E95-8492-B105B9031858} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {C90A15DB-39BE-4CFC-990B-2C1D16DF8DDB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {DDFE77C0-04F4-4231-B118-C5EF2AC1B9B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {E6B709C9-73FD-4320-AD70-7EC66F7A6ACD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4CA3122Y05XT => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {EC0AA43D-A22D-4D03-B94A-A5669772EFAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {F03B7C22-5528-4B61-860C-671513D1BC4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F0B419C4-0A54-49E3-9F1C-AA447CC49E76} - System32\Tasks\HPCeeScheduleForarielhb => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F4ECBBD8-5E69-4CB4-A8E6-5E6A9C2E37E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {F858613D-C443-464F-8B51-ADB7C6F85BB1} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForarielhb.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk -> hxxp://www.bigfishgames.com/usher/index.php?siteID=1&langID=1 (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-01-30 22:07 - 2015-01-30 22:07 - 02169344 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-01-30 22:16 - 2015-01-30 22:16 - 00431696 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2015-01-30 22:16 - 2015-01-30 22:16 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-29 02:03 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-12 14:45 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 14:45 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-08-20 05:56 - 2014-06-16 16:28 - 00210944 _____ () C:\Program Files\CDisplayEx\unrarshell.dll
2015-08-20 05:56 - 2014-08-14 20:30 - 00402944 _____ () C:\Program Files\CDisplayEx\libwebp.dll
2015-08-20 05:56 - 2014-08-14 20:30 - 00044544 _____ () C:\Program Files\CDisplayEx\libwebpdemux.dll
2016-04-19 07:35 - 2016-04-19 07:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-03 15:45 - 2016-01-03 15:45 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 12:55 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-14 14:46 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-14 14:46 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-14 14:47 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-14 14:47 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-01-30 22:09 - 2015-01-30 22:09 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-06-11 00:19 - 2014-06-11 00:19 - 00622080 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.dll
2016-01-15 10:16 - 2016-01-16 00:00 - 00895320 _____ () C:\Program Files\memu\MEmu\adb.exe
2016-06-27 19:20 - 2016-06-27 19:20 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-14 19:52 - 2015-12-14 19:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-02-02 08:17 - 2016-02-05 05:29 - 04429320 _____ () C:\Program Files\memu\MEmu\MEmu.exe
2016-01-16 08:10 - 2016-01-15 23:54 - 00383416 _____ () C:\Program Files\memu\MEmuHyperv\MEmuDDU.dll
2016-01-16 08:10 - 2016-01-15 23:55 - 03901872 _____ () C:\Program Files\memu\MEmuHyperv\MEmuRT.dll
2016-01-16 09:06 - 2016-01-16 00:00 - 00037312 _____ () C:\Program Files\memu\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuPuelMain.DLL
2016-01-16 09:06 - 2016-01-16 00:00 - 00022408 _____ () C:\Program Files\memu\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\VDPluginCrypt.DLL
2016-01-16 08:10 - 2016-01-15 23:54 - 00306672 _____ () C:\Program Files\memu\MEmuHyperv\MEmuHeadless.exe
2016-01-16 08:10 - 2016-01-15 23:54 - 02485128 _____ () C:\Program Files\memu\MEmuHyperv\MEmuHPV.DLL
2016-01-16 08:10 - 2016-01-15 23:55 - 00674400 _____ () C:\Program Files\memu\MEmuHyperv\MEmuREM.dll
2016-01-16 08:10 - 2016-01-15 23:55 - 00029608 _____ () C:\Program Files\memu\MEmuHyperv\MEmuSharedClipboard.DLL
2016-01-16 08:10 - 2016-01-15 23:54 - 00046600 _____ () C:\Program Files\memu\MEmuHyperv\MEmuDragAndDropSvc.DLL
2016-01-16 08:10 - 2016-01-15 23:54 - 00048160 _____ () C:\Program Files\memu\MEmuHyperv\MEmuGuestPropSvc.DLL
2016-01-16 08:10 - 2016-01-15 23:54 - 00045576 _____ () C:\Program Files\memu\MEmuHyperv\MEmuGuestControlSvc.DLL
2016-01-16 08:10 - 2016-01-15 23:54 - 01550912 _____ () C:\Program Files\memu\MEmuHyperv\MEmuDD.DLL
2016-01-16 08:10 - 2016-01-15 23:54 - 00203184 _____ () C:\Program Files\memu\MEmuHyperv\MEmuDD2.dll
2016-01-16 09:06 - 2016-01-16 00:00 - 00191824 _____ () C:\Program Files\memu\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuHostWebcam.DLL
2016-01-16 09:06 - 2016-01-16 00:00 - 00069248 _____ () C:\Program Files\memu\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuEhciR3.DLL
2016-01-16 09:06 - 2016-01-16 00:00 - 00085728 _____ () C:\Program Files\memu\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuUsbCardReaderR3.DLL
2016-01-16 09:06 - 2016-01-16 00:00 - 00091896 _____ () C:\Program Files\memu\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuUsbWebcamR3.DLL
2016-01-16 08:10 - 2016-01-15 23:55 - 00040432 _____ () C:\Program Files\memu\MEmuHyperv\MEmuSharedFolders.DLL
2015-08-17 14:11 - 2016-06-17 22:19 - 02999808 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
2016-04-19 07:35 - 2016-04-19 07:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:35 - 2016-04-19 07:36 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-16 15:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-08-16 15:45 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2015-08-17 06:51 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-17 06:51 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-17 06:51 - 2016-06-14 20:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-17 06:51 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-17 06:51 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-17 06:51 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-17 06:51 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-17 06:51 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-17 06:51 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-17 06:51 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-17 06:51 - 2016-06-14 20:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 03:45 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-08-17 06:51 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-06-24 22:58 - 2016-06-23 11:08 - 01747784 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-24 22:58 - 2016-06-23 11:07 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 00128552 _____ () C:\Program Files\memu\MEmu\libgcc_s_dw2-1.dll
2016-01-16 09:08 - 2016-01-18 09:51 - 00034752 _____ () C:\Program Files\memu\MEmu\libmemu.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 01040608 _____ () C:\Program Files\memu\MEmu\libstdc++-6.dll
2016-01-15 10:16 - 2015-05-23 05:34 - 00782350 _____ () C:\Program Files\memu\MEmu\libprotobuf-7.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 00427688 _____ () C:\Program Files\memu\MEmu\libOpenglRender.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 02771568 _____ () C:\Program Files\memu\MEmu\icuin53.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 01736912 _____ () C:\Program Files\memu\MEmu\icuuc53.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 21675192 _____ () C:\Program Files\memu\MEmu\icudt53.dll
2016-01-15 10:16 - 2016-01-16 00:01 - 00220152 _____ () C:\Program Files\memu\MEmu\libEGL_translator.DLL
2016-01-15 10:16 - 2016-01-16 00:01 - 00311304 _____ () C:\Program Files\memu\MEmu\libGLES_CM_translator.DLL
2016-02-02 08:17 - 2016-02-02 08:05 - 02372392 _____ () C:\Program Files\memu\MEmu\libGLES_V2_translator.DLL
2015-08-17 06:51 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-08-17 14:11 - 2015-08-17 14:13 - 00855040 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\libGLESv2.dll
2015-08-17 14:13 - 2015-08-17 14:13 - 00095232 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\libEGL.dll
2015-08-17 14:11 - 2015-08-17 14:13 - 01055232 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\twitchsdk_32_release.dll
2015-08-17 14:11 - 2015-08-17 14:13 - 00394810 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\libmp3lame-ttv.dll
2015-08-17 14:13 - 2015-08-17 14:13 - 00113171 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\swresample-ttv-0.dll
2015-08-17 14:13 - 2015-08-17 14:13 - 00246332 _____ () C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\avutil-ttv-51.dll
2015-08-17 06:51 - 2016-06-14 20:47 - 00368208 _____ () C:\Program Files (x86)\Steam\steam.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [490]
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4 [226]
AlternateDataStreams: C:\ProgramData\Temp:149327FE [238]
AlternateDataStreams: C:\ProgramData\Temp:1E86ADD2 [219]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [504]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:6A9EDD31 [500]
AlternateDataStreams: C:\ProgramData\Temp:831C6B2D [214]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [219]
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9 [516]
AlternateDataStreams: C:\ProgramData\Temp:A4BF246C [516]
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:CFFC9DD0 [225]
AlternateDataStreams: C:\ProgramData\Temp:D453E38B [222]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7906 more sites.
 
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\123simsen.com -> www.123simsen.com
 
There are 7906 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-06-24 21:54 - 00452906 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15538 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\arielhb\Pictures\26356_anime_scenery_blue_sea_and_cluds.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3669805139-1652810476-796443282-1001\...\StartupApproved\Run: => "GalaxyClient"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{78357A0B-5145-4348-99BF-AF674D7A8E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\custom.exe
FirewallRules: [{1708B2E7-7A30-49E7-A592-D2AE4DAF713C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\custom.exe
FirewallRules: [{7077AA54-CA88-4E06-A741-8DBA05F9E045}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\recettear.exe
FirewallRules: [{1540A9B7-1CBC-4936-A92D-2AFD5FE7C660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\recettear.exe
FirewallRules: [{E389858C-BD27-46DE-8FCB-9AE0E5446D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{C6312BFE-CD42-46C2-A8F2-ADF1529C6F2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{04E8FE3D-60B0-4FFA-9809-380F71E61FD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan The Last Day of the Decade\ldod.exe
FirewallRules: [{250EEE51-56C1-4CB0-9F5B-F8BD5AAE2393}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan The Last Day of the Decade\ldod.exe
FirewallRules: [{3176D551-4DD0-428B-9124-E1593FCF45B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kitty Powers Matchmaker\matchmaker.exe
FirewallRules: [{33DECBFA-10EA-4F2F-AD7E-567B1E785898}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kitty Powers Matchmaker\matchmaker.exe
FirewallRules: [{9461988D-A44D-4E75-9FEC-1FDCB69A97EC}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{C19F0F2C-366E-46F1-BC67-A1C8ADD4981F}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{9DB1F3C3-C571-406B-995C-A2B273740DF6}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{A0F9706E-63DC-41C7-A779-B71D5BDABAA5}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{0038744D-93A8-4808-83F6-AA65A0338D00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{B829E0F9-63EC-4430-95AE-8C1ED06466F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{3F0D18AD-3E38-4D4E-BC14-2BBA3704FAE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{ECBBC1FE-DA86-4BE4-89D4-2235A9491D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{96425648-90D2-4025-94F2-E9B969AE3957}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E923A41-D545-4AD8-A93D-49D859DD4897}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{964221AC-6EC2-4C34-84AF-82D32FBF4F84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{BB7DD642-91D4-49DB-8F3B-B03AD3C401AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{670FD38D-338A-4812-BCE6-5C4FB1A25BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{8286DD2E-5C2C-4714-AEF4-EB55A7982064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{C2B11C4A-D009-44B7-A6CB-1F7BBA73C089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{486166F8-1253-4144-9A8A-B0EA7BEC2368}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{BEC8E9AB-B498-40DD-841E-A1ED56E8DAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unholy Heights\UnholyHeights.exe
FirewallRules: [{397A2697-E5AE-4E12-938C-86D35D4A74F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unholy Heights\UnholyHeights.exe
FirewallRules: [{6B6E7A70-4492-4F9F-B674-F85836ED9F74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Redshirt\Redshirt.exe
FirewallRules: [{63878609-E1F9-41F2-8510-D2118CA6EA92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Redshirt\Redshirt.exe
FirewallRules: [{EB1CAE20-1B35-4E57-A509-D089B2D87859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{668E5D2A-F37F-4681-9B9A-92B4E586871F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{7B26E4A4-1482-4504-8FCD-5F988EF9F869}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{59184ACD-8625-4121-B1B8-EC50784AC5AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{825C4658-3FBC-4A97-9EEF-DB6180A45485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{C88F61D0-F125-4710-8D54-373D16A4352C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{6754B0DC-1966-4CE6-B80A-A0F38C829652}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroesRiseTheProdigy\HeroesRiseTheProdigy.exe
FirewallRules: [{FBFE0715-FCA0-401C-A7A3-EA2981D875CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroesRiseTheProdigy\HeroesRiseTheProdigy.exe
FirewallRules: [{40AB1196-0A6A-41DC-862B-0013389AE4D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes Rise The Hero Project\HeroesRiseTheHeroProject.exe
FirewallRules: [{3D135C8E-583F-42D4-8CCF-49B03409594A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes Rise The Hero Project\HeroesRiseTheHeroProject.exe
FirewallRules: [{C6886A87-1529-4315-9DA1-433502EC2A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroesRiseHeroFall\HeroesRiseHeroFall.exe
FirewallRules: [{079D61C5-6BE9-4456-8F56-EFBC4ACAFCD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroesRiseHeroFall\HeroesRiseHeroFall.exe
FirewallRules: [{0788E251-0E6F-4189-8D48-D4201E76B3E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Battles\PrincessBattles.exe
FirewallRules: [{C2D571ED-F436-4DE8-9A58-BAD0B51BBCEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Battles\PrincessBattles.exe
FirewallRules: [{F6B2A5DA-AADF-4F59-9C92-0EE82A519149}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{8868B395-1165-41C7-B330-2CA71D6E0063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{51426AA0-79AE-49DA-BF95-C7C06E3BCBDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cherry Tree High Comedy Club\Game.exe
FirewallRules: [{ACD6A64A-4079-446B-8EB8-005E046F28D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cherry Tree High Comedy Club\Game.exe
FirewallRules: [{BEA80334-C6C4-4CF8-8D5C-36B3F15AEB37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cherry Tree High Comedy Club\CTHCC.exe
FirewallRules: [{F00E272D-1525-4C2A-8FE2-145A00657F78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cherry Tree High Comedy Club\CTHCC.exe
FirewallRules: [{3D7E550A-EBE9-4619-A53B-51264B6EFBA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom Rush\Kingdom Rush.exe
FirewallRules: [{FAF596CF-8C0C-4E7E-9894-DF6FEB0318F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom Rush\Kingdom Rush.exe
FirewallRules: [{71CBC39C-1D82-408F-B0E3-1259D86F2B0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{63F1CC5E-4F2F-49F6-BE0E-1664D73E36CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{8977F8FA-932E-43A1-A9A9-AA98BFB27C35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flower Shop Winter In Fairbrook\Winter In Fairbrook.exe
FirewallRules: [{06A6E174-CA65-46CE-8AA6-7FFB011E4340}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flower Shop Winter In Fairbrook\Winter In Fairbrook.exe
FirewallRules: [{A9CCFC57-28EF-4C64-9371-CA168B16AB76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChampionOfTheGods\ChampionOfTheGods.exe
FirewallRules: [{471BDE59-D7C6-4661-A8F6-3637143C1275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChampionOfTheGods\ChampionOfTheGods.exe
FirewallRules: [{EC7CD3D1-0BED-4A49-8AF9-34E5D54A6669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AlwaysRememberMe\Always Remember Me.exe
FirewallRules: [{22FB7539-05F2-4558-A098-C07A6DB380CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AlwaysRememberMe\Always Remember Me.exe
FirewallRules: [{A071928C-8FC4-4F09-A9E4-04A98732CF7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cinders\Cinders.exe
FirewallRules: [{69E7C5CC-8A8C-41D2-BD49-78A2C73620B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cinders\Cinders.exe
FirewallRules: [{3AB2A619-C07F-4C0E-A1B8-1C56D8693333}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magical Diary\MagicalDiary.exe
FirewallRules: [{992738E2-6C00-4596-A473-7629AFC40347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magical Diary\MagicalDiary.exe
FirewallRules: [{C59E3156-CCC1-4E4A-AF76-1CA7E8595C16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{B946F36F-3779-453D-A75E-390FCFD5E1A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{3591540E-E4A3-4FD7-B893-3D21BE30619F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Adventurer Manager\Adventurer Manager.exe
FirewallRules: [{43EE3371-A728-4BAB-9CDD-E8525079B1A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Adventurer Manager\Adventurer Manager.exe
FirewallRules: [{9DCE2DDB-297C-403F-BCBF-ED2BC9FCF96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Spatials\The Spatials.exe
FirewallRules: [{E9D52093-9CC6-439F-9CFA-828FC9FC7F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Spatials\The Spatials.exe
FirewallRules: [{F51F0690-15D6-4D32-8482-A47954CCCE3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{934E5FF3-384B-47EF-AC1D-0A52F1E7CA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{01AE607D-DFED-41E3-9168-407DDB455664}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D34AB5A1-2E17-42AE-B660-826C0CE4E37C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F909DBF-BDAE-48EA-AAA9-910D947D9933}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{641892D9-9687-49D5-AD1E-08BC301009A5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{66E48A8A-A1EC-4E8A-8E2A-A68594DD2B81}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{EAC419D8-11CC-4752-A573-0624A42C13EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{812AECC7-261A-4E4E-91AF-60EFFF212EFA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AA986974-480D-4212-BB13-34A43CE28EEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{88AA010D-784E-4007-B839-6077FF68403B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{00D3476C-E67C-44DB-9E93-2012F69D9894}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C7A7807-F3E9-4B5B-A6A5-E9F25059CA6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{007A4F4C-A9DA-4EB6-9C8E-FB6F13F1416A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F884A358-C734-4C2E-B071-A94BC658C5F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3FE0C22A-B3AD-4564-A980-711F82226D26}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F3B4124-FAA3-4F6F-BDE1-2018D0FE4E55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6AEF87DB-3D49-42EA-807B-BE2759A44039}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{BA7E2306-8301-434D-921B-865522E4CF4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{355497E0-83CA-4CDF-AE9A-63E850BB9E4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BackstagePass\backstagepass.exe
FirewallRules: [{F0A67B97-DDD5-4057-AB7E-FFEC29EF9B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BackstagePass\backstagepass.exe
FirewallRules: [{EE5B0845-A30B-4AFD-A1FD-A36CC6AB02F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{B42F15A6-0035-4E90-BAC6-52A3755E8F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{31409FD6-5AA4-4380-9C50-F27F800B9BE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{7B3EFDED-9625-40FD-A4CC-F1DEEE13761C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{0CBFFFCB-143B-4C65-9F7F-324CCB293154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{780E22DF-C2C6-4653-847B-7D36E2CC5B2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{60B1377A-3A27-4D67-B367-1B7AAC85B438}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Revolution_VPS\Revolution_VPS.exe
FirewallRules: [{E19B6C44-BC01-4A81-9303-26EEB97FB908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Revolution_VPS\Revolution_VPS.exe
FirewallRules: [{87BD0F4F-0CF2-4C1E-B595-B8B21D73CE80}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{BD2FA6CE-D22F-4FBD-A6D3-637329C3CD66}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{447EE0CF-57F5-4963-80B2-FE8AC4E0F25D}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{D82C2ED7-3CD3-4FE5-BC1A-C5C073CC140E}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{8E3BF664-91FD-4BBF-BC55-AAFFB4166546}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{BD947F72-1F4A-42C5-85E6-0D6D2C722AB0}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{CBCC80B8-2D99-4AC6-9EFF-15EA4FC4BF51}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{41F45675-2FF0-40C8-BD04-9701680161F8}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{230D8060-DF98-4A12-9307-5C59AFAEE638}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{A99DD6EA-66E0-4526-ABC6-0428D5E856A5}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{CED48070-1896-4F31-8DD2-4D9C9A82E88B}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{5F95D582-230E-4A61-A87F-426720555BEF}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{7BC8BD41-FA5A-4E1A-9874-58DE866B9F92}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{09B7DFEA-901F-4B79-AE5C-C694DEBD6E62}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{B244E29E-1B17-4DB8-A5FE-F711F7B54679}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{5AFE59BE-C306-45DC-9D12-A962402ECF59}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{DB4EE2CA-9C55-4C9D-83C8-372CB7573A14}] => (Allow) C:\Program Files\memu\MEmu\MEmu.exe
FirewallRules: [{4AEE5645-D019-488D-9D25-26B38FC4429A}] => (Allow) C:\Program Files\memu\MEmu\MEmu.exe
FirewallRules: [{D8A425C7-EA4A-4924-99BD-6B75E5B47D27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{65F17A8F-8928-44A6-98B7-0F99428BECAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{DE5D3AE1-2DD7-41B9-9509-C2EDF7317F4E}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{312BA842-486B-4F5C-9FA1-E03ED2C1181A}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{61125EC9-AD90-48C5-948A-E03AF498609F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Loves You!\MonsterLovesYou.exe
FirewallRules: [{0C902CE6-8542-4A27-853F-0834FC35DA5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Loves You!\MonsterLovesYou.exe
FirewallRules: [{F998F9FB-5A43-4355-804E-9DCF8A07FB76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{6733D3E8-D175-4F98-82E9-BA940391E79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{5CCBF775-4D4E-4D56-A867-97BC36D0E092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{F81DD8CC-1BDB-42E1-BADC-63098B9AB21F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{214F5482-1798-4122-9015-14B53D9D075A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CUPID - A free to play Visual Novel\CupidVN.exe
FirewallRules: [{11D493AB-845A-4989-9677-2DAD75ACED69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CUPID - A free to play Visual Novel\CupidVN.exe
FirewallRules: [{F8520120-B59D-42BA-A986-88A5CADE667A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{A0A7E93C-A806-4C32-B98C-EA75882170EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{89107143-4712-4820-8198-0EEE1AD0EF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blueprint Tycoon\BlueprintTycoon.exe
FirewallRules: [{2120CCA7-76C0-454A-9268-BF2C7D0475CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blueprint Tycoon\BlueprintTycoon.exe
FirewallRules: [{D3EFE81F-BE97-4B99-BE83-467C8865FD82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{9672B926-A088-4E79-93B4-2B98DAC384CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{4AE49E61-0126-4562-9800-750816A5B744}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{B3C88F7B-5B05-4823-BF0C-4B69ED91CF58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{E3567954-25E3-42E6-BA69-E6032F1BB825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mims Beginning\TheMimsBeginning.exe
FirewallRules: [{4DDA7DD7-B5FA-4DF0-B3CE-0ADB5D68FB2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mims Beginning\TheMimsBeginning.exe
FirewallRules: [{D0A85DF0-0637-4F91-BF9B-BD1D14A90584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Little Lily Princess\ALittleLilyPrincess.exe
FirewallRules: [{22440C19-9C3A-466E-A232-8211E445AF46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Little Lily Princess\ALittleLilyPrincess.exe
FirewallRules: [{9D495F18-4633-4578-8320-3AEE36D13683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{71D7DF2A-D1FE-49AF-988F-507267DCEBB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{E031DE57-6792-4F57-A800-C0F310FDAE94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Who Is Mike\WhoisMike.exe
FirewallRules: [{966BD2A6-4806-4CFC-B832-08FC23E59B35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Who Is Mike\WhoisMike.exe
FirewallRules: [{3720E37A-0DE6-4963-97C2-469B102AB0BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Solstice\Solstice.exe
FirewallRules: [{C8716D6A-5C53-460D-9710-E51F034AD3CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Solstice\Solstice.exe
FirewallRules: [{7FDD5931-0EFC-474C-BAD8-D13EEFB5222D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Closet\BlackCloset.exe
FirewallRules: [{1D461FE9-1F1B-46A1-8588-4FBE1F8B1226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Closet\BlackCloset.exe
FirewallRules: [{0A37A3D6-93A8-4508-9862-FCAC7C3FB3A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DF821C99-D732-4A1E-8153-845D850409CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{ACB66E7A-BDCF-452C-B737-3E40D7D66CDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{31EB5B75-DCA9-4E7B-A251-800E0EC9E173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{89DECF55-8A26-4923-858A-CF6B3E5E625E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{4CECAB43-40DF-4246-9BB8-253A8F21F158}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{288C699E-C4A6-4F9F-8D98-9412A755C4E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{5B18151C-1614-4FB7-94B2-77C242B45ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{DF827213-7584-41AB-89C9-04696C018B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{9C8C74EB-92E3-4039-92A3-2687CA9296F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{781F058F-2701-437F-9E59-88A8E13CD63A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pyrite Heart\Pyrite Heart.exe
FirewallRules: [{A1009402-E1ED-4510-A7D9-0FCCE6B62D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pyrite Heart\Pyrite Heart.exe
FirewallRules: [{48F7236B-8B07-42D7-857A-270E616BAC80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia\amnesia.exe
FirewallRules: [{FFA48B28-E3A3-4EA1-836F-FA9291650631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia\amnesia.exe
FirewallRules: [{9326CB9F-32A0-4A0F-89C2-32201FBD74A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The House in Fata Morgana\fata.exe
FirewallRules: [{C6A3B9E9-1AD7-4770-952B-CAA2CC63265A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The House in Fata Morgana\fata.exe
FirewallRules: [{FE88A960-EFE6-41A9-98C6-D4029654A49D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D73DBF3F-A8FC-4208-A7AE-B7902BB9E6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4FA00BAF-BBA5-4DE5-8726-8D22A1BE6902}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{977A5591-9867-4C7C-AEFA-6806E956DE23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Tycoon\RPGTycoon\RPGTycoon.exe
FirewallRules: [{4C0D3069-74F3-49BE-BA0B-CD795E1C74F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Tycoon\RPGTycoon\RPGTycoon.exe
FirewallRules: [{0144BA52-C5B3-4A96-AC84-ECC880742CCE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
15-06-2016 01:05:14 Windows Update
18-06-2016 06:31:50 Windows Update
24-06-2016 17:45:34 Checkpoint by HitmanPro
24-06-2016 23:06:32 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2016 08:00:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/27/2016 08:00:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/27/2016 07:59:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/27/2016 07:55:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/27/2016 07:46:58 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (06/26/2016 09:17:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/26/2016 03:58:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/26/2016 03:57:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/26/2016 03:57:56 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (06/26/2016 03:57:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
 
System errors:
=============
Error: (06/28/2016 10:23:31 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (06/27/2016 11:25:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/27/2016 11:25:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\arielhb\AppData\Local\Temp\ehdrv.sys
 
Error: (06/27/2016 11:25:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/27/2016 11:25:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\arielhb\AppData\Local\Temp\ehdrv.sys
 
Error: (06/27/2016 11:25:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/27/2016 11:25:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\arielhb\AppData\Local\Temp\ehdrv.sys
 
Error: (06/27/2016 11:25:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (06/27/2016 11:25:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\arielhb\AppData\Local\Temp\ehdrv.sys
 
Error: (06/27/2016 11:25:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
 
CodeIntegrity:
===================================
  Date: 2016-06-29 19:45:47.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:47.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:46.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:46.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:46.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:45.659
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:45.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:44.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:43.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 19:45:43.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 76%
Total physical RAM: 7870.34 MB
Available physical RAM: 1867.51 MB
Total Virtual: 13232.91 MB
Available Virtual: 2764.75 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:911.04 GB) (Free:739.99 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.56 GB) (Free:2.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:781.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4DFD73E4)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 4B4E45D0)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:14 AM

Posted 02 July 2016 - 09:27 AM

hi,

​Ok we will use FRST to clean up some things. what browser is giving you the problem? You have the symptoms in all browsers or just one?

Usually only on the site once or twice per day so you may not get a response back from me unitl the following day.

​Copy/paste whats below into notepad and save it as fixlist.txt in the same location your have FRST. Start FRST like before except this time click on the Fix button. Machine may reboot to finish the process. upon reboot it will show a fixlog.txt that you can copy/paste in your reply and we will go from there.

CustomCLSID: HKU\S-1-5-21-3669805139-1652810476-796443282-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-51C61073799B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {0689F0CA-2988-4FB7-ADD2-9B696603F967} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {198A9055-E78E-486D-B03C-ED65149BE7C3} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {55506D8F-3849-422D-A150-75A0E649CB05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5FC444C8-CC01-4233-BCF1-9BC04082060B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6C438D90-9628-4D08-9470-8185F93AD9D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {908C2500-0D5D-4B11-A2F9-74A9F10A375E} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {F03B7C22-5528-4B61-860C-671513D1BC4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F858613D-C443-464F-8B51-ADB7C6F85BB1} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [490]
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4 [226]
AlternateDataStreams: C:\ProgramData\Temp:149327FE [238]
AlternateDataStreams: C:\ProgramData\Temp:1E86ADD2 [219]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [504]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:6A9EDD31 [500]
AlternateDataStreams: C:\ProgramData\Temp:831C6B2D [214]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [219]
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9 [516]
AlternateDataStreams: C:\ProgramData\Temp:A4BF246C [516]
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:CFFC9DD0 [225]
AlternateDataStreams: C:\ProgramData\Temp:D453E38B [222]
Empty Temp:


How Can I Reduce My Risk to Malware?


#3 aribee

aribee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 02 July 2016 - 09:01 PM

Chrome is the problematic browser.  I actually hadn't tried any others, since Chrome is the only one I use... but I've been running Waterfox for a few hours to test it, and so far nothing weird has happened, so for the moment it's just Chrome.

 

Fixlog follows!

 

---

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by arielhb (2016-07-02 12:46:47) Run:1
Running from C:\Users\arielhb\Desktop
Loaded Profiles: arielhb (Available Profiles: arielhb)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-3669805139-1652810476-796443282-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-51C61073799B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {0689F0CA-2988-4FB7-ADD2-9B696603F967} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {198A9055-E78E-486D-B03C-ED65149BE7C3} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {55506D8F-3849-422D-A150-75A0E649CB05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5FC444C8-CC01-4233-BCF1-9BC04082060B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task:
{6C438D90-9628-4D08-9470-8185F93AD9D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {908C2500-0D5D-4B11-A2F9-74A9F10A375E} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {F03B7C22-5528-4B61-860C-671513D1BC4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F858613D-C443-464F-8B51-ADB7C6F85BB1} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [490]
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4 [226]
AlternateDataStreams: C:\ProgramData\Temp:149327FE [238]
AlternateDataStreams: C:\ProgramData\Temp:1E86ADD2 [219]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [504]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:6A9EDD31 [500]
AlternateDataStreams:
C:\ProgramData\Temp:831C6B2D [214]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [219]
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9 [516]
AlternateDataStreams: C:\ProgramData\Temp:A4BF246C [516]
AlternateDataStreams: C:\ProgramData\Temp:CAF8DAC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:CFFC9DD0 [225]
AlternateDataStreams: C:\ProgramData\Temp:D453E38B [222]
Empty Temp:
*****************

"HKU\S-1-5-21-3669805139-1652810476-796443282-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-51C61073799B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0689F0CA-2988-4FB7-ADD2-9B696603F967}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0689F0CA-2988-4FB7-ADD2-9B696603F967}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{198A9055-E78E-486D-B03C-ED65149BE7C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198A9055-E78E-486D-B03C-ED65149BE7C3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55506D8F-3849-422D-A150-75A0E649CB05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55506D8F-3849-422D-A150-75A0E649CB05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FC444C8-CC01-4233-BCF1-9BC04082060B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC444C8-CC01-4233-BCF1-9BC04082060B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
Task: => Error: No automatic fix found for this entry.
{6C438D90-9628-4D08-9470-8185F93AD9D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{908C2500-0D5D-4B11-A2F9-74A9F10A375E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{908C2500-0D5D-4B11-A2F9-74A9F10A375E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F03B7C22-5528-4B61-860C-671513D1BC4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F03B7C22-5528-4B61-860C-671513D1BC4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F858613D-C443-464F-8B51-ADB7C6F85BB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F858613D-C443-464F-8B51-ADB7C6F85BB1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
C:\ProgramData\Temp => ":0E61938B" ADS removed successfully.
C:\ProgramData\Temp => ":10CFA7D4" ADS removed successfully.
C:\ProgramData\Temp => ":149327FE" ADS removed successfully.
C:\ProgramData\Temp => ":1E86ADD2" ADS removed successfully.
C:\ProgramData\Temp => ":258D2F8B" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":6A9EDD31" ADS removed successfully.
AlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\ProgramData\Temp:831C6B2D [214]" => not found.
C:\ProgramData\Temp => ":9F50A55A" ADS removed successfully.
C:\ProgramData\Temp => ":A039EDF9" ADS removed successfully.
C:\ProgramData\Temp => ":A4BF246C" ADS removed successfully.
C:\ProgramData\Temp => ":CAF8DAC8" ADS removed successfully.
C:\ProgramData\Temp => ":CFFC9DD0" ADS removed successfully.
C:\ProgramData\Temp => ":D453E38B" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 294525 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15024260 B
Java, Flash, Steam htmlcache => 166485069 B
Windows/system/drivers => 175397 B
Edge => 488 B
Chrome => 612558916 B
Firefox => 14192610 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19157536 B
NetworkService => 5378 B
arielhb => 58590118 B

RecycleBin => 0 B
EmptyTemp: => 845.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:47:09 ====


#4 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:14 AM

Posted 03 July 2016 - 12:55 PM

Have you tried completely uninstalling Chrome than reinstalling it? Or disabling all its extensions to see if its one of them?

 

https://support.google.com/chrome/answer/95319?hl=en


How Can I Reduce My Risk to Malware?


#5 aribee

aribee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 11 July 2016 - 01:44 AM

Wow.  I hadn't, because I didn't think it could be an extension because I hadn't added any new ones recently.  But after disabling them the issue stopped, so I re-enabled them one by one until I found the culprit.

 

I have no idea how that even happened - I can only assume an update added the adware or something.  Thank you so much for the help, and I apologize for the long response time.  I was trying to make sure it wouldn't come back before I opened my mouth and said it was gone.

 

But yeah, problem solved.  Thank you!



#6 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:14 AM

Posted 12 July 2016 - 06:22 PM

No Problem. Your welcome. Pretty sure there are plenty of malicious extensions that could by pass any checks that may be in place to prevent it. Just like the google play store, stuff slips by there to. Good you got it all fixed.

 

You can delete the FRST icon and its logs as well as the FRST folder in your root drive, usually C;

 

Happy safe surfing out there.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users