Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojanhorsexxx.com


  • This topic is locked This topic is locked
7 replies to this topic

#1 Goby

Goby

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 August 2016 - 02:55 AM

Hi 

 

I have tried following the guide http://www.bleepingcomputer.com/virus-removal/remove-trojanhorsexxx.com-scam but the virus is still affecting my computer. Any help would be appreciated.

 

Please see attached jpeg.

 

Regs

 

Goby

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:52 AM

Posted 23 August 2016 - 05:06 AM

Hello Goby and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8,10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

RKreport.txt
zoek-results.log
Frst.txt
Addition.txt


Thanks

Satchfan


Edited by satchfan, 23 August 2016 - 05:28 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 August 2016 - 02:50 AM

RogueKiller V12.5.1.0 (x64) [Aug 22 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/24/2016 17:07:00 (Duration : 00:11:06)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2680159016-4216650370-2435686087-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.interactivebrokers.com.au/en/home.php  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2680159016-4216650370-2435686087-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.interactivebrokers.com.au/en/home.php  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 61.9.226.33 61.9.226.1 ([-][Australia])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 61.9.226.33 61.9.226.1 ([-][Australia])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8220d3a-9465-4d4d-bdea-0cf27c7c6928} | DhcpNameServer : 61.9.226.33 61.9.226.1 ([-][Australia])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8220d3a-9465-4d4d-bdea-0cf27c7c6928} | DhcpNameServer : 61.9.226.33 61.9.226.1 ([-][Australia])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 51399a570805b1d1d2af535faa084a3c
[BSP] a94998cdabd8eecf9922fd7c37b1b818 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 1907376 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 650 120GB +++++
--- User ---
[MBR] ff949d16ab6836da4ebab2a98e66f26f
[BSP] bfb9e0e38cc9ca738c2ddf159db0cbec : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK


#4 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 August 2016 - 04:53 AM

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Admin on Wed 24/08/2016 at 19:03:29.44.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
24/08/2016 7:04:01 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully
C:\Users\Admin\AppData\Local\ActiveSync deleted successfully
C:\Users\Admin\AppData\Local\CutePDF Writer deleted successfully
C:\Users\Admin\AppData\Local\EmieSiteList deleted successfully
C:\Users\Admin\AppData\Local\EmieUserList deleted successfully
C:\Users\gbyat\AppData\Local\ActiveSync deleted successfully
C:\Users\gbyat\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} not found
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\Wondershare Video Editor deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Admin\AppData\Local\Wondershare deleted
C:\Users\Admin\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\Syswow64\SETAEC8.tmp deleted
C:\WINDOWS\Syswow64\SETB1CB.tmp deleted
C:\WINDOWS\Syswow64\SETB269.tmp deleted
C:\WINDOWS\Syswow64\SETB83B.tmp deleted
C:\WINDOWS\Syswow64\SETC047.tmp deleted
C:\WINDOWS\Syswow64\SETC059.tmp deleted
C:\WINDOWS\Syswow64\SETC05B.tmp deleted
"C:\Users\Admin\AppData\Roaming\PlaysTV\playstv.cfg" deleted
"C:\Users\Admin\.android\adb_usb.ini" not deleted
"C:\Users\Admin\AppData\Roaming\PlaysTV" deleted
"C:\Users\Admin\.android" not deleted
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\gbyat\AppData\Local\Google\Chrome deleted
 
==== Chromium Look ======================
 
 
Kindle Cloud Reader - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
Chrome Media Router - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
AdBlock - Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\gbyat\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\gbyat\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2HPN1VK will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1418 folders=181 431604771 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Admin\.android\adb_usb.ini"  not found
"C:\Users\Admin\.android"  not found
"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2HPN1VK" not found
 
==== EOF on Wed 24/08/2016 at 19:21:49.51 ======================


#5 Goby

Goby
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 August 2016 - 04:57 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Admin (administrator) on DESKTOP (24-08-2016 19:25:37)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & gbyat)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-08-13] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-21] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896 2016-06-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-07-22] (Raptr, Inc)
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\MountPoints2: {05b76208-bbd7-11e5-825d-305a3a006885} - "G:\setup.exe" 
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\MountPoints2: {6587fd09-ba1b-11e5-825d-305a3a006885} - "F:\setup.exe" 
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\MountPoints2: {658816bd-ba1b-11e5-825d-305a3a006885} - "H:\setup.exe" 
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 61.9.226.33 61.9.226.1
Tcpip\..\Interfaces\{1419d695-66f6-4206-a6de-f3025d7a1170}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f8220d3a-9465-4d4d-bdea-0cf27c7c6928}: [DhcpNameServer] 61.9.226.33 61.9.226.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.interactivebrokers.com.au/en/home.php
SearchScopes: HKU\S-1-5-21-2680159016-4216650370-2435686087-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.au/?gws_rd=cr
CHR StartupUrls: Default -> "hxxp://www.google.com.au/","hxxp://www.google.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Poper Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-08-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (High Contrast) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-06-11]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-21]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-05]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-05]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-05]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-05]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-24] () [File not signed]
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-07-23] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-21] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-02] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-21] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-22] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-08-13] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2016-01-14] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [559080 2016-04-19] (Intel Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-24] (REALiX™)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-31] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260328 2016-01-16] (Microvirt Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-02-27] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 19:25 - 2016-08-24 19:25 - 00019717 _____ C:\Users\Admin\Desktop\FRST.txt
2016-08-24 19:25 - 2016-08-24 19:25 - 00000000 ____D C:\FRST
2016-08-24 19:24 - 2016-08-24 19:25 - 02396672 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-08-24 19:22 - 2016-08-24 19:24 - 00000000 ____D C:\ProgramData\ProductData
2016-08-24 19:22 - 2016-08-24 19:22 - 00006461 _____ C:\Users\Admin\Desktop\zoek-results.txt
2016-08-24 19:22 - 2016-08-24 19:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PlaysTV
2016-08-24 19:21 - 2016-08-24 19:21 - 00000000 ____D C:\Users\Admin\AppData\Local\ActiveSync
2016-08-24 19:14 - 2016-08-24 19:03 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-08-24 19:02 - 2016-08-24 19:12 - 00000000 ____D C:\zoek_backup
2016-08-24 17:20 - 2016-08-24 19:02 - 01309184 _____ C:\Users\Admin\Downloads\zoek.exe
2016-08-24 17:19 - 2016-08-24 17:19 - 00005540 _____ C:\Users\Admin\Desktop\RKreport.txt
2016-08-24 17:07 - 2016-08-24 17:07 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-24 17:05 - 2016-08-24 17:05 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-08-24 17:05 - 2016-08-24 17:05 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-24 17:05 - 2016-08-24 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-24 17:05 - 2016-08-24 17:05 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-24 17:04 - 2016-08-24 17:04 - 31926992 _____ (Adlice Software ) C:\Users\Admin\Downloads\setup.exe
2016-08-23 18:23 - 2016-08-23 18:23 - 00011608 _____ C:\Users\Admin\Downloads\Predators (2010) [720p] [YTS.AG].torrent
2016-08-22 19:14 - 2016-08-22 19:14 - 15206472 _____ (IObit ) C:\Users\Admin\Downloads\driver_booster_setup (1).exe
2016-08-22 19:04 - 2016-08-22 19:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-22 19:04 - 2016-08-22 19:06 - 11438608 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2016-08-22 19:04 - 2016-08-22 19:04 - 09096848 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe
2016-08-22 19:03 - 2016-08-22 19:04 - 03784256 _____ C:\Users\Admin\Downloads\AdwCleaner (1).exe
2016-08-22 18:57 - 2016-08-22 19:01 - 00000000 ____D C:\AdwCleaner
2016-08-22 18:57 - 2016-08-22 18:57 - 03784256 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2016-08-22 18:53 - 2016-08-22 19:06 - 00237574 _____ C:\WINDOWS\ntbtlog.txt
2016-08-22 18:53 - 2016-08-22 19:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-22 18:48 - 2016-08-22 18:48 - 00000076 _____ C:\Users\Admin\Desktop\BC.txt
2016-08-22 18:46 - 2016-08-22 18:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2016-08-22 18:21 - 2016-08-24 19:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-22 18:21 - 2016-08-22 18:21 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-22 18:21 - 2016-08-22 18:21 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-22 18:21 - 2016-08-22 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-22 18:21 - 2016-08-22 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-22 18:21 - 2016-08-22 18:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-22 18:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-22 18:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-22 18:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-22 18:17 - 2016-08-22 18:17 - 00038687 _____ C:\Users\Admin\Downloads\Now You See Me 2 (2016) [720p] [YTS.AG].torrent
2016-08-22 18:17 - 2016-08-22 18:17 - 00038687 _____ C:\Users\Admin\Downloads\Now You See Me 2 (2016) [720p] [YTS.AG] (1).torrent
2016-08-21 18:08 - 2016-08-21 18:09 - 02945016 _____ (Google) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe
2016-08-19 18:16 - 2016-08-19 18:16 - 00014661 _____ C:\Users\Admin\Downloads\Next (2007) [720p] [YTS.AG].torrent
2016-08-19 18:16 - 2016-08-19 18:16 - 00012696 _____ C:\Users\Admin\Downloads\The Man from Earth (2007) [720p] [YTS.AG].torrent
2016-08-19 18:15 - 2016-08-19 18:15 - 00014700 _____ C:\Users\Admin\Downloads\Quarantine (2008) [720p] [YTS.AG].torrent
2016-08-19 18:12 - 2016-08-19 18:12 - 00007631 _____ C:\Users\Admin\Downloads\Europa Report (2013) [720p] [YTS.AG].torrent
2016-08-19 18:10 - 2016-08-19 18:10 - 00008766 _____ C:\Users\Admin\Downloads\Edge of Tomorrow (2014) [720p] [YTS.AG].torrent
2016-08-19 18:09 - 2016-08-19 18:09 - 00036515 _____ C:\Users\Admin\Downloads\Possession (1981) [720p] [YTS.AG].torrent
2016-08-19 18:08 - 2016-08-19 18:08 - 00013708 _____ C:\Users\Admin\Downloads\The Thing (1982) [720p] [YTS.AG].torrent
2016-08-19 18:06 - 2016-08-19 18:06 - 00016688 _____ C:\Users\Admin\Downloads\Event Horizon (1997) [720p] [YTS.AG].torrent
2016-08-19 18:05 - 2016-08-19 18:05 - 00016906 _____ C:\Users\Admin\Downloads\Constantine (2005) [720p] [YTS.AG].torrent
2016-08-19 18:03 - 2016-08-19 18:03 - 00014839 _____ C:\Users\Admin\Downloads\Antichrist (2009) [720p] [YTS.AG].torrent
2016-08-19 13:00 - 2016-08-19 13:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HelloGames
2016-08-19 12:47 - 2016-08-19 12:47 - 00000222 _____ C:\Users\Admin\Desktop\No Man's Sky.url
2016-08-17 19:49 - 2016-08-17 19:49 - 01435648 _____ C:\Users\Admin\Downloads\__ASX_Div_Momo_170816_1l.xls
2016-08-15 18:04 - 2016-08-15 18:04 - 00032445 _____ C:\Users\Admin\Downloads\The Man Who Knew Infinity (2015) [720p] [YTS.AG].torrent
2016-08-15 18:03 - 2016-08-15 18:03 - 00027209 _____ C:\Users\Admin\Downloads\Endgame (2015) [720p] [YTS.AG].torrent
2016-08-13 18:31 - 2016-08-13 18:31 - 00014691 _____ C:\Users\Admin\Downloads\Police Academy (1984) [720p] [YTS.AG].torrent
2016-08-13 09:20 - 2016-08-13 09:20 - 03199232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-08-13 09:20 - 2016-08-13 09:20 - 02060032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-08-13 09:20 - 2016-08-13 09:20 - 01355616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-08-13 09:20 - 2016-08-13 09:20 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-08-13 09:20 - 2016-08-13 09:20 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-08-13 09:19 - 2016-08-13 09:20 - 05776968 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2016-08-13 09:19 - 2016-08-13 09:19 - 72520720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-08-13 09:19 - 2016-08-13 09:19 - 05989809 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-08-13 09:19 - 2016-08-13 09:19 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-08-13 09:19 - 2016-08-13 09:19 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2016-08-13 09:19 - 2016-08-13 09:19 - 00118600 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-08-13 09:19 - 2016-08-13 09:19 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2016-08-13 09:18 - 2016-08-13 09:18 - 13276105 _____ C:\Users\Admin\Downloads\MyBot6_21-master.zip
2016-08-13 07:39 - 2016-08-13 07:39 - 00000000 ____D C:\Program Files\ATI Technologies
2016-08-13 07:38 - 2016-08-24 19:20 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-12 17:34 - 2016-08-12 17:34 - 00029561 _____ C:\Users\Admin\Downloads\Money Monster (2016) [720p] [YTS.AG].torrent
2016-08-12 01:07 - 2016-08-12 01:07 - 08892696 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 08738920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 07258160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 07115928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00479368 _____ C:\WINDOWS\system32\amdmiracast.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00164280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00159088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00154920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00138688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00138176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00137224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00123120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00123104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00105344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2016-08-12 01:07 - 2016-08-12 01:07 - 00105344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 48819200 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 38266368 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 32555512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 27489280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 21641216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 15729152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 14320128 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 08830456 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 08627704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 07076352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 06956032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 02376704 _____ C:\WINDOWS\system32\amdoclvp9lib64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 02286584 _____ C:\WINDOWS\SysWOW64\amdoclvp9lib32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 02147328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 01837568 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00991232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00883192 _____ (AMD) C:\WINDOWS\system32\coinst_16.30.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00751616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00627192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00459776 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00402944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00350208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00292352 _____ C:\WINDOWS\system32\dgtrayicon.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00287744 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00275968 _____ C:\WINDOWS\system32\GameManager64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00270336 _____ C:\WINDOWS\system32\clinfo.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00268792 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00249336 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00234496 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00231424 _____ C:\WINDOWS\system32\atieah64.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00222208 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00209408 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00202744 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00201728 _____ C:\WINDOWS\system32\amdhdl64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00181760 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00159736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00137208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00135168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00130560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00123896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00118784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00113664 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00111616 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00109568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00108544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00104448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00083960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00079864 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00069632 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00068608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2016-08-12 01:06 - 2016-08-12 01:06 - 00068096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00067584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00066560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00060920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00055800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2016-08-12 01:06 - 2016-08-12 01:06 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2016-08-10 07:21 - 2016-08-03 20:44 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 07:21 - 2016-08-03 20:44 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 07:21 - 2016-08-03 20:44 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 07:21 - 2016-08-03 20:06 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 07:21 - 2016-08-03 20:06 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 07:21 - 2016-08-03 20:06 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 07:21 - 2016-08-03 20:00 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 07:21 - 2016-08-03 19:53 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 07:21 - 2016-08-03 19:53 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 07:21 - 2016-08-03 19:52 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 07:21 - 2016-08-03 19:52 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 07:21 - 2016-08-03 19:52 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 07:21 - 2016-08-03 19:52 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 07:21 - 2016-08-03 19:52 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 07:21 - 2016-08-03 19:51 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 07:21 - 2016-08-03 19:51 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 07:21 - 2016-08-03 19:51 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 07:21 - 2016-08-03 19:51 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 07:21 - 2016-08-03 19:50 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 07:21 - 2016-08-03 19:50 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 07:21 - 2016-08-03 19:49 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 07:21 - 2016-08-03 19:49 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 07:21 - 2016-08-03 19:43 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 07:21 - 2016-08-03 19:43 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 07:21 - 2016-08-03 19:43 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 07:21 - 2016-08-03 19:41 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 07:21 - 2016-08-03 19:21 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 07:21 - 2016-08-03 19:21 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 07:21 - 2016-08-03 19:16 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 07:21 - 2016-08-03 19:14 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 07:21 - 2016-08-03 19:14 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 07:21 - 2016-08-03 19:14 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 07:21 - 2016-08-03 19:13 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 07:21 - 2016-08-03 19:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 07:21 - 2016-08-03 19:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 07:21 - 2016-08-03 19:10 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 07:21 - 2016-08-03 19:10 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 07:21 - 2016-08-03 19:10 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 07:21 - 2016-08-03 19:10 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 07:21 - 2016-08-03 19:09 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 07:21 - 2016-08-03 19:09 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 07:21 - 2016-08-03 19:08 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 07:21 - 2016-08-03 19:08 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 07:21 - 2016-08-03 19:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 07:21 - 2016-08-03 19:06 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 07:21 - 2016-08-03 19:06 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 07:21 - 2016-08-03 19:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 07:21 - 2016-08-03 19:05 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 07:21 - 2016-08-03 19:05 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 07:21 - 2016-08-03 19:04 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 07:21 - 2016-08-03 19:03 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 07:21 - 2016-08-03 19:03 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 07:21 - 2016-08-03 19:01 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 07:21 - 2016-08-03 19:01 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 07:21 - 2016-08-03 19:01 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 07:21 - 2016-08-03 19:00 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 07:21 - 2016-08-03 19:00 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 07:21 - 2016-08-03 19:00 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 07:21 - 2016-08-03 18:59 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 07:21 - 2016-08-03 18:59 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 07:21 - 2016-08-03 18:59 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 07:21 - 2016-08-03 18:59 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 07:21 - 2016-08-03 18:59 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 07:21 - 2016-08-03 18:58 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 07:21 - 2016-08-03 18:58 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 07:21 - 2016-08-03 18:58 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 07:21 - 2016-08-03 18:57 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 07:21 - 2016-08-03 18:57 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 07:21 - 2016-08-03 18:57 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 07:21 - 2016-08-03 18:57 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 07:21 - 2016-08-03 18:50 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 07:21 - 2016-08-03 18:48 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 07:21 - 2016-08-03 18:48 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 07:21 - 2016-08-03 18:48 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 07:21 - 2016-08-03 18:47 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 07:21 - 2016-08-03 18:46 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 07:21 - 2016-08-03 18:46 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 07:21 - 2016-08-03 18:46 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 07:21 - 2016-08-03 18:46 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 07:21 - 2016-08-03 18:45 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 07:21 - 2016-08-03 18:44 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 07:21 - 2016-08-03 18:44 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 07:21 - 2016-08-03 18:43 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 07:21 - 2016-08-03 18:43 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 07:21 - 2016-08-03 18:42 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 07:21 - 2016-08-03 18:41 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 07:21 - 2016-08-03 15:22 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 07:21 - 2016-08-03 15:04 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 07:21 - 2016-08-03 15:04 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 07:21 - 2016-08-03 15:03 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 07:21 - 2016-08-03 15:01 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 07:21 - 2016-08-03 15:01 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 07:21 - 2016-08-03 15:01 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 07:21 - 2016-08-03 15:00 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 07:21 - 2016-08-03 15:00 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 07:21 - 2016-08-03 15:00 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 07:21 - 2016-08-03 14:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 07:21 - 2016-08-03 14:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 07:21 - 2016-08-03 14:17 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 07:21 - 2016-08-03 14:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 07:21 - 2016-08-03 14:14 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 07:21 - 2016-08-03 14:12 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 07:21 - 2016-08-03 14:10 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 07:21 - 2016-08-03 14:09 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 07:21 - 2016-08-03 14:07 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 07:21 - 2016-08-03 14:07 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 07:21 - 2016-08-03 14:05 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 07:21 - 2016-08-03 14:05 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 07:21 - 2016-08-03 14:04 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 07:21 - 2016-08-03 14:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 07:21 - 2016-08-03 14:03 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 07:21 - 2016-08-03 14:03 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 07:21 - 2016-08-03 14:03 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 07:21 - 2016-08-03 14:02 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 07:21 - 2016-08-03 14:02 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 07:21 - 2016-08-03 14:02 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 07:21 - 2016-08-03 14:02 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 07:21 - 2016-08-03 14:01 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 07:21 - 2016-08-03 14:01 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 07:21 - 2016-08-03 13:59 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 07:21 - 2016-08-03 13:58 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 07:21 - 2016-08-03 13:55 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 07:21 - 2016-08-03 13:55 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 07:21 - 2016-08-03 13:53 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 07:21 - 2016-08-03 13:53 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 07:21 - 2016-08-03 13:52 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 07:21 - 2016-08-03 13:52 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 07:21 - 2016-08-03 13:51 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 07:21 - 2016-08-03 13:49 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-05 17:47 - 2016-08-05 17:47 - 00017828 _____ C:\Users\Admin\Downloads\The Chronicles of Narnia- The Voyage of the Dawn Treader (2010) [720p] [YTS.AG].torrent
2016-08-05 17:46 - 2016-08-05 17:46 - 00021144 _____ C:\Users\Admin\Downloads\The Chronicles of Narnia- Prince Caspian (2008) [720p] [YTS.AG].torrent
2016-08-05 09:02 - 2016-08-05 09:02 - 09498392 _____ C:\Users\Admin\Downloads\PathOfExile.exe
2016-08-05 09:02 - 2016-08-05 09:02 - 00316184 _____ C:\Users\Admin\Downloads\Client.exe
2016-07-31 09:56 - 2016-07-31 09:56 - 00231387 _____ C:\Users\Admin\Downloads\NeverSink-Filter-3.302b.zip
2016-07-29 18:11 - 2016-07-29 18:11 - 01410560 _____ C:\Users\Admin\Downloads\__ASX_Div_Momo_290716_r4.xls
2016-07-25 19:00 - 2016-07-25 19:00 - 01412096 _____ C:\Users\Admin\Downloads\__ASX_Div_Momo_250716_fc.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 19:24 - 2015-12-24 13:36 - 00003010 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Admin)
2016-08-24 19:24 - 2015-12-24 13:31 - 00000000 ____D C:\ProgramData\MFAData
2016-08-24 19:22 - 2016-01-29 12:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Raptr
2016-08-24 19:21 - 2015-12-23 17:52 - 00000000 ____D C:\Users\Admin\Documents\Outlook Files
2016-08-24 19:21 - 2015-12-23 10:47 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-24 19:21 - 2015-12-22 18:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-24 19:21 - 2015-12-22 18:15 - 00000000 ____D C:\Users\Admin
2016-08-24 19:20 - 2015-10-30 15:58 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-08-24 19:12 - 2016-03-05 13:00 - 00000000 ____D C:\Users\gbyat\AppData\Local\Google
2016-08-24 18:37 - 2015-12-23 10:47 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-24 17:03 - 2016-01-14 16:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-24 16:58 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-24 16:38 - 2015-12-22 16:26 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D5F58BC3-378B-4B4B-8C7C-2E7B7CFB862B}
2016-08-24 15:25 - 2015-10-30 15:58 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-24 12:47 - 2015-10-30 16:54 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-23 20:01 - 2016-03-06 10:54 - 00000000 ____D C:\Users\Admin\.MemuHyperv
2016-08-23 18:33 - 2015-12-23 18:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2016-08-22 19:41 - 2015-12-22 18:20 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-22 19:41 - 2015-10-30 16:51 - 00000000 ____D C:\WINDOWS\INF
2016-08-22 19:15 - 2015-12-24 13:36 - 00002229 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-08-22 19:14 - 2015-12-24 13:36 - 00003366 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-08-22 19:14 - 2015-12-24 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-08-19 17:30 - 2016-04-24 08:34 - 00000000 ____D C:\Users\Admin\AppData\Local\acquisition
2016-08-19 12:47 - 2016-04-04 05:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-19 04:41 - 2015-10-30 16:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 04:40 - 2015-12-23 17:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-18 19:34 - 2015-12-21 10:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-08-16 18:26 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 09:20 - 2015-12-22 18:14 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-13 09:20 - 2015-12-21 11:48 - 05085952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-08-13 09:20 - 2015-12-21 11:48 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-08-13 09:20 - 2015-12-21 11:48 - 03094704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-08-13 09:20 - 2015-12-21 11:48 - 00192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-08-13 09:20 - 2015-12-21 11:48 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-08-13 09:19 - 2016-06-05 16:10 - 00001132 _____ C:\Users\Admin\Desktop\MyBot.run.exe.lnk
2016-08-13 09:19 - 2015-12-24 14:01 - 00101376 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2016-08-13 09:19 - 2015-12-21 11:55 - 01469952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2016-08-13 09:19 - 2015-12-21 11:48 - 05593616 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-08-13 09:19 - 2015-12-21 11:48 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-08-13 09:16 - 2015-12-22 18:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-13 09:04 - 2015-10-31 03:38 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-13 09:04 - 2015-10-30 16:54 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-13 09:04 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-13 09:04 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-13 09:04 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-13 07:39 - 2016-01-29 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-08-13 07:39 - 2015-12-22 18:14 - 00000000 ____D C:\Program Files\AMD
2016-08-13 07:39 - 2015-12-21 14:10 - 00000000 ____D C:\Program Files (x86)\AMD
2016-08-13 07:38 - 2015-12-21 14:09 - 00000000 ____D C:\AMD
2016-08-12 01:07 - 2016-04-01 08:16 - 09340136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 10995344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 10317568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 09131736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 01547544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 01273928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 00183952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2016-08-12 01:07 - 2015-12-16 18:36 - 00152800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2016-08-12 01:06 - 2016-04-01 08:08 - 00241152 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2016-08-12 01:06 - 2016-04-01 08:08 - 00021496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2016-08-12 01:06 - 2016-04-01 08:05 - 00521728 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2016-08-12 01:06 - 2016-04-01 08:05 - 00287232 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2016-08-12 01:06 - 2016-04-01 08:04 - 01323008 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2016-08-12 01:06 - 2016-01-22 21:31 - 26639360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2016-08-12 01:06 - 2016-01-22 21:30 - 00176640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2016-08-12 01:06 - 2016-01-22 21:30 - 00108544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2016-08-12 01:06 - 2016-01-22 21:29 - 00991232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2016-08-12 01:06 - 2015-12-16 18:37 - 26706432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2016-08-12 01:06 - 2015-12-16 18:37 - 00518656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2016-08-10 14:38 - 2015-12-22 17:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 14:38 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 14:38 - 2015-10-30 16:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 14:34 - 2015-12-22 17:04 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 08:19 - 2015-12-24 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-09 07:38 - 2015-12-23 10:48 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 07:38 - 2015-12-23 10:48 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 01:33 - 2016-02-19 20:23 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-04 01:33 - 2015-12-24 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-07-31 13:03 - 2016-07-17 07:27 - 00002098 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-07-29 06:32 - 2015-12-23 10:47 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 06:32 - 2015-12-23 10:47 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-19 11:58
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Admin (24-08-2016 19:25:56)
Running from C:\Users\Admin\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-22 08:48:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-2680159016-4216650370-2435686087-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2680159016-4216650370-2435686087-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2680159016-4216650370-2435686087-503 - Limited - Disabled)
gbyat (S-1-5-21-2680159016-4216650370-2435686087-1003 - Limited - Enabled) => C:\Users\gbyat
Guest (S-1-5-21-2680159016-4216650370-2435686087-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
µTorrent (HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Acquisition version 0.5g (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.5g - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Alien - Isolation (HKLM-x32\...\Alien - Isolation_is1) (Version:  - )
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Asus Sonic Suite Plugins (x32 Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies)
AVG (Version: 16.101.7752 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4649 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies)
AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Galactic Civilizations III (HKLM-x32\...\Galactic Civilizations III_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1141 - Intel Corporation)
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.42 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 2.6.6 - Microvirt)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
NahimicSettingsConfigurator (Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Plex Media Server (HKLM-x32\...\{6ed04053-2a29-404c-96e9-c985b28eba27}) (Version: 0.9.1406 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1406 - Plex, Inc.) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.3-r114633-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
SciTE4AutoIt3 15.920.938.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 15.920.938.0 - Jos van der Zande)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Sonic Radar II (HKLM\...\{A70B8D38-273A-4D6A-B7D5-AEBEDEEE5D28}) (Version: 2.1.2501 - ASUSTeKcomputer.Inc)
Sonic Studio Plugin (Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein - The New Order (HKLM-x32\...\Wolfenstein - The New Order_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XSight 1.5 (HKLM-x32\...\ST6UNST #1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2680159016-4216650370-2435686087-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12980960-B679-42F9-BDCC-4A78C9B4637E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {17183E96-9C58-4E7B-AABB-62D769FF1532} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {190EECAD-8823-42F1-BFBB-959F551EE385} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2138EA26-F079-4092-8E41-E8DB6176CBFB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2385AD46-AF8D-4A3D-B2BB-4FB01FC8B308} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] ()
Task: {265C033F-4A84-4172-A218-D5B090C5BA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {2964872F-12CE-409D-96A1-4BFCE919200C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B575A2B-C274-4BBB-B7C3-DA4531C5DB3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-23] (Microsoft Corporation)
Task: {4D2ED852-E4A8-474B-BBAB-7DA51D5C7952} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {4DE13494-B7A4-42DB-A134-8C65D351FCD4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {57E4BD3C-F151-43E1-A1F6-9C3D9D021F04} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-23] ()
Task: {5FD20AA8-3F27-4D16-BEB8-9CDAB963621F} - System32\Tasks\Driver Booster SkipUAC (Admin) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-28] (IObit)
Task: {63668026-3C10-40A1-BE9E-40FCDB27047F} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {6D86006F-EE4D-4681-91AF-3BA5F91A91D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {727829CE-E06B-45EB-9900-AA3079CA7CB2} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {7B7A3CDF-7F4D-4942-9DA0-B908F81DD7D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8940CAA1-B6BA-4B1A-8C15-9B404F0899E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DF7B1DB-1E92-466C-8868-B8AF59B5E2CA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {9C636083-3DAF-4761-8363-87F892EC01B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {9CCA4933-36D0-4DD7-8678-59B86E5D714A} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-28] (IObit)
Task: {A364D48E-3A3A-4030-8CAE-87D18FBF3760} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A8FD3682-4ABB-4912-96B1-5BF0E152E343} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA3EDC68-EDCA-4F43-B76E-78D5526E45B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BC7850FD-B5BD-4FB8-8F13-2E333824E44A} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {CF2482A3-9128-434A-B5BF-A1A318830F14} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DB9992E7-2E11-41E4-B3D6-23CF056BE82D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E450FF7A-718A-4FA7-A174-85E625266313} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E9323BF3-AD80-4E05-810C-C2F20CA3ABFF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Admin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Admin\Desktop\Gordon - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 16:48 - 2015-10-30 16:48 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-29 09:15 - 2013-10-23 12:54 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-12-21 11:47 - 2014-07-23 11:29 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-05-19 07:41 - 2015-05-19 07:41 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-12-23 17:06 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-13 19:33 - 2016-07-01 14:18 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 19:33 - 2016-07-01 12:51 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 19:33 - 2016-07-01 12:52 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-20 02:31 - 2016-04-20 02:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-13 19:33 - 2016-07-01 14:18 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-24 03:26 - 2016-05-25 02:13 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-23 05:11 - 2015-12-23 05:11 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 19:35 - 2016-07-01 13:18 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 19:33 - 2016-07-01 12:57 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 19:33 - 2016-07-01 12:52 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-13 19:33 - 2016-07-01 12:54 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-21 11:48 - 2016-08-13 09:19 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2015-12-21 11:46 - 2014-07-23 11:29 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-03-07 09:37 - 2015-03-07 09:37 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-21 07:11 - 2015-11-21 07:11 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 09:37 - 2015-03-07 09:37 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-21 07:11 - 2015-11-21 07:11 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-06-24 12:51 - 2016-06-24 12:51 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-01-16 14:09 - 2015-12-28 12:49 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-02-10 18:38 - 2015-10-27 13:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2016-02-10 18:38 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2016-04-20 02:31 - 2016-04-20 02:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 02:31 - 2016-04-20 02:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-07-24 03:26 - 2016-05-25 00:51 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-08-09 07:38 - 2016-08-03 09:54 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 07:38 - 2016-08-03 09:53 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-12-21 11:47 - 2016-08-24 19:22 - 00036496 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-21 11:46 - 2014-07-23 11:29 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-12-24 13:31 - 2016-04-08 13:42 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2010-11-23 08:26 - 2010-11-23 08:26 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 08:56 - 2014-05-14 08:56 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 08:56 - 2014-05-14 08:56 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 08:56 - 2014-05-14 08:56 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 08:56 - 2014-05-14 08:56 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 08:27 - 2010-11-23 08:27 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 08:26 - 2010-11-23 08:26 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-23 08:27 - 2010-11-23 08:27 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-23 08:27 - 2010-11-23 08:27 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-16 03:47 - 2011-02-16 03:47 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 08:27 - 2010-11-23 08:27 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 08:56 - 2014-05-14 08:56 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 08:26 - 2010-11-23 08:26 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-22 05:59 - 2015-10-22 05:59 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-22 05:59 - 2015-10-22 05:59 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 08:26 - 2010-11-23 08:26 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-23 08:27 - 2010-11-23 08:27 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-20 02:38 - 2016-04-20 02:38 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-16 03:47 - 2011-02-16 03:47 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 08:36 - 2010-11-23 08:36 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 09:22 - 2013-05-10 09:22 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 09:22 - 2013-05-10 09:22 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 09:22 - 2013-05-10 09:22 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-04 04:27 - 2013-05-04 04:27 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-04 04:26 - 2013-05-04 04:26 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-04 04:26 - 2013-05-04 04:26 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-04 04:27 - 2013-05-04 04:27 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-04 04:26 - 2013-05-04 04:26 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-04 04:27 - 2013-05-04 04:27 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-04 04:27 - 2013-05-04 04:27 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-04 04:27 - 2013-05-04 04:27 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-04 04:27 - 2013-05-04 04:27 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2016-01-16 14:10 - 2015-12-23 17:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-01-16 14:10 - 2015-12-23 17:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-01-16 14:10 - 2015-12-23 17:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 22:55 - 2016-01-16 14:10 - 00001042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   idb.iobit.com
127.0.0.1                   asc55.iobit.com
127.0.0.1                   is360.iobit.com
127.0.0.1                   asc.iobit.com
127.0.0.1                   pf.iobit.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
DNS Servers: 61.9.226.33 - 61.9.226.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2680159016-4216650370-2435686087-1001\...\StartupApproved\Run: => "Advanced SystemCare 9"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{797FE5C3-2FA4-4B96-BF31-43EA394CD7D0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{36609679-CD53-4CC3-BC09-4F91F2F28780}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CDDCC181-5378-433C-96AC-2D008B5AC08E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E872D44D-1142-4FF9-9F08-66E4B221A26D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{02E74270-B70A-405E-94B3-EAF54402A4D5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5D67C67B-EF80-4AF7-8FCA-8D1ED5BF9B82}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{552077B1-54C8-49D5-86B4-D8906DFB1B5D}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E44DA7C-FB1E-4328-AB27-3519890AECE4}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5D2AC394-F3A9-4463-820A-6D47E3B7B58A}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C14F21F-239D-4C32-B404-D9F8D243E0F7}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F9F8A40-21BE-4DB0-B509-E6B8EF16ED3E}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97E60B6A-8EEE-401C-A264-63391D08EA25}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A17B7728-AB99-4BA6-AE51-69C42EE5F262}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E068C1BE-5668-4FDC-9455-6F305B62CD65}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{6FB7A371-2096-4D8C-9102-8CACEFF93464}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{EEF64FED-E8D2-45F5-BE03-B14BC88D9E89}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{BEA260CD-8CF7-4994-BD2F-6BACA6A53153}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{ABEE128A-A53E-4991-95FD-51CF1F816932}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{66706C9A-43DF-4531-AE0F-1E0620E7CF8C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{4895D7FD-FA84-4A04-B489-75088A399ADE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{26D9D347-20DF-4CEB-86CE-B9235A6B4946}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{FC085B63-A77D-4163-B0A3-ADD1CA9A7849}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{431B695B-D6A8-4711-BEE2-E89A7CB94A45}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{17EA51FF-D31D-47B6-A141-DBEDE5231CCE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{645347D1-8721-4F2C-BC69-1F083B623149}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{F1F6479E-AE29-49E7-9602-7B527EA1B64C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{08C8DE36-CF13-4C13-B2BA-28F44B1D1EDB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AAE88711-923B-4F81-A9F8-A3F8486C6BEA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD6179E8-B688-42FA-AD00-8C365924F4B0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8CD9532-F033-4B7B-BE38-B40F99C4E8B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{388AA5AB-378E-401D-8809-DD33E1575F4B}D:\games\alien - isolation\ai.exe] => (Allow) D:\games\alien - isolation\ai.exe
FirewallRules: [UDP Query User{342F81FA-01E2-42B3-8B15-4F9CBB3B57F5}D:\games\alien - isolation\ai.exe] => (Allow) D:\games\alien - isolation\ai.exe
FirewallRules: [TCP Query User{E62530C1-5C0B-452F-9A90-6DC84EE48030}D:\games\wolfenstein - the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{199522A8-515B-472B-81E8-4FA04DBE63A4}D:\games\wolfenstein - the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [{4E4736AE-C219-4BDE-8772-A38F4469BB1C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EE6073C1-BFC9-408F-8601-8386DF4D8A48}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{96EB7265-363E-440D-B1AE-DEF11D2E000B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{AE9A0CCD-D12C-4624-8271-275962FA1E85}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{E87F1DAD-A17A-4C98-AFB1-E732DCAB37BF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{5F0F3DE4-1D0F-4CA2-8B82-BE57D1AF5233}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{A406E88D-2D18-4C93-B74B-A8259B4854F4}D:\games\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{613FFB06-6AF4-4A85-9E5A-E563AF85DC14}D:\games\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{BF30B7B7-053A-4C92-9B4A-F6810783593F}] => (Block) D:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{12ABEDC5-BDF5-48DB-884A-67AE3AE54BF3}] => (Block) D:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{39BE4E29-4755-41D1-AC97-618264EFD53B}] => (Allow) D:\Program Files\Microvirt\MEmu\MEmu.exe
FirewallRules: [{D6C72962-8A97-46AE-9F89-A9F9523BB5DD}] => (Allow) D:\Program Files\Microvirt\MEmu\MEmu.exe
FirewallRules: [{BA13FA84-94EE-4D32-ABA8-2E18729D94B8}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{E11CF95E-85EE-4044-9936-3B5BCDC2335C}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{C2452607-F2DC-4CFA-9EEE-FCD1D42BCD43}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{259318FF-F9D6-48F8-8E79-C9D732E894ED}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D3C999CE-BA08-475A-A749-D80F02975DE1}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{B96967C5-7E28-4A36-B889-0376640E9FC7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{16459C62-7732-4FC1-839F-B329BA048AC1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F5CCB39B-09DF-4A07-AF07-F27ABDBE364E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{313CDDE7-4D89-40C2-A7CC-0DA0DB65418C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{910EBBC3-3750-48EE-85FF-10A4987C6D40}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{79DEEB0D-B28F-4F0C-A232-46CC1B6A40F8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{8FF48D95-1835-4F8D-94BE-AF361BB1DC92}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B0FCB41A-1D11-4BF0-8E5C-6E6C90C83C05}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{9A537227-EB23-4259-9675-494FFAC61D8B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E4E15F24-6895-4177-BCBE-750089F9BC0B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9426CDE9-C342-4C79-B82B-2E3C4FE2A1E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BC00812E-FDA1-4091-A657-C5EA95786DEF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{54F14C43-73C1-4F64-85D1-539686024682}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{056139C7-82CA-4A2C-9AEB-E9F43886BF87}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D1514558-0772-4379-BB9A-C3DA1D464A45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C5FB156E-10C5-43B3-AF52-D51DC2D0D4E9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D9C609A6-F8BA-4D5A-9EE6-D542696A2AEF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{4BC4B374-DC41-4CBA-85E1-026ECC0073FF}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{8CE03101-944A-4EBB-BA28-5EBF6D4FE71A}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe
 
==================== Restore Points =========================
 
13-08-2016 09:19:17 Driver Booster : Realtek High Definition Audio
19-08-2016 13:00:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
19-08-2016 13:00:43 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
24-08-2016 19:03:56 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2016 07:03:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/24/2016 05:05:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/24/2016 12:45:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2016 04:04:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:52:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (08/22/2016 07:02:46 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/22/2016 07:02:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 06:53:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/22/2016 06:53:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.
 
Error: (08/22/2016 06:53:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (08/24/2016 07:24:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (08/24/2016 07:22:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:22:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:22:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:22:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:22:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:22:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:21:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DesktopAdminS-1-5-21-2680159016-4216650370-2435686087-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/24/2016 07:21:12 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
 
Error: (08/24/2016 07:20:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_66184 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-13 09:05:48.085
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-11 04:43:15.604
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-05 09:08:26.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-114622.dll that did not meet the Store signing level requirements.
 
  Date: 2016-07-14 16:54:11.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-14 05:16:53.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-18 03:01:48.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-17 15:21:18.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-16 05:21:35.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-16 03:36:08.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 06:55:03.626
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-113248.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 31%
Total physical RAM: 8122.39 MB
Available physical RAM: 5585.29 MB
Total Virtual: 16314.39 MB
Available Virtual: 13493.13 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:111.35 GB) (Free:60.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1862.67 GB) (Free:1431.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9B9A2024)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9B9A202C)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:52 AM

Posted 24 August 2016 - 09:53 AM

Thanks for the logs.

 

I've just come home and will be busy for a while but will check the logs and get back to you as soon as I can.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:52 AM

Posted 24 August 2016 - 04:18 PM

I have looked at your logs and I see no signs of the infection you’re having problems with.

There are so many things to “fix” that I’d like to ask a couple of questions and make some recommendations first.


P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

You also seem to be downloading films from [YTS.AG].torrent which, although I’m not familiar with, also seems to be a little dubious.

Altogether, you’re asking for problems using any form of ‘torrent’.

================================================

IObit

IObit programs are not recommended. Advance System Care and others by IObit had stolen material from other computer security companies to use in their own programs and are known to cause system problems that tend to go away after uninstalling their software

See:

http://forums.malwarebytes.org/index.php?showtopic=29681
http://forums.malwarebytes.org/index.php?showtopic=30989
http://forums.malwarebytes.org/index.php?showtopic=33217


I recommend that you uninstall all of the following iObit programs:

Driver Booster 3.5
IObit Uninstaller
Surfing Protection


If you have chosen to do as I suggest, you should run BitRemover which was designed specifically to remove every trace of the entries of IObit files left behind after uninstalling it. Download BitRemover from here, save the program to your Desktop and double-click on the program to run it.

Please can you tell me if the problem is still there and if it is, do you still have the warning window and if so, which browser you’re using.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:52 AM

Posted 29 August 2016 - 03:00 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users