Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen with Cursor after finishing adwcleaner scan


  • This topic is locked This topic is locked
4 replies to this topic

#1 colourboo

colourboo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 October 2016 - 05:37 PM

Hi, so i have been infected with a malware/adware, there's ads popping up all over my desktop, i think it installed a bunch of unrelated software on my computer namely social2search, weatherchicken, ucbrowser, kuaizip and a few other chinese named applications.

What i did was run adwcleaner and malwarebytes to clean it, and then after the scan was done it requested a restart which i did, and then after that it just restarts onto a black screen after booting. I can use ctrl+alt+delete to bring up the login/switch user menu, and i can click the task manager but it doesnt appear.

I have tried booting into safe mode with networking and run the malware scans again a few times. I think it is clean now, but i still cant boot into normal mode, i keep getting the black screen with my cursor.

Here's the log from my adwcleaner :
 

# AdwCleaner v6.021 - Logfile created 12/10/2016 at 05:09:26
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-11.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : tommy - CK
# Running from : D:\Downloads\adwcleaner_6.021.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  02d381177b0e2083ba1e36ba913796dc
Service Found:  muhexibo
Service Found:  QiyiService
Service Found:  GoogleChromeUpService
Service Found:  KuaiZipDrive
Service Found:  KuaizipUpdateChecker
Service Found:  MaohaWifiNetPro
Service Found:  MaohaWifiSvr
Service Found:  Kuaizip Update Checker
Service Found:  KuaiZipDrive2
Service Found:  Update service
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files (x86)\00000000-1476218758-0000-0000-50E549539EF8
Folder Found:  C:\Users\tommy\AppData\Local\00000000-1476247727-0000-0000-50E549539EF8
Folder Found:  C:\Users\tommy\AppData\Local\tuto_monetize_120161011
Folder Found:  C:\Users\tommy\AppData\Roaming\IQIYI Video
Folder Found:  C:\Users\tommy\AppData\Roaming\RHEng
Folder Found:  C:\Users\tommy\AppData\Roaming\UPUpdata
Folder Found:  C:\Users\tommy\AppData\Roaming\ContentPush
Folder Found:  C:\Users\tommy\AppData\Roaming\Kuaizip
Folder Found:  C:\Users\tommy\AppData\Roaming\KuaiZip
Folder Found:  C:\Users\tommy\AppData\Roaming\Softlink
Folder Found:  C:\ProgramData\Thunder Network
Folder Found:  C:\ProgramData\Application Data\Thunder Network
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWifi
Folder Found:  C:\Program Files (x86)\IQIYI Video
Folder Found:  C:\Program Files (x86)\ContentPush
Folder Found:  C:\Program Files (x86)\GreatMaker
Folder Found:  C:\Program Files (x86)\mpck
Folder Found:  C:\Users\tommy\AppData\Local\app
 
 
***** [ Files ] *****
 
File Found:  C:\Users\tommy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk
File Found:  C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
File Found:  C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk
File Found:  C:\Users\tommy\Desktop\¿ìѹ.lnk
File Found:  C:\Windows\SysNative\drivers\ucguard.sys
File Found:  C:\Windows\SysNative\drivers\KuaiZipDrive.sys
File Found:  C:\Windows\SysNative\drivers\KuaiZipDrive2.sys
File Found:  C:\ProgramData\service.exe
File Found:  C:\ProgramData\Application Data\service.exe
File Found:  C:\ProgramData\service.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
Key Found:  : \root\subscription\\ActiveScriptEventConsumer [ASEC]
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  KuaiZip_Update
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\UCHTML
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Key Found:  HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WINCOMTOH]
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
Key Found:  HKLM\SOFTWARE\Classes\HCDNProxy
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.001
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.002
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.003
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.004
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.005
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.006
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.007
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.008
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.009
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.01
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.010
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.011
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.012
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.013
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.014
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.015
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.016
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.017
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.018
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.019
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.02
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.020
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.021
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.022
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.023
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.024
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.025
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.026
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.027
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.028
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.029
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.03
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.030
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.031
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.032
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.033
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.034
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.035
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.036
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.037
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.038
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.039
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.04
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.040
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.041
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.042
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.043
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.044
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.045
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.046
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.047
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.048
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.049
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.05
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.050
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.051
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.052
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.053
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.054
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.055
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.056
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.057
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.058
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.059
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.06
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.060
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.061
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.062
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.063
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.064
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.065
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.066
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.067
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.068
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.069
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.07
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.070
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.071
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.072
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.073
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.074
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.075
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.076
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.077
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.078
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.079
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.08
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.080
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.081
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.082
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.083
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.084
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.085
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.086
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.087
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.088
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.089
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.09
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.090
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.091
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.092
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.093
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.094
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.095
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.096
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.097
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.098
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.099
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.7z
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.apk
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.arj
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.bz2
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.cab
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.gz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.gzip
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.jar
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.kz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.lzh
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.mou
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.rar
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.rpm
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.tar
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.tbz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.tgz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.wim
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.z
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.zip
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip.zipx
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.ape
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.bin
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.cue
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.flac
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.iso
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.isz
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.mds
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount.wv
Key Found:  HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
Key Found:  HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
Key Found:  HKLM\SOFTWARE\Classes\qygameclient
Key Found:  HKLM\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
Key Found:  HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler.1
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj
Key Found:  HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\HCDNProxy
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.apk
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip.zipx
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
Key Found:  [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
Key Found:  [x64] HKLM\SOFTWARE\Classes\qygameclient
Key Found:  [x64] HKLM\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.ContextMenuExt.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.DragDropMenu.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.KYDropHandler.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj
Key Found:  [x64] HKLM\SOFTWARE\Classes\QZipShell2.KzShlobj.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\Installer
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\PPStream
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\QiYi
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\QyGameClient
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\MICROSOFT\OTUT
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\UCBrowser
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\UCBrowserPID
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\AutoTime
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\KuaiZip
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\SNDA
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\KuaiZipSFX
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\Maoha
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Installer
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\PPStream
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\QiYi
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\QyGameClient
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MICROSOFT\OTUT
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowser
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowserPID
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AutoTime
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\KuaiZip
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SNDA
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\KuaiZipSFX
Key Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Maoha
Key Found:  HKCU\Software\Installer
Key Found:  HKCU\Software\PPStream
Key Found:  HKCU\Software\QiYi
Key Found:  HKCU\Software\QyGameClient
Key Found:  HKCU\Software\MICROSOFT\OTUT
Key Found:  HKCU\Software\UCBrowser
Key Found:  HKCU\Software\UCBrowserPID
Key Found:  HKCU\Software\AutoTime
Key Found:  HKCU\Software\KuaiZip
Key Found:  HKCU\Software\SNDA
Key Found:  HKCU\Software\KuaiZipSFX
Key Found:  HKCU\Software\Maoha
Key Found:  HKLM\SOFTWARE\QiYi
Key Found:  HKLM\SOFTWARE\UCBrowser
Key Found:  HKLM\SOFTWARE\UCBrowserPID
Key Found:  HKLM\SOFTWARE\trotuxSoftware
Key Found:  HKLM\SOFTWARE\Maoha
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentPush
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mobilepcstarterkit_is1
Key Found:  [x64] HKCU\Software\Installer
Key Found:  [x64] HKCU\Software\PPStream
Key Found:  [x64] HKCU\Software\QiYi
Key Found:  [x64] HKCU\Software\QyGameClient
Key Found:  [x64] HKCU\Software\MICROSOFT\OTUT
Key Found:  [x64] HKCU\Software\UCBrowser
Key Found:  [x64] HKCU\Software\UCBrowserPID
Key Found:  [x64] HKCU\Software\AutoTime
Key Found:  [x64] HKCU\Software\KuaiZip
Key Found:  [x64] HKCU\Software\SNDA
Key Found:  [x64] HKCU\Software\KuaiZipSFX
Key Found:  [x64] HKCU\Software\Maoha
Data Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] - 
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\yeabests.cc
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\yeabests.cc
Value Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
Value Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
Value Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
Value Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found:  HKU\S-1-5-21-3940477119-1322759601-2460558041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
Value Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [QyClient.exe]
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
Key Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
Value Found:  HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
Key Found:  HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Value Found:  HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyClient.exe]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
Key Found:  HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
Key Found:  HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
Key Found:  HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] - hxxp://www.trotux.com/?z=39c5a2dfa78518c4b7d4dcbg4zcmbq8o3g5bat5o3c&from=clc&uid=SamsungXSSDX850XEVOX500GB_
Chrome pref Found:  [C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd
Chrome pref Found:  [C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences ] - hxxp://www.trotux.com/?z=39c5a2dfa78518c4b7d4dcbg4zcmbq8o3g5bat5o3c&from=clc&uid=SamsungXSSDX850XEVOX500GB
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [29285 Bytes] - [12/10/2016 05:09:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29359 Bytes] ##########
 
 
 
 
Here is the FRST Scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016
Ran by tommy (administrator) on CK (12-10-2016 06:35:29)
Running from D:\Downloads
Loaded Profiles: tommy (Available Profiles: tommy)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Downloads\adwcleaner_6.021.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767760 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-20] (Razer Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Update] => C:\Users\tommy\AppData\Roaming\ContentPush\ContentPush.exe /runonce
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\tommy\AppData\Local\Temp\DeleteOnReboot.bat [13783 2016-10-12] () <===== ATTENTION
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [Spotify Web Helper] => C:\Users\tommy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-22] (Spotify Ltd)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [Dropbox Update] => C:\Users\tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [Spotify] => C:\Users\tommy\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-22] (Spotify Ltd)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [f.lux] => C:\Users\tommy\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [Monotype SkyFonts Rack Up] => C:\Program Files\Monotype\SkyFonts\SFC.exe [26064 2016-07-06] (Monotype Imaging Inc.)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C3].txt [1238 2016-10-12] ()
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\MountPoints2: {120ece52-1dba-11e6-82bf-50e549539ef8} - "K:\Autoplay.exe" -auto
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2230736 2016-07-06] (Monotype Imaging Inc.)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2016-10-12]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2016-10-12]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Startup: C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 2130 series.lnk [2016-10-12]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 54.255.130.140 192.168.0.10
Tcpip\..\Interfaces\{63A9DE77-864C-4C17-BDCE-597680F02F4D}: [DhcpNameServer] 54.255.130.140 192.168.0.10
Tcpip\..\Interfaces\{D8619674-7A71-44B2-8416-AC5D2DC8B091}: [DhcpNameServer] 192.168.0.10
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: yourprofitclub -> {a12b8a71-d954-ed03-579f-24c120ca2bbd} -> C:\WINDOWS\SysWow64\5526a3c9.dll [2011-08-17] ()
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-17] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-05-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=39c5a2dfa78518c4b7d4dcbg4zcmbq8o3g5bat5o3c&from=clc&uid=SamsungXSSDX850XEVOX500GB_S21GNWAG703143T&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Profile: C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-12] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-28]
CHR Extension: (Google Search) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Enable right click) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2016-02-17]
CHR Extension: (WhatFont) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-06-17]
CHR Extension: (Skype) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-10-06]
CHR Extension: (Gmail) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Extension: (RightToCopy) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\plmcimdddlobkphnofejmeidjblideca [2016-07-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-09-08] (PACE Anti-Piracy, Inc.) [File not signed]
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [65176 2016-04-29] (Razer Inc.)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-20] (Razer Inc.) [File not signed]
S2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [60368 2016-07-06] (Monotype Imaging Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [648472 2014-08-15] (Wacom Technology, Corp.)
S2 Coigertionsherwesh; C:\Program Files (x86)\Nizght\wegetckusetionmng.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-05-19] (Disc Soft Ltd)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [768000 2011-05-17] (Line 6)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-12] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U0 phcf; C:\Windows\System32\drivers\xirvgjn.sys [79064 2016-10-12] (Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-07] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2090-12-09 05:40 - 2090-12-09 05:40 - 00000000 ____D C:\Users\tommy\Documents\VST3 Presets
2090-12-09 05:40 - 2090-12-09 05:40 - 00000000 ____D C:\Users\tommy\Documents\Steinberg
2090-12-09 05:40 - 2090-12-09 05:40 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 7 32bit
2090-12-09 05:39 - 2090-12-09 05:42 - 00000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2090-12-09 05:39 - 2090-12-09 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2090-12-09 05:39 - 2090-12-09 05:39 - 00000000 ____D C:\Program Files\eLicenser
2090-12-09 05:39 - 2090-12-09 05:39 - 00000000 ____D C:\Program Files (x86)\Syncrosoft
2090-12-09 05:39 - 2090-12-09 05:39 - 00000000 ____D C:\Program Files (x86)\eLicenser
2090-12-09 05:39 - 2012-12-07 23:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\Windows\system32\SYNSOACC.dll
2090-12-09 05:39 - 2012-12-07 23:48 - 01277952 _____ (Steinberg Media Technologies GmbH) C:\Windows\SysWOW64\SYNSOACC.dll
2090-12-09 05:39 - 2011-12-15 03:21 - 00086016 _____ C:\Windows\SysWOW64\SYNSOPOS.exe
2090-12-09 05:36 - 2090-12-09 05:36 - 00000000 ____D C:\Users\tommy\AppData\Local\eLicenser
2090-12-09 05:35 - 2090-12-09 05:35 - 00002892 _____ () C:\Windows\SysWOW64\audcon.sys
2090-12-09 05:35 - 2090-12-09 05:35 - 00000000 ____D C:\ProgramData\Syncrosoft
2016-10-12 06:35 - 2016-10-12 06:35 - 00000000 ____D C:\FRST
2016-10-12 06:30 - 2016-10-12 06:30 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\xirvgjn.sys
2016-10-12 05:48 - 2016-10-12 06:28 - 00941280 _____ C:\Windows\ntbtlog.txt
2016-10-12 05:06 - 2016-10-12 06:11 - 00000000 ____D C:\AdwCleaner
2016-10-12 04:58 - 2016-10-12 06:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-12 04:55 - 2016-10-12 06:30 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-12 04:55 - 2016-10-12 04:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-12 04:54 - 2016-10-12 04:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-12 04:54 - 2016-10-12 04:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-12 04:54 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-12 04:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-12 04:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-12 04:49 - 2016-10-12 04:49 - 00008860 _____ C:\Windows\System32\Tasks\Rercotain Server
2016-10-12 04:49 - 2016-10-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network
2016-10-12 04:48 - 2016-10-12 05:15 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Clubesh
2016-10-12 04:48 - 2016-10-12 04:50 - 00000000 ____D C:\Users\tommy\AppData\Local\Vivert
2016-10-12 04:46 - 2016-10-12 04:46 - 00000000 ____D C:\Users\Public\QiYi
2016-10-12 04:45 - 2016-10-12 04:45 - 00000000 _____ C:\TOSTACK
2016-10-12 04:44 - 2016-10-12 06:28 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-10-12 04:44 - 2016-10-12 04:44 - 00001567 _____ C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-10-12 04:44 - 2016-10-12 04:44 - 00000000 ____D C:\Users\tommy\AppData\Local\UCBrowser
2016-10-12 04:43 - 2016-10-12 04:43 - 00003640 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2016-10-12 04:43 - 2016-10-12 04:43 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2016-10-12 04:43 - 2016-10-12 04:43 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2016-10-12 04:43 - 2016-10-12 04:43 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
2016-10-12 04:43 - 2016-10-12 04:43 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microleaves
2016-10-12 04:40 - 2016-10-12 04:40 - 00000000 ____D C:\Users\tommy\AppData\Roaming\PDAppFlex
2016-10-10 19:05 - 2016-10-10 19:06 - 00000000 ____D C:\Users\tommy\Desktop\cherryex
2016-10-07 09:03 - 2016-10-07 09:03 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-07 07:35 - 2016-10-07 07:35 - 00083264 _____ C:\Users\tommy\Desktop\ASFY2.0-Demo-registeration-form.odt
2016-10-07 05:45 - 2016-10-12 04:39 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-09-29 13:56 - 2016-09-29 13:56 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-09-29 13:56 - 2016-09-17 06:30 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-09-29 13:55 - 2016-09-17 08:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-29 13:55 - 2016-09-17 08:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00893712 _____ C:\Windows\system32\nvmcumd.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-09-29 13:55 - 2016-09-17 08:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-09-26 04:46 - 2016-10-07 23:11 - 01747971 _____ C:\Users\tommy\Desktop\lr1.ai
2016-09-17 22:59 - 2016-09-23 21:57 - 00000000 ____D C:\Users\tommy\Desktop\datesmith2
2016-09-14 01:23 - 2016-09-01 11:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 01:23 - 2016-09-01 10:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 01:23 - 2016-09-01 10:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 01:23 - 2016-09-01 09:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 01:23 - 2016-09-01 09:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 01:23 - 2016-09-01 09:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 01:23 - 2016-09-01 09:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 01:23 - 2016-09-01 08:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 01:23 - 2016-09-01 08:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 01:23 - 2016-09-01 08:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 01:23 - 2016-09-01 08:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 01:23 - 2016-09-01 08:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 01:23 - 2016-09-01 08:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 01:23 - 2016-09-01 08:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 01:23 - 2016-09-01 07:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 01:23 - 2016-09-01 07:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 01:23 - 2016-09-01 07:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 01:23 - 2016-09-01 07:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 01:23 - 2016-09-01 06:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 01:23 - 2016-09-01 06:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 01:23 - 2016-08-26 13:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 01:23 - 2016-08-26 12:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 01:23 - 2016-08-26 12:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-14 01:23 - 2016-08-26 12:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-14 01:11 - 2016-08-21 07:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-14 01:11 - 2016-08-21 07:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 01:11 - 2016-08-21 07:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-14 01:11 - 2016-08-21 06:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 01:11 - 2016-08-21 06:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-14 01:11 - 2016-08-21 06:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-14 01:11 - 2016-08-10 06:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 01:11 - 2016-08-10 06:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 01:11 - 2016-08-04 22:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 01:11 - 2016-08-04 02:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 01:11 - 2016-08-04 02:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 01:06 - 2016-07-10 00:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-14 01:06 - 2016-07-09 06:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-14 01:06 - 2016-07-08 22:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-14 01:06 - 2016-07-08 22:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-14 01:06 - 2016-07-08 06:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-14 01:06 - 2016-07-08 06:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-14 01:06 - 2016-07-08 06:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-14 01:06 - 2016-07-08 06:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-14 01:06 - 2016-07-08 05:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-14 01:06 - 2016-07-08 04:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-14 01:06 - 2016-07-08 04:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-14 01:06 - 2016-07-08 04:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-14 01:06 - 2016-07-08 04:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-14 01:06 - 2016-07-08 04:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-14 01:06 - 2016-07-08 04:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-14 01:06 - 2016-07-08 04:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-14 01:06 - 2016-07-08 04:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-14 01:06 - 2016-07-08 04:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-14 01:06 - 2016-07-08 04:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-14 01:06 - 2016-07-08 04:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-14 01:06 - 2016-07-08 03:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-14 01:06 - 2016-07-08 03:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-14 01:06 - 2016-07-04 13:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-14 01:06 - 2016-07-04 11:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-14 01:06 - 2016-07-04 11:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-14 01:06 - 2016-07-04 11:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-14 01:06 - 2016-07-04 11:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-14 01:06 - 2016-07-04 11:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-14 01:06 - 2016-07-04 10:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-14 01:06 - 2016-07-02 04:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-14 01:06 - 2016-07-02 04:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-14 01:06 - 2016-01-11 01:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-09-14 01:05 - 2016-09-09 05:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 01:05 - 2016-09-09 05:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 01:05 - 2016-08-23 00:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 01:05 - 2016-08-23 00:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 01:05 - 2016-08-21 09:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 01:05 - 2016-08-21 09:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 01:05 - 2016-08-21 09:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 01:05 - 2016-08-21 08:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 01:05 - 2016-08-21 07:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 01:05 - 2016-08-21 07:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 01:05 - 2016-08-21 06:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 01:05 - 2016-08-15 03:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 01:05 - 2016-08-15 02:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 01:05 - 2016-08-15 00:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 01:05 - 2016-08-13 15:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 01:05 - 2016-08-13 15:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 01:05 - 2016-08-13 15:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 01:05 - 2016-08-13 15:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-14 01:05 - 2016-08-13 15:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 01:05 - 2016-08-13 15:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-14 01:05 - 2016-08-13 08:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 01:05 - 2016-08-12 00:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-14 01:05 - 2016-08-12 00:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-14 01:05 - 2016-08-12 00:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2090-12-09 05:40 - 2014-12-09 05:32 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Steinberg
2090-12-09 05:39 - 2014-12-07 22:27 - 00000000 ____D C:\ProgramData\eLicenser
2090-12-09 05:35 - 2014-12-07 22:27 - 00000000 ____D C:\ProgramData\Steinberg
2016-10-12 06:31 - 2016-07-30 15:29 - 00000709 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-10-12 06:31 - 2016-05-28 00:14 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-10-12 06:31 - 2016-05-28 00:14 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-10-12 06:31 - 2016-04-16 23:24 - 00002108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7.1 64-bit.lnk
2016-10-12 06:31 - 2015-10-27 21:22 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-10-12 06:31 - 2015-10-23 16:53 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-10-12 06:31 - 2015-10-23 16:53 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-10-12 06:31 - 2014-08-29 00:26 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-10-12 06:31 - 2014-08-26 23:13 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-10-12 06:31 - 2014-08-18 22:07 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-10-12 06:31 - 2014-08-18 19:35 - 00002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-12 06:30 - 2016-07-30 16:46 - 00001041 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2016-10-12 06:30 - 2016-07-30 15:29 - 00000697 _____ C:\Users\tommy\Desktop\Windows 10 Upgrade Assistant.lnk
2016-10-12 06:30 - 2016-05-19 20:41 - 00001039 _____ C:\Users\tommy\Desktop\Adobe Photoshop Lightroom 6.1.lnk
2016-10-12 06:30 - 2016-05-19 20:12 - 00001830 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-10-12 06:30 - 2016-05-17 15:58 - 00002184 _____ C:\Users\tommy\Desktop\WhatsApp.lnk
2016-10-12 06:30 - 2016-05-13 21:10 - 00002233 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk
2016-10-12 06:30 - 2016-05-13 21:10 - 00002008 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-10-12 06:30 - 2016-05-13 21:10 - 00001180 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 2130 series.lnk
2016-10-12 06:30 - 2016-05-07 00:54 - 00000830 _____ C:\Users\tommy\Desktop\JapanTokyoApril.lnk
2016-10-12 06:30 - 2016-05-05 21:26 - 00001214 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2016-10-12 06:30 - 2014-11-23 11:32 - 00001806 _____ C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-10-12 06:30 - 2014-08-17 23:36 - 00001491 _____ C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-12 06:30 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Web
2016-10-12 06:28 - 2014-08-18 21:47 - 00000000 ____D C:\Users\tommy\AppData\Roaming\uTorrent
2016-10-12 06:22 - 2014-08-17 23:43 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-12 06:22 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-10-12 06:12 - 2014-08-18 19:35 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-12 06:12 - 2014-08-17 23:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-12 06:12 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-12 05:44 - 2014-08-17 23:36 - 00000000 ____D C:\Users\tommy
2016-10-12 05:19 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-12 05:15 - 2013-08-22 22:44 - 05279192 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 05:09 - 2014-08-17 23:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3940477119-1322759601-2460558041-1001
2016-10-12 05:08 - 2014-12-09 05:30 - 00000000 ____D C:\Windows\system32\appmgmt
2016-10-12 04:57 - 2016-05-17 15:58 - 00000000 ____D C:\Users\tommy\AppData\Roaming\WhatsApp
2016-10-12 04:53 - 2015-12-30 01:20 - 00000000 ____D C:\Users\tommy\AppData\Local\CrashDumps
2016-10-12 04:46 - 2014-08-17 23:36 - 00000000 ____D C:\Users\tommy\AppData\Local\VirtualStore
2016-10-12 04:44 - 2015-03-03 00:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-12 04:39 - 2014-08-18 19:35 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-12 04:34 - 2015-06-24 18:23 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3940477119-1322759601-2460558041-1001UA.job
2016-10-12 03:38 - 2014-08-18 22:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-12 03:15 - 2014-08-23 00:16 - 00000000 ____D C:\Users\tommy\AppData\Roaming\vlc
2016-10-11 23:44 - 2015-03-03 00:41 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 23:44 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 23:44 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-11 12:34 - 2015-06-24 18:23 - 00000872 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3940477119-1322759601-2460558041-1001Core.job
2016-10-07 09:03 - 2014-08-25 23:31 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Dropbox
2016-10-07 09:03 - 2014-06-20 22:06 - 00000000 ___RD C:\Users\tommy\Dropbox
2016-10-07 07:23 - 2015-08-12 23:51 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Celemony Software GmbH
2016-10-07 07:23 - 2014-12-07 23:20 - 00000016 _____ C:\Users\tommy\AppData\Roaming\msregsvv.dll
2016-10-07 07:23 - 2014-12-07 23:20 - 00000016 _____ C:\ProgramData\autobk.inc
2016-10-03 04:40 - 2015-09-01 07:01 - 01220620 _____ C:\Users\tommy\Desktop\lyrics12.ai
2016-10-01 04:00 - 2015-06-24 18:23 - 00000000 ____D C:\Users\tommy\AppData\Local\Dropbox
2016-09-29 17:40 - 2016-05-24 14:03 - 00000034 _____ C:\Users\tommy\AppData\Roaming\AdobeWLCMCache.dat
2016-09-29 13:59 - 2014-08-25 22:35 - 00000000 ____D C:\Program Files\Adobe
2016-09-29 13:58 - 2014-08-25 22:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-09-29 13:57 - 2014-08-18 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-29 13:57 - 2014-08-17 23:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-29 09:07 - 2014-08-25 22:37 - 00000000 ____D C:\Users\tommy\AppData\Local\Adobe
2016-09-28 20:17 - 2016-05-19 20:26 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-27 01:57 - 2014-11-23 11:32 - 00000000 ____D C:\Users\tommy\AppData\Local\Spotify
2016-09-27 01:55 - 2014-11-23 11:31 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Spotify
2016-09-26 20:46 - 2016-04-01 20:24 - 92715625 _____ C:\Users\tommy\Desktop\ls.psd
2016-09-25 04:34 - 2014-08-18 22:08 - 00000000 ____D C:\Windows\Minidump
2016-09-23 05:37 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2016-09-22 16:57 - 2014-08-17 23:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-22 16:57 - 2014-08-17 23:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-22 11:26 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-22 11:26 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-22 02:43 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-09-22 02:43 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-09-22 02:43 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-19 21:12 - 2015-12-02 18:34 - 00000000 ____D C:\Users\tommy\Desktop\Belle
2016-09-19 00:25 - 2016-05-27 02:45 - 00000000 ____D C:\Users\tommy\Downloads\PopcornTime
2016-09-17 08:46 - 2016-08-24 22:06 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-17 08:46 - 2016-08-24 22:06 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-09-17 08:46 - 2015-09-18 01:15 - 17270984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-09-17 08:46 - 2015-06-17 22:57 - 03458608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-09-17 08:46 - 2014-08-18 21:02 - 00039730 _____ C:\Windows\system32\nvinfo.pb
2016-09-17 08:46 - 2014-03-20 23:03 - 19854064 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-09-17 08:46 - 2014-03-20 23:02 - 14353512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-09-17 08:46 - 2014-03-20 23:02 - 03917840 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-09-17 06:57 - 2015-12-22 23:23 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-09-17 06:57 - 2015-12-22 23:23 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-09-17 06:57 - 2014-08-17 23:49 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-09-17 06:57 - 2014-08-17 23:49 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-09-17 06:57 - 2014-08-17 23:49 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-09-17 06:57 - 2014-08-17 23:49 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-09-17 06:57 - 2014-08-17 23:49 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-09-17 06:57 - 2014-08-17 23:49 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-09-16 15:40 - 2014-08-17 23:49 - 07379415 _____ C:\Windows\system32\nvcoproc.bin
2016-09-15 03:48 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-15 03:48 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-14 01:27 - 2014-08-17 23:53 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 01:27 - 2014-08-17 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-14 01:23 - 2014-08-17 23:53 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 03:28 - 2016-05-17 15:58 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-09-13 03:28 - 2016-05-17 15:58 - 00000000 ____D C:\Users\tommy\AppData\Local\WhatsApp
2016-09-13 03:28 - 2016-05-17 15:58 - 00000000 ____D C:\Users\tommy\AppData\Local\SquirrelTemp
 
==================== Files in the root of some directories =======
 
2015-05-07 04:11 - 2015-05-07 04:11 - 0000132 _____ () C:\Users\tommy\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2014-11-10 22:36 - 2014-11-10 22:39 - 0000132 _____ () C:\Users\tommy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-24 14:03 - 2016-09-29 17:40 - 0000034 _____ () C:\Users\tommy\AppData\Roaming\AdobeWLCMCache.dat
2014-12-07 23:20 - 2016-10-07 07:23 - 0000016 _____ () C:\Users\tommy\AppData\Roaming\msregsvv.dll
2014-12-16 17:52 - 2016-08-03 01:30 - 0001456 _____ () C:\Users\tommy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-28 02:21 - 2016-07-28 02:21 - 0007589 _____ () C:\Users\tommy\AppData\Local\Resmon.ResmonCfg
2016-05-13 21:09 - 2016-05-13 21:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-12-07 23:20 - 2016-10-07 07:23 - 0000016 _____ () C:\ProgramData\autobk.inc
 
Files to move or delete:
====================
C:\Users\tommy\AppData\Local\Temp\DeleteOnReboot.bat
C:\Users\tommy\Lightroom_5_LS11.exe
 
 
Some files in TEMP:
====================
C:\Users\tommy\AppData\Local\Temp\Browser_V5.6.14087.902_f_4674_(Build1608021049).exe
C:\Users\tommy\AppData\Local\Temp\Browser_V5.7.15319.5_r_4722_(Build1608291541).exe
C:\Users\tommy\AppData\Local\Temp\E0D2BLGIPR.exe
C:\Users\tommy\AppData\Local\Temp\KuaiZip.exe
C:\Users\tommy\AppData\Local\Temp\libeay32.dll
C:\Users\tommy\AppData\Local\Temp\msvcr120.dll
C:\Users\tommy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\tommy\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\tommy\AppData\Local\Temp\nvStInst.exe
C:\Users\tommy\AppData\Local\Temp\setup.exe
C:\Users\tommy\AppData\Local\Temp\setup_5351.exe
C:\Users\tommy\AppData\Local\Temp\sqlite3.dll
C:\Users\tommy\AppData\Local\Temp\xzqiku_BD_FXKJ18.exe
C:\Users\tommy\AppData\Local\Temp\youkuclient_setup_external_7.0.5.9226.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-05 02:57
 
==================== End of FRST.txt ============================

 

 

Addition:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by tommy (12-10-2016 06:35:50)
Running from D:\Downloads
Windows 8.1 Pro (Update) (X64) (2014-08-17 15:36:25)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3940477119-1322759601-2460558041-500 - Administrator - Disabled)
Guest (S-1-5-21-3940477119-1322759601-2460558041-501 - Limited - Disabled)
tommy (S-1-5-21-3940477119-1322759601-2460558041-1001 - Administrator - Enabled) => C:\Users\tommy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Master Collection CC 2015 (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C3}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Scout CC (Version: 1.1.3.354121 - Adobe Systems Incorporated) Hidden
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AmpliTube 3 version 3.9.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.9.0 - IK Multimedia)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Antares Auto-Tune 7 VST (HKLM-x32\...\{D08EEB75-E3D5-4E93-9E1D-441A261E6B9A}) (Version: 7.01.0002 - Antares Audio Technologies)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Aura Kingdom (HKLM-x32\...\Steam App 268420) (Version:  - X-Legend)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blaine's Letterbox Effects (HKLM\...\{53EE9AAB-CD12-454C-BDD8-32BDC289757F}) (Version: 1.0.3 - Blaine's Movie Maker Blog)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.40.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.1.0.6 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.10.2 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.0.1.3 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.20.0 - Canon Inc.)
Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version:  - Copyright © 2001-2012 Celemony Software GmbH)
Contextual Tool Yourprofitclub (HKLM-x32\...\d903efd5) (Version:  - ) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Dropbox) (Version: 11.4.22 - Dropbox, Inc.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2133 - Steinberg Media Technologies GmbH)
EOSInfo (HKLM-x32\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
f.lux (HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Flux) (Version:  - )
FreeShutterCount V1.0 (HKLM-x32\...\FreeShutterCount_is1) (Version: 1.0.0.0 - FreeShutterCount)
Fuse (HKLM-x32\...\{10f2a819-ae93-425a-9d76-63478887bd65}) (Version: 0.8.4.4765 - Fusetools)
Fuse (x32 Version: 0.8.4.4765 - Fusetools) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IK Multimedia Authorization Manager version 1.0.8 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.8 - IK Multimedia)
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.0.6464 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version:  - Native Instruments)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 372.90 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.6.2 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29092 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SkyFonts™ (HKLM\...\{281483EF-DAE1-4699-A252-D7D67A493ED1}) (Version: 5.6.0.0 - Monotype Imaging Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steinberg Cubase LE AI Elements 7 (HKLM-x32\...\{5C73FC14-D3B1-45FC-A50C-7B41CB0D9DED}) (Version: 7.0.7 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE (HKLM-x32\...\{EF7800A8-575E-4776-95A5-A9D904A85D5F}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Traffic Exchange (HKLM-x32\...\{96627CEF-1947-4E94-BA3C-259FF5EAAEF6}) (Version: 1.0.0 - Microleaves)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.9w3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WhatsApp (HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\WhatsApp) (Version: 0.2.1880 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06405B90-71CC-48D2-8189-C3DBDA55DBCB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-09-14] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {18B91895-532B-4493-B453-004CAE2D8ACA} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {1B1BAB39-2C3C-4784-A207-4D3E5D9BFCD2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {1D0D946C-BA31-417F-A3EC-8E456854FAF1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3940477119-1322759601-2460558041-1001UA => C:\Users\tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {23AACE14-BA54-4255-ABF1-7F59C60B9FB2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {28FD36FA-1756-425D-8AFA-E3886B35140E} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {3FA01E38-D783-406C-9CBC-82D60BD0FAB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {498D599B-A4BD-4375-8C32-8F840D653EFD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3940477119-1322759601-2460558041-1001Core => C:\Users\tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {5B7B2349-81F8-4D57-93BE-92E471B3EF07} - System32\Tasks\Rercotain Server => C:\Program Files (x86)\Nizght\ckucpy.exe
Task: {641BFF13-899B-425A-9488-A802E8D9498D} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {6A78B859-B60D-4655-AD91-6A52F86CC8C5} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe
Task: {7F4FE8BA-C3B4-4AE9-857D-26697410FBBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {87625DB6-E19F-47EA-AB57-16685891E66E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A52AB564-46F0-47F8-91AA-D1EE8CBC4709} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B034A5A8-7B02-44FD-BE86-679CC0E9BC01} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3940477119-1322759601-2460558041-1001Core.job => C:\Users\tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3940477119-1322759601-2460558041-1001UA.job => C:\Users\tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\tommy\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_127706150_en-gb.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=stean&cc=US&setlang=en-GB&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1200%2C1920&CVID=DB0D24865E464E7CA399364892A6D539
Shortcut: C:\Users\tommy\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1473992272_en-gb.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=ituens&cc=US&setlang=en-GB&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1200%2C1920&CVID=1FDE71F222A94BB2A517756FCD0BB3E6
Shortcut: C:\Users\tommy\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_480100364_en-gb.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=utorrent&cc=US&setlang=en-GB&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1200%2C1920&CVID=5974809333B54170A3B46939467FFE61
 
ShortcutWithArgument: C:\Users\tommy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                     
ShortcutWithArgument: C:\Users\tommy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                     
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                     
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-12 05:05 - 2016-10-12 05:06 - 03874368 _____ () D:\Downloads\adwcleaner_6.021.exe
2015-08-24 03:18 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\tommy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-08-24 03:18 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\tommy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-10-12 01:25 - 2016-09-30 10:51 - 17769664 _____ () C:\Users\tommy\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.185\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\tommy\Desktop\Belle:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\College:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\Deerfriend:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\dph:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\Jay Chou 2014:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\Snackfoodt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\SuperstarWorld:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tommy\Desktop\TheCraftCrowd:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\line6.net -> line6.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2016-10-12 04:43 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tommy\Desktop\5.jpg
DNS Servers: 54.255.130.140 - 192.168.0.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{43295AA8-BFA3-4BA7-8263-C32528B71CF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{05A25212-1179-4399-8DDA-C6A1EB963851}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E45D3E3F-E364-4792-9C01-1320BF5D3455}] => (Allow) C:\Users\tommy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33604B21-4AB1-4C2A-828C-1ED4AC1FF427}] => (Allow) C:\Users\tommy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E6952C24-B80E-42FA-8639-44EC56779C0C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5BDC999F-E739-4F0F-8B56-DA1B29F725A7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{405D4882-F596-447B-96B3-7ADF8FF5591F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E5BAA371-B37D-41F2-9637-21326A0D1718}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBE0126D-3718-45B4-89DD-9FF70A8595FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{130CDC8C-4E79-4FBA-8FB2-92CD627B5593}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{529FC943-4E44-44B0-BDD8-F6E5F65D9A7A}] => (Allow) C:\Users\tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CED59EFF-008F-4C4A-AE0C-8436E3D1538A}] => (Allow) C:\Users\tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5BCA6955-D7A7-49C3-888E-7CC72B71C965}C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{67779DE1-F678-4CF2-8CEC-7551D4AF18FE}C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{085A1B51-49EF-472E-9F79-8AEB34F6D96E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{9CE65348-EF64-4837-B9A8-C8D3A8CFD4A4}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{CDEC791C-B583-4504-B75F-A32C55196119}] => (Allow) LPort=7935
FirewallRules: [{DCEB7E3B-605E-4AB4-8852-7855653B1F6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1105EC77-AF0F-4230-8A17-37F42CA84074}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90D43B9F-8274-486F-9D64-33BC8E117210}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D8C07A66-396A-4B7E-87D4-045DAE22A5CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{41147477-3F7A-4D3B-BEDE-72D8137112F6}C:\users\tommy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tommy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B2B8F050-2F63-4624-8988-EFDE952A84E5}C:\users\tommy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tommy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4F03D16F-B5B9-425C-93B5-04E4A0EC30F9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9A994E6E-C26E-4595-867F-D3DAF924283B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{26D05CDF-72F7-4F63-9D72-52F67F049E18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C28BEF68-E78B-4EE4-9B52-E1EFEDF4A047}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{AFC8DD5D-CDAB-4CD3-BDD5-10F0188B48F3}D:\program files\payday 2\payday2_win32_release.exe] => (Allow) D:\program files\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{81F08164-E9FB-47AC-BA5F-4F23E522927D}D:\program files\payday 2\payday2_win32_release.exe] => (Allow) D:\program files\payday 2\payday2_win32_release.exe
FirewallRules: [{3DA9F1A8-90C1-4BE9-8C6F-C937AB3387F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Aura Kingdom\Launcher.exe
FirewallRules: [{09BD0F7D-2874-4B8F-9AB6-B8D0E537692C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Aura Kingdom\Launcher.exe
FirewallRules: [TCP Query User{D1BF9440-FF94-4557-96A2-93240F3CD205}C:\users\tommy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tommy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AE98DC66-7CE4-4B32-897B-50CD3D57CC0D}C:\users\tommy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tommy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6EE2037C-106D-4E7D-AC60-6450BA7D7EEB}C:\users\tommy\appdata\roaming\utorrent\updates\3.4.2_38913.exe] => (Block) C:\users\tommy\appdata\roaming\utorrent\updates\3.4.2_38913.exe
FirewallRules: [UDP Query User{1119AD76-C6FA-4399-8687-DD99E8112C0E}C:\users\tommy\appdata\roaming\utorrent\updates\3.4.2_38913.exe] => (Block) C:\users\tommy\appdata\roaming\utorrent\updates\3.4.2_38913.exe
FirewallRules: [{57232B7F-BF45-4913-8CE6-5C6A18FBF8E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{751A0C92-A081-4D40-858A-D2A7D871C939}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{E9E3FB64-65FF-44C7-8070-98575706C01B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{88501737-B190-454D-8F42-8EBA0139CCDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4D1F4AD0-3AD2-43B6-B661-A9ED1B430ACC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E1CC8A04-3703-46F5-BF96-E9ACB94F6E56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4855FA7B-0BBC-413F-B7FF-CE7DFEB49D81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{74E6487A-579D-46F6-9B89-E19B1033A0F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9010786F-AF1F-475E-83E6-F16130A88AED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8507DF5D-DB8B-4A93-9E8B-3157286B8AA1}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{65AFE27A-251B-455D-99E1-739F660A26EF}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{D310819B-7EC3-4A62-B16A-A93B58DE081E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{67E7A03F-7ED1-4554-BA05-6077926CA3C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4732E82D-9699-458C-A628-95224A5E643E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{59A2A302-CE0C-4011-BB80-CA440E379789}] => (Allow) LPort=2869
FirewallRules: [{F2ABAF52-569C-477C-8823-38A701FDC6EE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{7B809D7F-98DF-4830-A829-D4B8EAD49686}C:\program files (x86)\fuse\fuse.exe] => (Allow) C:\program files (x86)\fuse\fuse.exe
FirewallRules: [UDP Query User{B2A2CD74-EA57-49C2-846D-DBFF26D49A2E}C:\program files (x86)\fuse\fuse.exe] => (Allow) C:\program files (x86)\fuse\fuse.exe
FirewallRules: [{74729FA7-ECD6-4C93-A72E-9B7CA0BA2FD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3506FFA5-430A-4277-BB57-3AEF01F6B75F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2950C1F2-2B5A-4B97-8009-2F432DACBD61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4577347E-C96F-4AFF-9B0C-760E95ECAA56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{60343780-A80D-41AC-BEA3-7C6891BC9A72}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{42DD21FE-21C9-4150-8DF8-D2E8BD4D371D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{703CF73E-BB96-4418-9FA8-68878D1C32D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{5FF73358-4D1A-48C3-83AF-FDB0FF9E2558}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F654B89D-3A4E-4109-90BC-A5E5DB7E74E4}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{9A776C9F-431B-49E8-BF56-0097DE909B0F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{5671694B-E51B-41AD-865B-92C48521D296}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1AF835CF-CD2C-4672-94DD-1726C06E997C}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{260BDD13-C1C9-4A87-BD46-066598E64679}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{8A92CCC3-1677-4997-9726-F749EE809A8F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{21B61843-1CDD-4B2B-B079-1A1FA8184AC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{5DC475C4-EE71-4EDD-89E1-239F8EA549AE}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{3961F1BE-FE7B-4F54-8F18-ED09BCDE6526}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1651489F-E0A8-432E-9B90-BF3D3A23D242}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Edge Inspect CC\EdgeInspect.exe
FirewallRules: [{736FC26B-3BC7-4C60-A8E6-B9402726ECB5}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.7 (64 Bit)\FlashBuilder.exe
FirewallRules: [{4B5D873B-F70B-4850-A55B-CDA45B12F517}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.7 (64 Bit)\FlashBuilder.exe
FirewallRules: [{3DED8D66-2FB8-4353-BC15-0BFD0A37C6FC}] => (Allow) LPort=7935
FirewallRules: [{349C3B67-9BA1-4933-B05F-7888161FF1BA}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.7\FlashBuilder.exe
FirewallRules: [{C331501D-DC32-43C0-88FB-96FE99CEBBF3}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.7\FlashBuilder.exe
FirewallRules: [{E5D56A41-54AA-4FF8-A00F-6429FA8ABF7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{C70DEA19-79B5-40D6-AA4A-EC748336C507}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{16216773-F544-49F8-928B-DE01B0BCFF97}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{37A28359-DF4B-44E5-A39C-A76085C49C7B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{078B134A-74AE-4870-B324-3AB7F483B936}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{19CACAD2-5EBA-467D-9355-CBE97DC273E4}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7841C5EA-F664-48E6-A9A3-CE5A5B0707E8}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A0647C39-B47A-48BD-9111-74C7EAECF1B9}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{5A506AF5-DD19-49EE-9D37-FC063170123F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F658E9DB-D7BC-406C-A8FE-D9430B7544C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{1228E4EA-93F3-4931-B6DB-545444C79A52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B85BF90D-4EE4-4DAF-9151-0DCA6CE3571C}] => (Allow) C:\Users\tommy\AppData\Local\Temp\is-JTF38.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{DCDEFE8C-78B6-4F0F-9897-D5D56C549B2E}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{07D4D78E-7350-41C7-AF1F-BDA25D24FDF0}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2016 05:08:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Online.io Application; Error = 0x80070422).
 
Error: (10/12/2016 05:08:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Online.io Application; Error = 0x80070422).
 
Error: (10/12/2016 04:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe".
Dependent Assembly 5.7.15319.5,language="&#x2a;",type="win32",version="5.7.15319.5" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2016 04:53:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UCBrowser.exe, version: 5.7.15319.5, time stamp: 0x57bc1d7f
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc0000034
Fault offset: 0x0009d3c2
Faulting process ID: 0x1d18
Faulting application start time: 0x01d2240190e8c000
Faulting application path: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: d048d3bc-8ff4-11e6-82cf-50e549539ef8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/12/2016 04:52:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe".
Dependent Assembly 5.7.15319.5,language="&#x2a;",type="win32",version="5.7.15319.5" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2016 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a
Faulting module name: Acrobat.dll, version: 15.17.20053.63404, time stamp: 0x579a543e
Exception code: 0xc0000005
Fault offset: 0x00088f81
Faulting process ID: 0x5944
Faulting application start time: 0x01d223f2f82b3dcc
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.dll
Report ID: 3634f2ee-8fe6-11e6-82cf-50e549539ef8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/11/2016 09:41:01 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Data was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (10/11/2016 08:36:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Data was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (10/11/2016 08:01:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Data was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (10/11/2016 07:46:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Data was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
 
System errors:
=============
Error: (10/12/2016 06:35:57 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/12/2016 06:35:51 AM) (Source: DCOM) (EventID: 10005) (User: CK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2016-10-12 06:35:47.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 06:35:47.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:08:15.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:08:14.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:08:14.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:08:13.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:08:13.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:07:03.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:07:02.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 05:07:02.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16301.11 MB
Available physical RAM: 13098.25 MB
Total Virtual: 32685.11 MB
Available Virtual: 29744.99 MB
 
==================== Drives ================================
 
Drive c: (OS Only) (Fixed) (Total:465.66 GB) (Free:49.27 GB) NTFS
Drive d: (Applications) (Fixed) (Total:558.91 GB) (Free:125.13 GB) NTFS
Drive y: (OLD Win & Data ) (Fixed) (Total:2794.39 GB) (Free:682.89 GB) NTFS
Drive z: (Backup ) (Fixed) (Total:2794.39 GB) (Free:250.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6864085C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 7BFE3DEA)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6012BB34)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 18.6 GB) (Disk ID: 9E5DED23)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:11 PM

Posted 15 October 2016 - 06:56 PM

Greetings colourboo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:11 PM

Posted 15 October 2016 - 08:20 PM

Greetings and thank you for your patience.

Can you tell me if you are in Singapore?

Do you recognize C:\Users\tommy\Desktop\cherryex as a legitimate folder?

It appears the Steinberg Suite of software was obtained from an unreliable source and therefore those programs must be removed. I want to tell you your computer is heavily infected and as a result it is necessary to aggressively remove things from your computer. Unfortunately I must start off by advising you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Contextual Tool Yourprofitclub
Popcorn Time
Steinberg Cubase LE AI Elements 7
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg Groove Agent ONE Vintage Beatboxes
Steinberg HALion Sonic SE
Steinberg HALion Sonic SE Content for Cubase LE AI Elements
Steinberg Midi Loop Library
Steinberg REVerence Content 01
Steinberg Upload Manager
Steinberg VST Amp Rack Content 01
Traffic Exchange

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Boot into Safe Mode with Networking
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
closeprocesses:
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\tommy\AppData\Local\Temp\DeleteOnReboot.bat [13783 2016-10-12] () <===== ATTENTION
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\Run: [AdobeBridge] => [X]
C:\Users\tommy\AppData\Local\Temp\DeleteOnReboot.bat
HKU\S-1-5-21-3940477119-1322759601-2460558041-1001\...\MountPoints2: {120ece52-1dba-11e6-82bf-50e549539ef8} - "K:\Autoplay.exe" -auto
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: yourprofitclub -> {a12b8a71-d954-ed03-579f-24c120ca2bbd} -> C:\WINDOWS\SysWow64\5526a3c9.dll [2011-08-17] ()
C:\WINDOWS\SysWow64\5526a3c9.dll
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=39c5a2dfa78518c4b7d4dcbg4zcmbq8o3g5bat5o3c&from=clc&uid=SamsungXSSDX850XEVOX500GB_S21GNWAG703143T&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Profile: C:\Users\tommy\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-12] <==== ATTENTION
S2 Coigertionsherwesh; C:\Program Files (x86)\Nizght\wegetckusetionmng.dll [X]
2090-12-09 05:40 - 2090-12-09 05:40 - 00000000 ____D C:\Users\tommy\Documents\VST3 Presets
2090-12-09 05:40 - 2090-12-09 05:40 - 00000000 ____D C:\Users\tommy\Documents\Steinberg
2090-12-09 05:40 - 2090-12-09 05:40 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 7 32bit
2090-12-09 05:39 - 2090-12-09 05:42 - 00000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2090-12-09 05:39 - 2090-12-09 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2090-12-09 05:39 - 2090-12-09 05:39 - 00000000 ____D C:\Program Files\eLicenser
2090-12-09 05:39 - 2090-12-09 05:39 - 00000000 ____D C:\Program Files (x86)\Syncrosoft
2090-12-09 05:39 - 2090-12-09 05:39 - 00000000 ____D C:\Program Files (x86)\eLicenser
2090-12-09 05:39 - 2012-12-07 23:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\Windows\system32\SYNSOACC.dll
2090-12-09 05:39 - 2012-12-07 23:48 - 01277952 _____ (Steinberg Media Technologies GmbH) C:\Windows\SysWOW64\SYNSOACC.dll
2090-12-09 05:39 - 2011-12-15 03:21 - 00086016 _____ C:\Windows\SysWOW64\SYNSOPOS.exe
2090-12-09 05:36 - 2090-12-09 05:36 - 00000000 ____D C:\Users\tommy\AppData\Local\eLicenser
2090-12-09 05:35 - 2090-12-09 05:35 - 00002892 _____ () C:\Windows\SysWOW64\audcon.sys
2090-12-09 05:35 - 2090-12-09 05:35 - 00000000 ____D C:\ProgramData\Syncrosoft
2016-10-12 04:49 - 2016-10-12 04:49 - 00008860 _____ C:\Windows\System32\Tasks\Rercotain Server
2016-10-12 04:49 - 2016-10-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network
2016-10-12 04:48 - 2016-10-12 05:15 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Clubesh
2016-10-12 04:48 - 2016-10-12 04:50 - 00000000 ____D C:\Users\tommy\AppData\Local\Vivert
2016-10-12 04:46 - 2016-10-12 04:46 - 00000000 ____D C:\Users\Public\QiYi
2016-10-12 04:45 - 2016-10-12 04:45 - 00000000 _____ C:\TOSTACK
2016-10-12 04:44 - 2016-10-12 06:28 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-10-12 04:44 - 2016-10-12 04:44 - 00001567 _____ C:\Users\tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-10-12 04:44 - 2016-10-12 04:44 - 00000000 ____D C:\Users\tommy\AppData\Local\UCBrowser
2016-10-12 04:43 - 2016-10-12 04:43 - 00003640 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2016-10-12 04:43 - 2016-10-12 04:43 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2016-10-12 04:43 - 2016-10-12 04:43 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2016-10-12 04:43 - 2016-10-12 04:43 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
2016-10-12 04:43 - 2016-10-12 04:43 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Microleaves
2016-10-12 04:40 - 2016-10-12 04:40 - 00000000 ____D C:\Users\tommy\AppData\Roaming\PDAppFlex
2090-12-09 05:40 - 2014-12-09 05:32 - 00000000 ____D C:\Users\tommy\AppData\Roaming\Steinberg
2090-12-09 05:39 - 2014-12-07 22:27 - 00000000 ____D C:\ProgramData\eLicenser
2090-12-09 05:35 - 2014-12-07 22:27 - 00000000 ____D C:\ProgramData\Steinberg
C:\Users\tommy\AppData\Local\Temp\Browser_V5.6.14087.902_f_4674_(Build1608021049).exe
C:\Users\tommy\AppData\Local\Temp\Browser_V5.7.15319.5_r_4722_(Build1608291541).exe
C:\Users\tommy\AppData\Local\Temp\E0D2BLGIPR.exe
C:\Users\tommy\AppData\Local\Temp\KuaiZip.exe
C:\Users\tommy\AppData\Local\Temp\setup.exe
C:\Users\tommy\AppData\Local\Temp\setup_5351.exe
C:\Users\tommy\AppData\Local\Temp\xzqiku_BD_FXKJ18.exe
C:\Users\tommy\AppData\Local\Temp\youkuclient_setup_external_7.0.5.9226.exe
Task: {28FD36FA-1756-425D-8AFA-E3886B35140E} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {5B7B2349-81F8-4D57-93BE-92E471B3EF07} - System32\Tasks\Rercotain Server => C:\Program Files (x86)\Nizght\ckucpy.exe
C:\Program Files (x86)\Nizght
Task: {641BFF13-899B-425A-9488-A802E8D9498D} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {6A78B859-B60D-4655-AD91-6A52F86CC8C5} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe
C:\Program Files (x86)\Microleaves
Task: {B034A5A8-7B02-44FD-BE86-679CC0E9BC01} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt to boot your computer into Normal Boot
===================================================

Please rerun AdwCleaner and delete all the identified entries. Copy and paste the report in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Were the programs successfully removed?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Edited by Oh My!, 15 October 2016 - 08:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:11 PM

Posted 18 October 2016 - 03:00 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:11 PM

Posted 20 October 2016 - 08:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users