Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After deleting files from Emsisoft scan I get "cannot open application" popups


  • This topic is locked This topic is locked
7 replies to this topic

#1 A10M

A10M

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 05 November 2016 - 10:52 PM

I was having a problem after starting my computer and logging in I would encounter a black screen and the cursor with no programs loading. After going into safe mode and restarting I got it to work and download Emsisoft. I did a scan, quarantined the files and everything seemed to be good. After a couple hours, I got a popup that said there was an application error (I think NVIDIA related). A couple hours after that, I tried to open a new tab in Chrome and it wouldn't work so I tried to open Firefox and got the same application error. Then I tried to open a few other programs and they all got the same error. I restarted my computer, got the black screen and cursor again, rebooted in safe mode, rebooted again and that's where I am now. Please let me know how I can fix this. Here's my FRST file:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by AM (administrator) on ANDREW (06-11-2016 11:03:35)
Running from C:\Users\AM\Downloads
Loaded Profiles: AM (Available Profiles: AM)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkcmsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Spotify Ltd) C:\Users\AM\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(iniLINE Co., Ltd.) C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(ZUM internet Corp.) C:\Users\AM\AppData\Local\SwingBrowser\Application\swingbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-01] (Intel Corporation)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1710568 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [7838392 2016-10-27] (Emsisoft Ltd)
HKLM\...\Run: [AhnLab Safe Transaction Application] => "C:\Program Files\AhnLab\Safe Transaction\stsess.exe" /tray
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25424008 2016-10-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwingBox] => C:\Users\AM\AppData\Local\SwingBrowser\Application\starter.exe [407832 2015-07-08] (ZUM internet Corp.)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1413352 2015-08-30] (WIZVERA)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4277896 2013-12-24] (Plex, Inc.)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [Google Update] => C:\Users\AM\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [Spotify Web Helper] => C:\Users\AM\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-30] (Spotify Ltd)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [CPN Notifier] => C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [IniCrossExSvc] => C:\Program Files (x86)\INITECH\INISAFE Web EX Client\INISAFECrossWebEXSvc.exe [2662000 2016-09-30] ()
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Run: [CrossEXService] => C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe [1414168 2016-07-14] (iniLINE Co., Ltd.)
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.123.254
Tcpip\..\Interfaces\{6b25f7d8-847e-4683-ac43-8819cc4cc503}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{6f617ace-bd00-4ba5-a5bf-0fd778eec1ec}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{a56e44c3-a237-4a88-8887-270685c8f35d}: [NameServer] 8.8.8.8,8.8.4.4,172.18.13.1,172.18.12.1,172.18.11.1,172.18.10.1
Tcpip\..\Interfaces\{a56e44c3-a237-4a88-8887-270685c8f35d}: [DhcpNameServer] 192.168.123.254
Tcpip\..\Interfaces\{a89e62c4-8d94-4b7b-a84f-712cb60ff3d7}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{B8C44DAE-0C3C-402C-AD3E-D9F7FC4A17DE}: [DhcpNameServer] 172.18.13.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3343802408-3034550604-896918693-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3343802408-3034550604-896918693-1002 -> {2E2D9504-8A51-4329-A8C0-2C16F56FF36F} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} 
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {39461460-2552-4D51-A062-3AB6A7B902E9} hxxp://www.busanbank.co.kr/shttp/install/down/INIS70.cab
DPF: HKLM-x32 {39DDFF44-453E-4098-A507-8E97B029E2BD} hxxps://pg.firstdatacorp.co.kr/public/downloads/FDPlugin.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\AM\AppData\Local\Temp\035233175828\TouchEnKey_Installer_32bit.exe
DPF: HKLM-x32 {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} hxxp://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} hxxp://update.nprotect.net/netizenv55/bank/busanbank/npenkIEInstall5.cab
Handler-x32: crosswebex - {3381699e-bb5d-11e5-97b6-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.880\CrossEXProtocol.dll [2016-01-15] (iniLINE Co., Ltd.)
Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2014-10-05] (© INITECH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler-x32: touchenex - {c87e3662-41cb-11e6-91b1-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.964\CrossEXProtocol.dll [2016-07-04] (iniLINE Co., Ltd.)
 
FireFox:
========
FF ProfilePath: C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Profiles\ey0e2qyh.default [2016-11-06]
FF Homepage: Mozilla\Firefox\Profiles\ey0e2qyh.default -> www.google.com
FF Extension: (INISAFE CrossWeb) - C:\Users\AM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B} [2014-11-13] [not signed]
FF Extension: (Dictionary Extension) - C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Profiles\ey0e2qyh.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2016-04-28]
FF Extension: (Greenhouse) - C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Profiles\ey0e2qyh.default\Extensions\jid1-IqdNyIAxnc724Q@jetpack.xpi [2015-02-07] [not signed]
FF Extension: (NoSquint) - C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Profiles\ey0e2qyh.default\Extensions\nosquint@urandom.ca.xpi [2016-04-28]
FF Extension: (uBlock Origin) - C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Profiles\ey0e2qyh.default\Extensions\uBlock0@raymondhill.net.xpi [2016-10-28]
FF Extension: (LeechBlock) - C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Profiles\ey0e2qyh.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-08-26]
FF HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: (INISAFE SandBox) - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2015-09-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2014-11-13] (Interezen © Interezen.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @nprotect.com/npEfdsWPlugin -> C:\Users\AM\AppData\LocalLow\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll [2014-03-25] (INCA Internet Co., Ltd)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @raonsecure.com/npKSCertRelay -> C:\Program Files (x86)\KeySharp\kscertrelay\npKSCertRelay.dll [2016-05-29] (RaonSecure Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wizvera.com/npverain -> C:\Program Files (x86)\Wizvera\Verain\npverain.dll [2011-05-30] (Wizvera)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-08-30] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.880\npinilinecrosswebex.dll [2016-01-15] (iniLINE Co., Ltd.)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.964\npraontouchenex.dll [2016-07-04] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @iniline.com/npCrossWeb -> C:\Users\AM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll [2015-06-01] (INITECH Co., Ltd.)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10058.dll [2015-09-25] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @kcp.co.kr/plugin_hub;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPHubPlugin.dll [2013-10-25] (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @raonsecure.com/npKSCertRelay -> C:\Program Files (x86)\KeySharp\kscertrelay\npKSCertRelay.dll [2016-05-29] (RaonSecure Co., Ltd.)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @tools.google.com/Google Update;version=3 -> C:\Users\AM\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @tools.google.com/Google Update;version=9 -> C:\Users\AM\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3343802408-3034550604-896918693-1002: @www.inicis.com/application/x-INIwallet61-INICIS -> C:\Program Files (x86)\INICIS61\plugins\npINIwallet61.dll [2015-08-06] (INICIS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npINISAFEWeb60.dll [2015-06-22] (INITECH ©)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch","hxxps://www.google.com/"
CHR Profile: C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
CHR Extension: (Google Docs) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (internet Download Manager For Chrome) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhjobkfabeopalncconblmakfcllmhk [2016-10-28]
CHR Extension: (YouTube) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (uBlock Origin) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-28]
CHR Extension: (Google Search) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2016-11-05]
CHR Extension: (Video Downloader professional) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-19]
CHR Extension: (Google Docs Offline) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (StayFocusd) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-07-20]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2016-10-28]
CHR Extension: (Gmail) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\AM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9388576 2016-10-27] (Emsisoft Ltd)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
S2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-04-18] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-23] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [676832 2015-06-25] (AhnLab, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 npkcmsvc; C:\WINDOWS\SysWOW64\npkcmsvc.exe [209672 2013-10-24] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SafeTransactionSVC; C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe [681120 2016-08-30] (AhnLab, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [36352 2015-09-04] ()
S3 vmicguestinterface; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [376984 2016-11-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)
S2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [3068768 2015-08-11] (WIZVERA)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AhnFlt2K; C:\WINDOWS\system32\drivers\AhnFlt2K.sys [84048 2015-09-03] (AhnLab, Inc.)
S3 AhnRec2K; C:\WINDOWS\system32\drivers\AhnRec2K.sys [36280 2015-09-03] (AhnLab, Inc.)
R3 AhnRghNt; C:\WINDOWS\system32\drivers\AhnRghNt.sys [78752 2016-08-25] (AhnLab, Inc.)
R2 AMonCDW8; C:\WINDOWS\system32\Drivers\AMonCDW8.sys [205560 2016-08-25] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [52920 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [191032 2015-10-27] (AhnLab, Inc.)
R3 AntiStealth_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys [62720 2016-08-25] (AhnLab, Inc.)
R3 AntiStealth_SafeTransactionF; C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys [200832 2016-08-25] (AhnLab, Inc.)
S3 ascrts_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\asc\ascrts.sys [4048752 2016-10-17] (AhnLab, Inc.)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [325168 2015-10-27] (AhnLab, Inc.)
R3 ATamptNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\ATamptNt.sys [342768 2016-08-25] (AhnLab, Inc.)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R3 Cdm2DrNt; C:\WINDOWS\system32\Drivers\Cdm2DrNt.sys [108496 2016-08-25] (AhnLab, Inc.)
S3 CdmDrvNt; C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124304 2016-10-05] (Emsisoft Ltd)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
R3 HSBDrv64; C:\WINDOWS\System32\drivers\HSBDrv64.sys [140088 2016-08-25] (AhnLab, Inc.)
S3 JRSKD24; C:\WINDOWS\system32\JRSKD24.SYS [29280 2016-09-30] (RaonSecure Co., Ltd.)
R3 JRSUKD25; C:\WINDOWS\system32\JRSUKD25.SYS [30880 2016-09-30] (RaonSecure Co., Ltd.)
S3 kck64; C:\WINDOWS\system32\kck64.sys [101152 2016-09-01] (Kings Information & Network)
S3 kcrtx64; C:\WINDOWS\system32\kcrtx64.sys [141848 2015-11-20] (Kings Information & Network)
S3 L6UX2; C:\WINDOWS\System32\Drivers\L6UX264.sys [772864 2013-07-12] (Line 6)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-05] (Malwarebytes)
R3 MeDCoreD_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys [996640 2016-08-26] (AhnLab, Inc.)
R3 MeDVpDrv_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys [568096 2016-08-26] (AhnLab, Inc.)
S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-16] (AhnLab, Inc.)
S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-16] (AhnLab, Inc.)
S3 Mkd2Bthf; C:\WINDOWS\System32\drivers\Mkd2Bthf.sys [117712 2016-08-25] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\WINDOWS\System32\drivers\Mkd2Nadr.sys [157672 2016-08-25] (AhnLab, Inc.)
R3 Mkd3kfNt; C:\WINDOWS\System32\drivers\Mkd3kfNt.sys [219624 2016-08-25] (AhnLab, Inc.)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 NPFW; C:\WINDOWS\system32\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\WINDOWS\SysWOW64\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\WINDOWS\system32\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\WINDOWS\SysWOW64\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)
S3 npkcft64; C:\WINDOWS\SysWOW64\npkcft64.sys [51464 2014-03-25] (INCA Internet Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [51560 2016-10-27] ()
R3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21872 2016-10-27] (SoftCamp)
S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [100720 2016-10-27] (SoftCamp)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2014-09-29] (The OpenVPN Project)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [162752 2015-08-21] (AhnLab, Inc.)
S3 TNFwNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys [172816 2016-08-25] (AhnLab, Inc.)
S3 TNHipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNHipsNt.sys [162720 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [202544 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys [213352 2016-08-25] (AhnLab, Inc.)
S3 TSFLTDRV_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TSFLTDRV.sys [315088 2016-08-25] (AhnLab, Inc.)
S3 V3ElamDr; C:\WINDOWS\System32\drivers\V3ElamDr.sys [24648 2014-09-23] (AhnLab, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-06 10:52 - 2016-11-06 10:52 - 00000000 ___HD C:\$49,4i7E
2016-11-05 23:55 - 2016-11-06 00:00 - 00000000 ____D C:\Users\AM\Desktop\External Hard Drive Files
2016-11-05 19:52 - 2016-11-05 19:52 - 00000144 _____ C:\Users\AM\Desktop\style.css
2016-11-05 18:03 - 2016-11-05 18:03 - 00000000 ____D C:\Users\AM\Downloads\The.Fog.of.War.2003.720p.WEB-DL.H264-CtrlHD [PublicHD]
2016-11-05 18:02 - 2016-11-05 18:27 - 734846976 _____ C:\Users\AM\Downloads\Fog of War - Eleven Lessons from the Life of Robert S McNamara (XviDVD).avi
2016-11-05 17:00 - 2016-11-05 17:00 - 00000000 ___HD C:\Users\AM\Documents\$49,4i7E
2016-11-05 13:03 - 2016-11-05 19:57 - 00000460 _____ C:\Users\AM\Desktop\My webpage.html
2016-11-05 11:21 - 2016-11-06 10:57 - 00003312 _____ C:\WINDOWS\System32\Tasks\IORRT
2016-11-05 10:55 - 2016-11-06 10:49 - 01158376 _____ C:\WINDOWS\ntbtlog.txt
2016-11-05 10:55 - 2016-11-06 10:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-05 09:37 - 2016-11-05 09:37 - 00000000 ____D C:\ProgramData\Emsisoft
2016-11-05 02:04 - 2016-11-05 02:04 - 00000948 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-11-05 02:04 - 2016-11-05 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-11-05 02:03 - 2016-11-06 10:53 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-05 02:01 - 2016-11-05 02:02 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\AM\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-11-04 20:23 - 2016-11-06 11:03 - 00000000 ____D C:\Users\AM\Downloads\FRST-OlderVersion
2016-10-30 23:24 - 2016-10-30 23:24 - 00000218 _____ C:\Users\AM\AppData\Local\recently-used.xbel
2016-10-30 13:13 - 2016-10-30 13:13 - 00000000 ____D C:\Users\AM\Downloads\ResizeEnable
2016-10-30 13:12 - 2016-10-30 13:12 - 00042994 _____ C:\Users\AM\Downloads\ResizeEnable.zip
2016-10-30 13:03 - 2016-10-30 13:03 - 00000973 _____ C:\Users\Public\Desktop\Sizer.lnk
2016-10-30 13:03 - 2016-10-30 13:03 - 00000000 ____D C:\Program Files (x86)\Sizer
2016-10-30 13:02 - 2016-10-30 13:02 - 00080341 _____ C:\Users\AM\Downloads\Jason Becker - Air (guitar pro) (1).gp5
2016-10-30 12:58 - 2016-10-30 12:59 - 00188416 _____ C:\Users\AM\Downloads\sizer334.msi
2016-10-28 20:50 - 2016-11-05 09:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-28 03:08 - 2016-10-28 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-24 22:06 - 2016-10-24 22:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-10-24 22:06 - 2016-10-24 22:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-10-24 22:06 - 2016-10-24 22:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-10-24 22:06 - 2016-10-24 22:06 - 00041576 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-10-18 16:14 - 2016-10-18 16:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-10-16 19:38 - 2016-10-16 19:38 - 00164720 ____R (RaonSecure Co., Ltd.) C:\WINDOWS\SysWOW64\CKAgent.exe
2016-10-16 19:38 - 2016-10-16 19:38 - 00164720 ____R (RaonSecure Co., Ltd.) C:\WINDOWS\system32\CKAgent.exe
2016-10-15 15:22 - 2016-10-15 15:22 - 00080341 _____ C:\Users\AM\Downloads\Jason Becker - Air (guitar pro).gp5
2016-10-14 21:05 - 2016-10-14 21:05 - 00000000 ____D C:\ProgramData\Guitar Pro 6
2016-10-14 21:04 - 2016-10-14 21:04 - 03390871 _____ C:\Users\AM\Downloads\SH_Conquering-Dystopia.zip
2016-10-13 20:24 - 2016-10-13 20:24 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-10-13 20:24 - 2016-10-13 20:24 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-10-13 20:24 - 2016-10-13 20:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-10-13 20:24 - 2016-10-13 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-10-13 20:23 - 2016-10-13 20:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-13 20:23 - 2016-10-13 20:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-13 20:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-10-13 20:20 - 2016-10-13 20:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\AM\Downloads\spybot-2.4.exe
2016-10-12 23:32 - 2016-10-05 16:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-12 23:32 - 2016-10-05 16:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-12 23:32 - 2016-10-05 16:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-12 23:32 - 2016-10-05 16:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-12 23:32 - 2016-10-05 16:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-12 23:32 - 2016-10-05 16:01 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-12 23:32 - 2016-10-05 13:10 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 23:32 - 2016-10-05 13:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 23:32 - 2016-10-05 12:10 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 23:32 - 2016-10-05 12:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 23:32 - 2016-10-05 11:50 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-12 23:32 - 2016-10-05 11:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 23:32 - 2016-10-05 11:39 - 24611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 23:32 - 2016-10-05 11:33 - 14255104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 23:32 - 2016-10-05 11:26 - 07836672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 23:32 - 2016-10-05 11:13 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 23:32 - 2016-10-05 11:13 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-12 23:32 - 2016-10-05 11:06 - 12587008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 23:32 - 2016-10-05 11:01 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 23:32 - 2016-09-17 16:45 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-12 23:32 - 2016-09-17 15:45 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-12 23:31 - 2016-10-05 16:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-12 23:31 - 2016-10-05 15:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-10-12 23:31 - 2016-10-05 13:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 23:31 - 2016-10-05 12:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 23:31 - 2016-10-05 11:55 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 23:31 - 2016-10-05 11:39 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 23:31 - 2016-10-05 11:27 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 23:31 - 2016-09-17 15:22 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-12 23:30 - 2016-10-05 16:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-12 23:30 - 2016-10-05 12:55 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 23:29 - 2016-10-05 11:13 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 23:28 - 2016-10-05 16:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-12 23:28 - 2016-10-05 16:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 23:28 - 2016-10-05 16:18 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 23:28 - 2016-10-05 16:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 23:28 - 2016-10-05 16:18 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 23:28 - 2016-10-05 16:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 23:28 - 2016-10-05 15:17 - 03693064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 23:28 - 2016-10-05 15:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-10-12 23:28 - 2016-10-05 15:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 23:28 - 2016-10-05 14:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-10-12 23:28 - 2016-10-05 14:39 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-12 23:28 - 2016-10-05 14:39 - 00576856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-12 23:28 - 2016-10-05 14:38 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-12 23:28 - 2016-10-05 14:38 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-12 23:28 - 2016-10-05 14:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-12 23:28 - 2016-10-05 14:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-10-12 23:28 - 2016-10-05 14:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-12 23:28 - 2016-10-05 14:23 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-12 23:28 - 2016-10-05 14:08 - 02937896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 23:28 - 2016-10-05 14:05 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-10-12 23:28 - 2016-10-05 14:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-10-12 23:28 - 2016-10-05 14:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-12 23:28 - 2016-10-05 13:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-12 23:28 - 2016-10-05 13:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-10-12 23:28 - 2016-10-05 13:33 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-12 23:28 - 2016-10-05 13:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-12 23:28 - 2016-10-05 13:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-12 23:28 - 2016-10-05 13:27 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2016-10-12 23:28 - 2016-10-05 13:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-10-12 23:28 - 2016-10-05 13:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-12 23:28 - 2016-10-05 13:18 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-12 23:28 - 2016-10-05 13:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-10-12 23:28 - 2016-10-05 13:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-12 23:28 - 2016-10-05 13:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2016-10-12 23:28 - 2016-10-05 13:07 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-10-12 23:28 - 2016-10-05 13:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 23:28 - 2016-10-05 13:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 23:28 - 2016-10-05 13:02 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 23:28 - 2016-10-05 13:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 23:28 - 2016-10-05 12:57 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-10-12 23:28 - 2016-10-05 12:40 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-12 23:28 - 2016-10-05 12:29 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 23:28 - 2016-10-05 12:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-10-12 23:28 - 2016-10-05 12:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2016-10-12 23:28 - 2016-10-05 12:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 23:28 - 2016-10-05 12:04 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 23:28 - 2016-10-05 12:04 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 23:28 - 2016-10-05 11:59 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 23:28 - 2016-10-05 11:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 23:28 - 2016-10-05 11:39 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 23:28 - 2016-10-05 11:22 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 23:28 - 2016-09-27 11:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-12 23:28 - 2016-09-17 16:28 - 03077120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 23:28 - 2016-09-17 15:43 - 02552832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 23:28 - 2016-06-18 13:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-10-12 23:27 - 2016-10-05 16:20 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 23:27 - 2016-10-05 16:20 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 23:27 - 2016-10-05 15:09 - 00604920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-12 23:27 - 2016-10-05 13:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-10-12 23:27 - 2016-10-05 13:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2016-10-12 23:27 - 2016-10-05 13:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-10-12 23:27 - 2016-10-05 13:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 23:27 - 2016-10-05 13:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-12 23:27 - 2016-10-05 13:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-12 23:27 - 2016-10-05 13:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 23:27 - 2016-10-05 13:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-12 23:27 - 2016-10-05 13:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 23:27 - 2016-10-05 13:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-10-12 23:27 - 2016-10-05 13:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 23:27 - 2016-10-05 12:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-10-12 23:27 - 2016-10-05 12:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2016-10-12 23:27 - 2016-10-05 12:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 23:27 - 2016-10-05 12:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-12 23:27 - 2016-10-05 12:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-12 23:27 - 2016-10-05 12:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-12 23:27 - 2016-10-05 12:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-10-12 23:27 - 2016-10-05 12:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 23:27 - 2016-10-05 12:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-10-12 23:27 - 2016-10-05 12:14 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-12 23:27 - 2016-10-05 11:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-12 23:27 - 2016-10-01 11:16 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 23:27 - 2016-09-17 17:08 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-12 23:27 - 2016-09-17 16:12 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-12 23:27 - 2016-06-18 13:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-10-12 23:27 - 2016-06-18 13:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-10-12 23:27 - 2016-06-18 13:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-10-12 21:20 - 2016-10-12 21:36 - 1374006956 _____ C:\Users\AM\Downloads\Enron.The.Smartest.Guys.in.the.Room.2005.Docu.DVDRip.XviD.avi
2016-10-12 21:13 - 2016-10-12 21:13 - 00002054 _____ C:\Users\Public\Desktop\Cat-A-Cat Games.lnk
2016-10-12 21:13 - 2016-10-12 21:13 - 00001446 _____ C:\Users\Public\Desktop\Tony Hawks Pro Skater HD.lnk
2016-10-10 01:37 - 2016-10-10 01:37 - 00000000 ____D C:\Users\AM\AppData\Roaming\EfficientPIM
2016-10-10 01:37 - 2016-10-10 01:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efficient Diary Pro
2016-10-10 01:37 - 2016-10-10 01:37 - 00000000 ____D C:\Program Files (x86)\Efficient Diary Pro
2016-10-10 01:34 - 2016-10-10 01:36 - 16724944 _____ ( ) C:\Users\AM\Downloads\EfficientDiaryPro-Setup.exe
 
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-06 11:04 - 2016-09-22 21:48 - 00042189 _____ C:\Users\AM\Downloads\FRST.txt
2016-11-06 11:03 - 2016-09-22 21:48 - 00000000 ____D C:\FRST
2016-11-06 11:03 - 2016-09-22 21:47 - 02409984 _____ (Farbar) C:\Users\AM\Downloads\FRST64.exe
2016-11-06 10:57 - 2015-10-30 16:21 - 00000000 ____D C:\WINDOWS\INF
2016-11-06 10:57 - 2015-08-23 13:39 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-06 10:55 - 2015-08-05 23:18 - 00000000 ___RD C:\Users\AM\Dropbox
2016-11-06 10:54 - 2015-09-03 20:30 - 00000000 ____D C:\Users\AM\AppData\LocalLow\Log
2016-11-06 10:54 - 2014-02-01 06:27 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-11-06 10:52 - 2015-08-23 16:48 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-06 10:51 - 2015-08-05 23:16 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-06 10:49 - 2015-12-16 00:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-06 10:49 - 2015-12-15 23:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-06 10:49 - 2015-10-30 15:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-11-06 10:29 - 2015-10-30 16:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-06 10:27 - 2016-09-18 15:27 - 00000000 ____D C:\ProgramData\MFAData
2016-11-06 10:26 - 2015-08-05 23:16 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-06 10:26 - 2014-01-18 06:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-06 10:23 - 2015-08-23 16:48 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-06 10:18 - 2014-03-07 20:01 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3343802408-3034550604-896918693-1002UA.job
2016-11-06 09:19 - 2014-03-07 20:01 - 00000858 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3343802408-3034550604-896918693-1002Core.job
2016-11-06 09:15 - 2015-09-03 20:31 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-05 23:55 - 2014-01-18 07:31 - 00000000 ____D C:\Users\AM\AppData\Roaming\vlc
2016-11-05 21:39 - 2015-10-30 16:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-05 19:54 - 2016-09-21 18:09 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2016-11-05 14:36 - 2015-12-22 14:13 - 00000000 ____D C:\ProgramData\tmp
2016-11-05 14:25 - 2015-02-26 17:57 - 00000000 ____D C:\Users\AM\Documents\Youcam
2016-11-05 14:21 - 2015-08-05 23:16 - 00003974 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-05 14:21 - 2015-08-05 23:16 - 00003742 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-05 11:14 - 2015-12-31 19:16 - 00000000 ____D C:\Users\AM\AppData\Local\ElevatedDiagnostics
2016-11-05 11:12 - 2015-06-17 18:46 - 00000000 ____D C:\Users\AM\AppData\Local\Spotify
2016-11-05 11:12 - 2015-06-17 18:45 - 00000000 ____D C:\Users\AM\AppData\Roaming\Spotify
2016-11-05 11:11 - 2016-01-13 17:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 11:11 - 2014-01-21 23:26 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-05 11:05 - 2016-09-18 15:15 - 00000000 ____D C:\Users\AM\AppData\Local\AvgSetupLog
2016-11-05 10:39 - 2015-09-02 17:58 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2016-11-05 09:47 - 2014-01-18 05:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-05 09:43 - 2015-12-15 23:49 - 00000000 ____D C:\Users\AM
2016-11-05 00:25 - 2015-08-29 11:05 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13BD4A1B-249F-43AF-AD44-ED9F8D31A5C6}
2016-11-04 19:42 - 2015-10-30 16:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-11-04 19:40 - 2015-02-05 17:28 - 00000320 _____ C:\WINDOWS\SysWOW64\KvpVer.tbl
2016-11-04 19:39 - 2015-08-12 17:50 - 03060616 _____ (SoftCamp Co.,Ltd.) C:\WINDOWS\SysWOW64\SCSKMemLink.dll
2016-11-04 19:39 - 2014-07-08 09:51 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\WINDOWS\SysWOW64\SCSKLoader.exe
2016-11-03 20:19 - 2014-01-18 13:06 - 00000000 ____D C:\Users\AM\AppData\Local\Google
2016-11-02 05:25 - 2015-08-23 16:48 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-02 05:25 - 2015-08-23 16:48 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-01 21:35 - 2015-01-17 21:16 - 00000000 ____D C:\Users\AM\AppData\Roaming\TunnelBear
2016-11-01 14:46 - 2016-09-18 15:21 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-11-01 14:46 - 2016-09-18 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-10-31 17:27 - 2014-01-19 17:59 - 00000000 ____D C:\Users\AM\AppData\Roaming\Skype
2016-10-31 13:59 - 2015-10-30 15:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-10-30 09:26 - 2016-01-13 17:59 - 00000000 ____D C:\Users\AM\AppData\Roaming\deluge
2016-10-28 21:22 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-28 03:08 - 2015-08-05 23:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-27 19:06 - 2016-09-08 19:30 - 00337920 _____ (TODO: <회사 이름>) C:\WINDOWS\SysWOW64\SCSKUSB64Restarter.exe
2016-10-27 19:06 - 2016-08-25 21:32 - 00100720 _____ (SoftCamp) C:\WINDOWS\SysWOW64\Drivers\scskusbs.sys
2016-10-27 19:06 - 2016-08-25 21:32 - 00021872 _____ (SoftCamp) C:\WINDOWS\SysWOW64\Drivers\scskusbf.sys
2016-10-27 19:06 - 2015-06-18 19:59 - 00051560 _____ C:\WINDOWS\SysWOW64\Drivers\SCSK5.sys
2016-10-27 12:26 - 2015-10-30 16:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-27 12:26 - 2015-10-30 16:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-27 12:26 - 2015-09-03 20:31 - 00003958 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-25 06:56 - 2015-10-30 16:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-25 06:56 - 2015-10-30 16:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-24 19:54 - 2015-04-21 20:14 - 00000000 ____D C:\Users\AM\Documents\REAPER Media
2016-10-23 07:11 - 2016-09-18 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-23 03:05 - 2014-02-13 10:57 - 00000000 ____D C:\Users\AM\Documents\Tabs
2016-10-20 03:45 - 2014-01-18 05:51 - 00000000 ____D C:\Users\AM\AppData\Local\Packages
2016-10-18 16:12 - 2016-09-18 15:16 - 00000000 ____D C:\Users\AM\AppData\Local\Avg
2016-10-17 20:40 - 2014-11-13 22:47 - 03946096 _____ (AhnLab, Inc.) C:\WINDOWS\system32\btscan.exe
2016-10-16 19:01 - 2016-08-25 21:32 - 00021872 _____ (SoftCamp) C:\WINDOWS\SysWOW64\Drivers\scskusbf.sys_bak
2016-10-16 09:00 - 2014-03-14 20:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-15 17:15 - 2014-01-18 13:16 - 00000000 ____D C:\Users\AM\Downloads\Video
2016-10-15 03:52 - 2015-10-30 16:24 - 00000000 ____D C:\WINDOWS\rescache
2016-10-14 21:48 - 2015-08-15 21:05 - 00000000 ____D C:\Program Files (x86)\PokerStars
2016-10-14 21:46 - 2016-03-12 07:41 - 00000000 ____D C:\Users\AM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
2016-10-14 21:46 - 2015-08-15 21:06 - 00000000 ____D C:\Users\AM\AppData\Local\PokerStars
2016-10-14 21:46 - 2015-08-15 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2016-10-14 21:33 - 2014-06-21 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-14 21:32 - 2014-06-21 16:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-14 21:32 - 2014-06-21 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-14 21:29 - 2015-10-30 16:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-14 15:52 - 2016-09-22 22:15 - 00000000 ____D C:\ProgramData\firebird
2016-10-14 07:21 - 2014-01-18 21:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-14 03:10 - 2015-12-15 23:36 - 00242136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-14 03:03 - 2015-10-30 16:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-14 03:03 - 2015-10-30 16:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-13 23:32 - 2014-01-18 17:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-13 23:19 - 2014-01-18 17:05 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-12 21:13 - 2015-09-13 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tony Hawks Pro Skater HD
2016-10-12 21:13 - 2015-09-13 15:02 - 00000000 ____D C:\Program Files (x86)\Tony Hawks Pro Skater HD
2016-10-10 21:52 - 2014-01-19 10:30 - 00000000 ____D C:\Users\AM\Documents\Efficient Organizer AutoBackup
2016-10-07 20:52 - 2015-08-05 22:41 - 00000000 ___RD C:\Users\AM\iCloudDrive
2016-10-07 20:01 - 2016-09-24 12:46 - 00012482 _____ C:\Users\AM\Downloads\Fixlog.txt
2016-10-07 19:55 - 2016-09-22 21:51 - 00081262 _____ C:\Users\AM\Downloads\Addition.txt
 
==================== Files in the root of some directories =======
 
2015-07-03 17:46 - 2016-10-05 17:37 - 0000096 _____ () C:\Users\AM\AppData\Roaming\Camdata.ini
2015-07-03 17:46 - 2016-10-05 17:37 - 0000408 _____ () C:\Users\AM\AppData\Roaming\CamLayout.ini
2015-07-03 17:46 - 2016-10-05 17:37 - 0000408 _____ () C:\Users\AM\AppData\Roaming\CamShapes.ini
2015-07-03 17:46 - 2016-10-05 17:37 - 0004536 _____ () C:\Users\AM\AppData\Roaming\CamStudio.cfg
2015-07-03 17:39 - 2016-10-05 17:36 - 0000096 _____ () C:\Users\AM\AppData\Roaming\version2.xml
2016-10-30 23:24 - 2016-10-30 23:24 - 0000218 _____ () C:\Users\AM\AppData\Local\recently-used.xbel
2015-12-15 23:43 - 2015-12-15 23:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\AM\AppData\Local\Temp\libeay32.dll
C:\Users\AM\AppData\Local\Temp\msvcr120.dll
C:\Users\AM\AppData\Local\Temp\SkypeSetup.exe
C:\Users\AM\AppData\Local\Temp\_unps.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-03 08:00
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 10 November 2016 - 02:10 PM

Greetings A10M and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. There should be an Addition.txt document located in the same place as FRST.txt. Please copy and paste that information in your reply.

Edited by Oh My!, 10 November 2016 - 02:14 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 A10M

A10M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 11 November 2016 - 03:16 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by AM (06-11-2016 11:07:40)
Running from C:\Users\AM\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-15 15:23:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3343802408-3034550604-896918693-500 - Administrator - Disabled)
AM (S-1-5-21-3343802408-3034550604-896918693-1002 - Administrator - Enabled) => C:\Users\AM
DefaultAccount (S-1-5-21-3343802408-3034550604-896918693-503 - Limited - Disabled)
Guest (S-1-5-21-3343802408-3034550604-896918693-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
½ºÀ® ºê¶ó¿ìÀú 2.42 (HKLM-x32\...\SwingBrowser_is1) (Version: 2.4.2.0 - ZUM internet Corp.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version:  - AhnLab, Inc)
AhnLab Safe Transaction (HKLM\...\{19DD1D8D-927F-45DF-ADF4-75D38267848D}) (Version: 1.3.13.711 - AhnLab, Inc.)
Amazon Kindle (HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG (HKLM\...\AvgZen) (Version: 1.111.2.45832 - AVG Technologies)
AVG (Version: 16.121.7859 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
ChromecastApp (HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dragon Assistant Application en-US version 1.5.5 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.5 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.9 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.9 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.1 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.1 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.5 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.5 - Nuance Communications, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.51.1 - Dropbox, Inc.) Hidden
Efficient Diary 5.22 (HKLM-x32\...\Efficient Diary_is1) (Version:  - Efficient Software)
eISP 1.0 (HKLM-x32\...\eISP) (Version: 1.0 - )
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.2 - Toontrack)
EZmix 64-bit (HKLM\...\{3D08DB3C-A805-4DDE-861C-85944AA2BA05}) (Version: 2.1.1 - Toontrack)
ffdshow [rev 3119] [2009-10-27] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fine Metronome 3.5.0 (HKLM-x32\...\Fine Metronome_is1) (Version:  - Fine Software)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HTSK (HKLM-x32\...\{A9C89180-E3B6-4451-A788-0BDC8A5EF34A}_is1) (Version:  - )
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
iExplorer 3.9.4.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iniLINE CrossEX Service (HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\iniLINE_CrossEX) (Version: 1.0.2.2 - iniLINE Co., Ltd.)
INISAFE SandBox 1.0 (HKLM-x32\...\INISAFE SandBox) (Version: 1.0 - Initech, Inc.)
INISAFE Web EX Client (HKLM-x32\...\UnINISafeWebEX) (Version: 1.0.0.1 - Initech, Inc.)
INISAFE Web v6.4 (HKLM-x32\...\UnINISafeWeb64) (Version: 6 - Initech ©.)
INISafeWeb 7.2 (SFilter 1.0) (HKLM-x32\...\UnINISafeWeb7) (Version: 7.2.0.9 - ©INITECH)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aaf3655f-6961-4be2-aa4e-6de4dc1dc8f4}) (Version: 16.1.5 - Intel Corporation)
IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.2.4 - interezen)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Juicy Stakes 2.0 (HKLM-x32\...\Juicy Stakes 2.0) (Version: 2.0.1.8616 - Juicy Stakes)
KCP CrossBrowsing HUB Version (HKLM-x32\...\KCP Payment Hub Plugin_is1) (Version:  - )
KeySharp CertRelay (HKLM-x32\...\KeySharp CertRelay) (Version: 2.1.0.5 - RaonSecure Co., Ltd.)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5219.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5219.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MotioninJoy ds3 driver version 0.6.0003 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.0001 - www.motioninjoy.com)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
npEfdsWCtrl (HKLM-x32\...\npEfdsWCtrl) (Version:  - INCA Internet Co., Ltd.)
npPCStatus (HKLM-x32\...\npPCStatus) (Version:  - INCA Internet Co., Ltd.)
nProtect KeyCrypt (HKLM\...\npkcxp) (Version:  - INCA Internet Co., Ltd.)
nProtect KeyCrypt V5.0 (HKLM-x32\...\npkcxp) (Version: 5.0 - INCA Internet Co., Ltd.)
nProtect Netizen v5.5 (HKLM-x32\...\nProtect Netizen v5.5) (Version:  - INCA Internet Co., Ltd.)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
PhoneTrans 3.6.9 (HKLM-x32\...\{F0B50B3A-0C1F-43D8-BE90-70241B473114}}_is1) (Version: 3.6.9 - iMobie Inc.)
Plex Media Server (HKLM-x32\...\{876ab221-6562-4f34-9335-68fc92bb3f1b}) (Version: 0.9.818 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.818 - Plex, Inc.) Hidden
PodTrans 3.6.10 (HKLM-x32\...\{16EF54EF-8F6F-40DA-9A82-B0DF8F38957F}}_is1) (Version: 3.6.10 - iMobie Inc.)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version:  - )
Spotify (HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\Spotify) (Version: 1.0.41.375.g040056ca - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Superior Drummer 64 bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.2.3 - Toontrack)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Toontrack solo (HKLM-x32\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.1.1 - Toontrack)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version:  - RaonSecure Co., Ltd.)
TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.43 - RaonSecure Co., Ltd.)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84 - Transmission)
TunnelBear (HKLM-x32\...\{b4cc6c14-7f48-445f-a563-aa0b1a1efcdb}) (Version: 2.3.17.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{e21890b7-0c27-417a-bd68-c3694437540c}) (Version: 2.3.17.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.17.0 - TunnelBear) Hidden
Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Verain(Wizvera Mozilla Plugin) - 2,5,0,4 (HKLM-x32\...\{D2C6E596-7F8C-4210-877F-42D70543F600}_is1) (Version: 2,5,0,4 - Wizvera)
Veraport20(Security module management) G3 - 3,0,3,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 3,0,3,6 - Wizvera)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version:  - )
Win Cake (HKLM-x32\...\Win Cake) (Version: 2.0.1.8463 - Cake Entertainment N.V.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WIZVERA Process Manager 1,0,1,5 (HKLM-x32\...\{8941A397-4065-4F41-92CE-0EB610846EED}_is1) (Version: 1,0,1,5 - WIZVERA)
x-INIpay Plugin v.1.0.0.4 (HKLM-x32\...\{CA0EE02C-0EF3-4127-BC88-D68F6F456FA5}_is1) (Version:  - KG INICIS)
Youtube Downloader HD v. 2.9.9.13 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3343802408-3034550604-896918693-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3343802408-3034550604-896918693-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\AM\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3343802408-3034550604-896918693-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\AM\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3343802408-3034550604-896918693-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3343802408-3034550604-896918693-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\AM\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0618DAE8-6D7C-4C67-9099-7AFD5EE399D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {06F5F6E6-7E27-438B-81F3-CEE7F8549194} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {20772034-9367-41F2-8C8F-A030B06560D8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-11-08] (CyberLink)
Task: {266E59F6-452C-42E0-AFED-D14573D12E84} - System32\Tasks\goloader1 => Wscript.exe /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {3AE4827E-A110-4879-9A88-25E118A6A0A4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-27] (Adobe Systems Incorporated)
Task: {3C786437-7E46-4D55-B712-50C989763701} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-13] (Microsoft Corporation)
Task: {4AD0BBCB-B6E1-4CC7-A113-38069643DF2C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {52F86CE9-9AE6-4DCF-A6CD-340F6E3AA5E4} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-03-01] () <==== ATTENTION
Task: {5C967A9C-1254-428F-AFC7-5932988CCA64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3343802408-3034550604-896918693-1002Core => C:\Users\AM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5CFA000A-9D3F-4677-B12C-3517B06B417C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6820B48C-4A8D-4BCA-BA20-369067E2D3B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7A90AF7D-9F21-40B9-85B1-B2B18A12838B} - System32\Tasks\RunAsStdUser Task - starter.exe --firstrun => C:\Users\AM\AppData\Local\SwingBrowser\Application\starter.exe [2015-07-08] (ZUM internet Corp.)
Task: {8490E748-D034-4E71-8FED-EB026EC6F7AB} - System32\Tasks\RunAsStdUser Task - swing.exe --launch-for-initial-caching --noerrdialogs --no-f => C:\Users\AM\AppData\Local\SwingBrowser\Application\swing.exe [2015-08-28] (ZUM internet Corp.)
Task: {87057B1D-60D2-4B8D-88ED-361DDC0BA542} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {8AE3263B-A11F-404A-A285-F2EF111A1DC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {8B2FDDD1-8865-4E12-BED0-7624E4D16490} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3343802408-3034550604-896918693-1002UA => C:\Users\AM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {95FA07CF-8B56-4517-B1DC-49BE46E8DD05} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe
Task: {9AB2C614-4192-4428-8841-1E4C9CE2A7B0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-27] (Adobe Systems Incorporated)
Task: {BE9AC824-4FFA-469C-B999-BCB072A6ECE3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {C1673A4F-3150-465E-BFF9-B83174401556} - System32\Tasks\RunAsStdUser Task - swingbox.exe --firstrun => C:\Users\AM\AppData\Local\SwingBrowser\Application\swingbox.exe [2015-12-25] (ZUM internet Corp.)
Task: {C167E7B2-2954-409B-BBC1-34ADCE7CCF28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {C30730EA-E23E-43EA-8396-1FAD0D6291F4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {C5B91F31-CCA8-470A-A662-6D28BD6E0869} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {EC202261-4B0B-4D00-936F-F18590E4A087} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {ED7CAA36-76BC-4487-B200-8E679A6F63D2} - System32\Tasks\RunAsStdUser Task - swing.exe --force-first-run --start-maximized --check-defaul => C:\Users\AM\AppData\Local\SwingBrowser\Application\swing.exe [2015-08-28] (ZUM internet Corp.)
Task: {F291810B-FA2B-49B5-8C96-3A51876E55CC} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-03-01] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3343802408-3034550604-896918693-1002Core.job => C:\Users\AM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3343802408-3034550604-896918693-1002UA.job => C:\Users\AM\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 16:18 - 2015-10-30 16:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-12-16 12:26 - 2012-04-25 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-23 21:11 - 2016-11-04 19:40 - 00376984 _____ () C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
2016-09-19 00:16 - 2016-09-07 14:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-19 00:16 - 2016-09-07 14:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-26 12:49 - 2016-08-26 12:49 - 01864384 _____ () C:\Users\AM\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-04-19 07:05 - 2016-04-19 07:05 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-20 15:11 - 2015-12-07 13:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 21:02 - 2016-07-01 12:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-19 00:10 - 2016-09-07 13:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-19 00:09 - 2016-09-07 13:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-19 00:10 - 2016-09-07 13:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-19 00:10 - 2016-09-07 13:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-12-16 12:17 - 2013-04-09 15:39 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-02 05:25 - 2016-10-31 14:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-02 05:25 - 2016-10-31 14:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
2015-04-20 21:31 - 2015-07-24 13:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2016-08-26 12:48 - 2016-08-26 12:48 - 01383616 _____ () C:\Users\AM\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 12:49 - 2016-08-26 12:49 - 00118976 _____ () C:\Users\AM\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-10-13 20:25 - 2016-10-11 03:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-28 03:07 - 2016-10-11 03:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-28 03:07 - 2016-10-11 03:19 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-28 03:07 - 2016-10-11 03:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-10-13 20:25 - 2016-10-11 03:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-10-13 20:25 - 2016-10-11 03:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-10-13 20:25 - 2016-10-11 03:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-10-13 20:25 - 2016-10-11 03:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-28 03:07 - 2016-10-11 03:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-28 03:07 - 2016-10-11 03:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-13 20:25 - 2016-10-11 03:20 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-10-13 20:25 - 2016-10-11 03:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-28 03:07 - 2016-10-11 03:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-28 03:07 - 2016-10-24 22:15 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-10-28 03:07 - 2016-10-24 22:06 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-10-28 03:07 - 2016-10-24 22:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-28 03:07 - 2016-10-24 22:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-10-13 20:25 - 2016-10-11 03:19 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-28 03:07 - 2016-10-24 22:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-28 03:07 - 2016-10-11 03:24 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-28 03:07 - 2016-10-11 03:24 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-10-13 20:25 - 2016-10-11 03:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-10-13 20:25 - 2016-10-24 22:16 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-28 03:07 - 2016-10-24 22:16 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-10-13 20:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-13 20:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-13 20:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-18 15:17 - 2016-09-18 15:17 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00032392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2013-12-24 11:17 - 2013-12-24 11:17 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2013-12-24 11:17 - 2013-12-24 11:17 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2016-10-26 02:11 - 2016-10-24 11:03 - 17771200 _____ () C:\Users\AM\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll
2016-04-19 07:05 - 2016-04-19 07:05 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:05 - 2016-04-19 07:05 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2010-01-13 09:55 - 2010-01-13 09:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2010-12-18 05:56 - 2010-12-18 05:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2010-12-17 05:16 - 2010-12-17 05:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2010-12-18 05:56 - 2010-12-18 05:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2013-03-08 05:54 - 2013-03-08 05:54 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2010-01-18 16:34 - 2010-01-18 16:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2010-12-18 05:56 - 2010-12-18 05:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2013-03-08 05:53 - 2013-03-08 05:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2010-01-13 09:55 - 2010-01-13 09:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2013-03-08 05:55 - 2013-03-08 05:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-08 05:58 - 2013-03-08 05:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files (x86)\Juicy Stakes 2.0:MID [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\hyundaicard.com -> hxxps://hyundaicard.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\keb.co.kr -> hxxp://keb.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\line6.net -> line6.net
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\suhyup-bank.com -> hxxps://suhyup-bank.com
 
There are 3 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 22:25 - 2016-08-25 12:55 - 00000838 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\AM\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3343802408-3034550604-896918693-1002\...\StartupApproved\Run: => "IniCrossExSvc"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{02091AB7-A41E-4579-9912-A546921489E2}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{51A50478-CF4F-4710-99D8-1A0D351A8D56}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [{CF18B9F9-D554-4442-AF97-E7766C7D37E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{E5A20452-A3AA-4E8E-8C7A-929B44D28264}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{62ACBD0D-862C-489F-B12C-FD92206534C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5ABE0329-4D7B-47F9-A67F-091283CBF4D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E3D78170-3039-4750-9E7A-378370DE4E18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4CD6C6D8-4823-43E5-8F2A-FCC708AE5680}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0206EBB1-F8FE-45AA-AE59-CA50C0824B43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{10596A8A-A9BD-4637-8F71-87FEE4EBC61A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{57D28738-5BBA-47F2-8BFC-BD0D3B81AEC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{176CA458-7DD1-4777-B211-CD2EC2CA8983}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{68074037-9B71-4AA0-AEF4-DD3F725C5121}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{6F82E761-7C3B-41FA-889D-CD4C449CCCF7}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F13244DB-9AE2-45D3-94BD-DCC9B6F08831}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{581785A3-D219-49C4-BE50-5CD005A6A7B9}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{BE6AB897-A0E5-4F89-9FBF-E67A0F6A5601}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{B070FB77-6BE4-47F6-B9A0-B940377DE4AD}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{07A2BEF2-9886-4D93-BFD9-AD98B126915D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{12827637-FD3B-4293-B694-2DF90D5CA7EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{6A37110F-6892-4069-8BE6-B5E8C641C481}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{268C5EC0-525A-4C18-AB44-C3B049DD3A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{20671805-2F53-4DDA-B683-B4F76DAB19AC}] => (Allow) C:\Users\AM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD223E3B-5662-4C53-9BD4-2121C0AC0310}] => (Allow) C:\Users\AM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EEFF8EC5-BFD6-4017-841D-7BBEEB89A724}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{85036654-41C4-4B97-8044-C03CC43E11B0}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{17648C88-7B9B-4D1D-877A-ED62CD777887}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B91CA30F-B54A-4130-A571-9368B351D663}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{8F58E31D-E76A-4CC0-A6FD-B4E1DA946E77}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5E5CA7BB-3F1B-48A1-A341-0BE6B130007A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B9E4535A-37E3-4061-B0E7-67F7CB89BFF6}] => (Block) %ProgramFiles%\MotioninJoy\ds3\DS3_Tool.exe
FirewallRules: [{EDA138DC-DB90-4752-8856-C038B3B3685D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{1ED6F90B-3869-422B-AD94-F178C43A2D34}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{72466B71-899D-46AD-BA64-C4254BBAFCB9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{459BB8A8-5033-415B-91EB-59FE88160F1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF3DE6E7-02D2-4D29-9BF5-31E36C9CC7F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21CD2762-43BC-411D-A2E0-631868B5F85F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB18B6EF-8ED9-47DC-BE2C-90DD3879C508}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{AE37C203-6C3C-4CFD-B41D-589312C679E5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{92869780-FAF9-4FC7-80C9-8D425E438DF0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FFE28DA8-0848-4575-A4A9-CF894FA23C9F}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Setup Helper\VLC Setup Helper.exe
FirewallRules: [{6585D9E0-A6EE-4F54-B57C-DE740F17FF80}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Setup Helper\mDNSResponder.exe
FirewallRules: [{4EF82AEF-8111-4EA2-A5DC-A30B83AA092F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{6D69D07E-CCAB-4990-80FC-59F70BDF4AF7}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [{61D5D289-25EF-47E9-8F5A-D6740842208F}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{FCC2AA41-FA55-4EEA-B9D7-ED27122F8B39}] => (Block) %ProgramFiles%\CyberLink\PowerDirector11\PDR11.exe
FirewallRules: [{3E6D202C-6584-49C8-98A6-66ECFE6CD842}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{63D0EFFE-1FAF-459C-AEC8-072A3EE62894}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{94488C16-980A-4261-B100-8F932CD7E9B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AC76CC7-A237-4EE6-85E0-7D9649F9E144}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1AF10EC5-107C-4759-AA5E-65DC6A14CAF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9B25A541-46A7-44E5-9FA5-452C5AB250D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [TCP Query User{52A9F88B-9BED-482E-9770-1C1A8FDAE710}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E6D81C48-035F-48F1-B67B-213B2D6657EE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{20641D70-A536-4DA8-AA42-99D34D8CE997}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{6935068B-5D13-4C11-9C22-3BE6946BBCCE}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{585390B8-3C19-411C-91E3-DF12D28CCEA4}] => (Allow) C:\Users\AM\AppData\Local\Temp\nscC718.tmp\CnetInstaller-10502034.exe
FirewallRules: [{2A98839B-EBD2-495C-B9E0-03384A15627D}] => (Allow) C:\Users\AM\AppData\Local\Temp\nscC718.tmp\CnetInstaller-10502034.exe
FirewallRules: [{D49D914C-4193-4496-8FB4-3246CD8DECC7}] => (Allow) C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp\CnetInstaller-10502034.exe
FirewallRules: [{D923BE10-0379-48BF-928F-448BDA511635}] => (Allow) C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp\CnetInstaller-10502034.exe
FirewallRules: [TCP Query User{A6764743-4524-4DD8-8A40-903153385072}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5EFEC3C3-1B64-4E4D-8AB4-88BB6F5E400D}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{8FA34C51-0B14-4E65-B4EA-0816E39CC277}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D778D17-9CDF-44B8-B4D5-EDC89C53D60B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{2C0D307F-0E72-4995-A6B4-15CD38724BF9}C:\users\am\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\am\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A915EC7E-3694-48D9-B827-32A73C04BFDA}C:\users\am\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\am\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4461D1F5-FD54-41FA-BF92-1B4E649D3500}] => (Allow) C:\Users\AM\AppData\Local\Temp\nspE935.tmp\Installer-75984393.exe
FirewallRules: [{936CFAE4-D28F-495D-B949-4D0743AC2AE0}] => (Allow) C:\Users\AM\AppData\Local\Temp\nspE935.tmp\Installer-75984393.exe
FirewallRules: [{8C13AEE6-CDC0-4FCE-AC9C-93BBBD3E4D49}] => (Allow) C:\Program Files (x86)\Cake Poker 2.0\PokerClient.exe
FirewallRules: [{824C888D-1FB6-4833-BF9E-A05426303976}] => (Allow) C:\Program Files (x86)\Cake Poker 2.0\PokerClient.exe
FirewallRules: [{B9331D10-4C59-45B4-AFC5-C2EA63697084}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2AD2C2EE-A4DB-4E0C-AC99-4176ED29E608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C0686836-523F-409D-A5A6-637A47F6C042}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B8E755EE-609A-4999-8577-F6A33CCAAB56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6C8E58CA-9387-41B1-A9B4-B42111571653}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD189264-55C7-4ED3-8A0A-554380D132DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56A6631F-5DA2-4D9F-8D33-D0F453EF6403}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C6637FA-AE95-4E38-843C-8F46A0E26089}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40A81E9E-5CDF-449C-B60F-51429CEC40F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3349C7E9-5AFA-425E-8C8B-E169410575A7}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{C027CCF4-2B97-4409-A99F-13612816A3F2}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{96B031B6-B308-4E23-B167-90006DAF7C65}C:\users\am\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\am\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{70897B36-AE49-4BEB-B903-7D533EB38BDB}C:\users\am\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\am\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{72F9FD95-7E1A-43BB-AC6D-F3ED4D9DD1BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F2BDE1DE-9BB3-40A9-B2D4-F8DE21B50943}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{850BE148-E567-4041-87FC-2CF348BABA94}] => (Allow) C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
FirewallRules: [{88ED678E-BEBA-4825-B691-4D19CB15271C}] => (Allow) C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
FirewallRules: [{E93233F2-F991-43C9-A03B-DC3A68C38AA5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DFD11DD2-C357-4F48-8609-30B34CED1E7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1F6211DE-5672-40AF-8A5D-00E54427DAB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4EB3DA8B-37CD-4E4C-B48E-839F8310D40D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{0EB0D224-2D3C-43C0-BC63-C0BDF3756D29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{6CC9B61A-3435-4E57-A9D9-6E867A01155B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{65CD3B16-3999-44CF-A179-B288C5504E63}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2D908149-F67E-4940-B5D0-5C9132C6FA34}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{41F111DA-56A8-4E9B-A7DC-0EF18E1B1B75}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B6D84D55-D7F2-4BBD-93A4-4C05E896F7DB}] => (Allow) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2016 10:49:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANDREW)
Description: Activation of app Microsoft.Getstarted_4.1.15.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/06/2016 10:47:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000a0380
Faulting process id: 0x81c
Faulting application start time: 0x01d237cfb0d856bf
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: 6b8ee3f3-1a2f-4a6b-b990-93d986ee69ad
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/06/2016 10:46:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ETDCtrl.exe, version: 11.59.4.32, time stamp: 0x55b9f5cb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000a0380
Faulting process id: 0x20
Faulting application start time: 0x01d237cfa22a621a
Faulting application path: C:\Program Files\Elantech\ETDCtrl.exe
Faulting module path: unknown
Report Id: e3d5182f-74f5-4d13-a798-0b11b67415c0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/06/2016 10:46:43 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Wizvera process manager service because of this error.
 
Program: Wizvera process manager service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (11/06/2016 10:46:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpmsvc.exe, version: 1.0.1.5, time stamp: 0x55c959bd
Faulting module name: wpmsvc.exe, version: 1.0.1.5, time stamp: 0x55c959bd
Exception code: 0xc0000096
Fault offset: 0x0000250d
Faulting process id: 0xed8
Faulting application start time: 0x01d237cfa02f55a4
Faulting application path: C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
Faulting module path: C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
Report Id: 2be1f93d-03e2-4165-be3e-0e22f78b3d1d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/06/2016 10:46:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000a0380
Faulting process id: 0x18e4
Faulting application start time: 0x01d237cf9ce0fbb7
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: a41d46fc-2a68-472f-bf00-0167e1b13358
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/06/2016 10:46:37 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Wizvera process manager service because of this error.
 
Program: Wizvera process manager service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (11/06/2016 10:46:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpmsvc.exe, version: 1.0.1.5, time stamp: 0x55c959bd
Faulting module name: wpmsvc.exe, version: 1.0.1.5, time stamp: 0x55c959bd
Exception code: 0xc0000096
Fault offset: 0x0000250d
Faulting process id: 0x169c
Faulting application start time: 0x01d237cf9c8601ad
Faulting application path: C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
Faulting module path: C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
Report Id: 935ff11c-c1e6-4655-9794-43cd95e6cde8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/06/2016 10:46:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atbroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000a0380
Faulting process id: 0x19d4
Faulting application start time: 0x01d237cf908c416d
Faulting application path: C:\WINDOWS\system32\atbroker.exe
Faulting module path: unknown
Report Id: 011cac51-2751-45c9-8725-2aee5eeddb53
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/06/2016 10:46:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.10586.0, time stamp: 0x5632d7f9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000a0380
Faulting process id: 0xe44
Faulting application start time: 0x01d237cf90883f0b
Faulting application path: C:\WINDOWS\system32\sihost.exe
Faulting module path: unknown
Report Id: fa2de9ce-a499-452d-a2a3-1bc33a6bf76b
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/06/2016 11:04:21 AM) (Source: DCOM) (EventID: 10010) (User: ANDREW)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (11/06/2016 10:57:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (11/06/2016 10:54:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (11/06/2016 10:50:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDWSCService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/06/2016 10:50:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDWSCService service to connect.
 
Error: (11/06/2016 10:50:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DACoreService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/06/2016 10:50:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DACoreService service to connect.
 
Error: (11/06/2016 10:50:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WizveraPMSvc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/06/2016 10:50:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDUpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/06/2016 10:50:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WizveraPMSvc service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-06 10:57:42.626
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-06 05:22:59.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-06 05:22:59.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 17:03:45.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 15:00:27.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 15:00:27.777
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 15:00:27.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 15:00:27.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 15:00:26.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-05 15:00:26.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 6090.27 MB
Available physical RAM: 3049.43 MB
Total Virtual: 10183.47 MB
Available Virtual: 6519.77 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:888.72 GB) (Free:4.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F4395CEC)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 11 November 2016 - 01:44 PM

Thank you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
AVG AntiVirus Free Edition


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3343802408-3034550604-896918693-1002 -> {2E2D9504-8A51-4329-A8C0-2C16F56FF36F} URL = 
S3 dbx; system32\DRIVERS\dbx.sys [X]
Task: {266E59F6-452C-42E0-AFED-D14573D12E84} - System32\Tasks\goloader1 => Wscript.exe /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
C:\ProgramData\SsiRecord
Task: {52F86CE9-9AE6-4DCF-A6CD-340F6E3AA5E4} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-03-01] ()
C:\IORRT
Task: {F291810B-FA2B-49B5-8C96-3A51876E55CC} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-03-01] () <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\Juicy Stakes 2.0:MID
FirewallRules: [{585390B8-3C19-411C-91E3-DF12D28CCEA4}] => (Allow) C:\Users\AM\AppData\Local\Temp\nscC718.tmp\CnetInstaller-10502034.exe
FirewallRules: [{2A98839B-EBD2-495C-B9E0-03384A15627D}] => (Allow) C:\Users\AM\AppData\Local\Temp\nscC718.tmp\CnetInstaller-10502034.exe
FirewallRules: [{D49D914C-4193-4496-8FB4-3246CD8DECC7}] => (Allow) C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp\CnetInstaller-10502034.exe
FirewallRules: [{D923BE10-0379-48BF-928F-448BDA511635}] => (Allow) C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp\CnetInstaller-10502034.exe
C:\Users\AM\AppData\Local\Temp\nscC718.tmp
C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp
FirewallRules: [{4461D1F5-FD54-41FA-BF92-1B4E649D3500}] => (Allow) C:\Users\AM\AppData\Local\Temp\nspE935.tmp\Installer-75984393.exe
FirewallRules: [{936CFAE4-D28F-495D-B949-4D0743AC2AE0}] => (Allow) C:\Users\AM\AppData\Local\Temp\nspE935.tmp\Installer-75984393.exe
C:\Users\AM\AppData\Local\Temp\nspE935.tmp
Folder: C:\$49,4i7E
Folder: C:\Users\AM\Documents\$49,4i7E
Folder: C:\ProgramData\tmp
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Delete an antivirus program?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 A10M

A10M
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 14 November 2016 - 06:27 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by AM (13-11-2016 03:43:19) Run:5
Running from C:\Users\AM\Downloads\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: AM (Available Profiles: AM)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3343802408-3034550604-896918693-1002 -> {2E2D9504-8A51-4329-A8C0-2C16F56FF36F} URL = 
S3 dbx; system32\DRIVERS\dbx.sys [X]
Task: {266E59F6-452C-42E0-AFED-D14573D12E84} - System32\Tasks\goloader1 => Wscript.exe /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
C:\ProgramData\SsiRecord
Task: {52F86CE9-9AE6-4DCF-A6CD-340F6E3AA5E4} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-03-01] ()
C:\IORRT
Task: {F291810B-FA2B-49B5-8C96-3A51876E55CC} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-03-01] () <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\Juicy Stakes 2.0:MID
FirewallRules: [{585390B8-3C19-411C-91E3-DF12D28CCEA4}] => (Allow) C:\Users\AM\AppData\Local\Temp\nscC718.tmp\CnetInstaller-10502034.exe
FirewallRules: [{2A98839B-EBD2-495C-B9E0-03384A15627D}] => (Allow) C:\Users\AM\AppData\Local\Temp\nscC718.tmp\CnetInstaller-10502034.exe
FirewallRules: [{D49D914C-4193-4496-8FB4-3246CD8DECC7}] => (Allow) C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp\CnetInstaller-10502034.exe
FirewallRules: [{D923BE10-0379-48BF-928F-448BDA511635}] => (Allow) C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp\CnetInstaller-10502034.exe
C:\Users\AM\AppData\Local\Temp\nscC718.tmp
C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp
FirewallRules: [{4461D1F5-FD54-41FA-BF92-1B4E649D3500}] => (Allow) C:\Users\AM\AppData\Local\Temp\nspE935.tmp\Installer-75984393.exe
FirewallRules: [{936CFAE4-D28F-495D-B949-4D0743AC2AE0}] => (Allow) C:\Users\AM\AppData\Local\Temp\nspE935.tmp\Installer-75984393.exe
C:\Users\AM\AppData\Local\Temp\nspE935.tmp
Folder: C:\$49,4i7E
Folder: C:\Users\AM\Documents\$49,4i7E
Folder: C:\ProgramData\tmp
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3343802408-3034550604-896918693-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E2D9504-8A51-4329-A8C0-2C16F56FF36F}" => key removed successfully
HKCR\CLSID\{2E2D9504-8A51-4329-A8C0-2C16F56FF36F} => key not found. 
dbx => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{266E59F6-452C-42E0-AFED-D14573D12E84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{266E59F6-452C-42E0-AFED-D14573D12E84}" => key removed successfully
C:\WINDOWS\System32\Tasks\goloader1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\goloader1" => key removed successfully
C:\ProgramData\SsiRecord => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{52F86CE9-9AE6-4DCF-A6CD-340F6E3AA5E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F86CE9-9AE6-4DCF-A6CD-340F6E3AA5E4}" => key removed successfully
C:\WINDOWS\System32\Tasks\Hybrid => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hybrid" => key removed successfully
C:\IORRT => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F291810B-FA2B-49B5-8C96-3A51876E55CC} => key not found. 
C:\WINDOWS\System32\Tasks\IORRT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IORRT" => key removed successfully
C:\Program Files (x86)\Juicy Stakes 2.0 => "AlternateDataStreams: C:\Program Files (x86)\Juicy Stakes 2.0:MID" ADS could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{585390B8-3C19-411C-91E3-DF12D28CCEA4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A98839B-EBD2-495C-B9E0-03384A15627D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D49D914C-4193-4496-8FB4-3246CD8DECC7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D923BE10-0379-48BF-928F-448BDA511635} => value removed successfully
"C:\Users\AM\AppData\Local\Temp\nscC718.tmp" => not found.
"C:\Users\AM\AppData\Local\Temp\nsxAAEB.tmp" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4461D1F5-FD54-41FA-BF92-1B4E649D3500} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{936CFAE4-D28F-495D-B949-4D0743AC2AE0} => value removed successfully
"C:\Users\AM\AppData\Local\Temp\nspE935.tmp" => not found.
 
========================= Folder: C:\$49,4i7E ========================
 
2016-11-07 07:50 - 2016-11-07 07:50 - 0000173 ____H () C:\$49,4i7E\$qboq2dE.jpg
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\AM\Documents\$49,4i7E ========================
 
2016-11-07 07:50 - 2016-11-07 07:50 - 0000173 ____H () C:\Users\AM\Documents\$49,4i7E\$qboq2dE.jpg
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\tmp ========================
 
2015-12-22 14:13 - 2016-11-05 14:36 - 0001656 _____ () C:\ProgramData\tmp\rwstjg.tmp
2016-11-05 14:36 - 2016-11-05 14:36 - 0000000 ____D () C:\ProgramData\tmp\hps212985093_7724_SafeRegion
 
====== End of Folder: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 05:33:11 ====
 
 
 
 
 
 
 
# AdwCleaner v6.030 - Logfile created 14/11/2016 at 20:16:31
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-13.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : AM - ANDREW
# Running from : C:\Users\AM\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[!] Folder not deleted: C:\Users\AM\AppData\LocalLow\.acestream
[!] Folder not deleted: C:\Users\AM\AppData\RoAMing\.acestream
[!] Folder not deleted: C:\Users\AM\AppData\RoAMing\acestream
[!] Folder not deleted: C:\Users\AM\AppData\RoAMing\Microsoft\Windows\Start Menu\ProgrAMs\Ace Stream Media
[!] Folder not deleted: C:\_acestream_cache_
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\.acelive
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\.acemedia
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\.acestream
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\.tslive
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\acestream
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\AceStream.CDAudio
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\AceStream.DVDMovie
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\AceStream.file
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\AceStream.OPENFolder
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\AceStream.SVCDMovie
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Classes\AceStream.VCDMovie
[!] Key not deleted: HKCU\Software\Classes\.acelive
[!] Key not deleted: HKCU\Software\Classes\.acemedia
[!] Key not deleted: HKCU\Software\Classes\.acestream
[!] Key not deleted: HKCU\Software\Classes\.tslive
[!] Key not deleted: HKCU\Software\Classes\acestream
[!] Key not deleted: HKCU\Software\Classes\AceStream.CDAudio
[!] Key not deleted: HKCU\Software\Classes\AceStream.DVDMovie
[!] Key not deleted: HKCU\Software\Classes\AceStream.file
[!] Key not deleted: HKCU\Software\Classes\AceStream.OPENFolder
[!] Key not deleted: HKCU\Software\Classes\AceStream.SVCDMovie
[!] Key not deleted: HKCU\Software\Classes\AceStream.VCDMovie
[!] Key not deleted: [x64] HKCU\Software\Classes\.acelive
[!] Key not deleted: [x64] HKCU\Software\Classes\.acemedia
[!] Key not deleted: [x64] HKCU\Software\Classes\.acestream
[!] Key not deleted: [x64] HKCU\Software\Classes\.tslive
[!] Key not deleted: [x64] HKCU\Software\Classes\acestream
[!] Key not deleted: [x64] HKCU\Software\Classes\AceStream.CDAudio
[!] Key not deleted: [x64] HKCU\Software\Classes\AceStream.DVDMovie
[!] Key not deleted: [x64] HKCU\Software\Classes\AceStream.file
[!] Key not deleted: [x64] HKCU\Software\Classes\AceStream.OPENFolder
[!] Key not deleted: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
[!] Key not deleted: [x64] HKCU\Software\Classes\AceStream.VCDMovie
[!] Key not deleted: HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\AceStream
[!] Key not deleted: HKU\S-1-5-21-3343802408-3034550604-896918693-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[!] Key not deleted: HKCU\Software\AceStream
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[!] Key not deleted: [x64] HKCU\Software\AceStream
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[!] Key not deleted: HKCU\Software\Classes\Applications\ace_player.exe
[!] Key not deleted: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[!] Key not deleted: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[!] Key not deleted: HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[!] Key not deleted: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[!] Key not deleted: HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[!] Value not deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[!] Value not deleted: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3305 Bytes] - [26/09/2016 17:31:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [7695 Bytes] - [14/11/2016 20:16:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [3164 Bytes] - [26/09/2016 17:20:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [1276 Bytes] - [13/11/2016 05:52:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [7540 Bytes] - [14/11/2016 20:13:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [7987 Bytes] ##########
 
 
 
 
My computer seems to be working much better now. I've restarted it about 4 times in the past week and I haven't been stuck on the black screen once. It's also running faster than it was before. Thanks so much!


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 14 November 2016 - 10:08 AM

Glad for the good report.

I am assuming you want to keep AceStream.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\$49,4i7E
C:\Users\AM\Documents\$49,4i7E
C:\ProgramData\tmp
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 17 November 2016 - 09:54 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 20 November 2016 - 04:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users