Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Funshion malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 zzzfrendzzz

zzzfrendzzz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 26 January 2017 - 05:45 AM

Recently, Avast is blocking a ton load of funshion PUP / threats on my computer.

 

The following are the methods I've tried;

Malwarebytes Scanning

Adwcleaner

Junkwareware removal tool

 

I do not have the program listed in my Add/Remove programs list, hence i cannot simply uninstall funshion.

 

Any help will be greatly appreciated.


Edited by hamluis, 26 January 2017 - 07:03 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 26 January 2017 - 07:25 AM

Hello zzzfrendzzz and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

RKreport.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 zzzfrendzzz

zzzfrendzzz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 28 January 2017 - 01:17 AM

Hi,

 

RKreport.txt

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software

 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/28/2017 13:00:08 (Duration : 01:09:38)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} (C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Arafael | (default) : {3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} (C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll) [7] -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1d82a5c2-81a1-44e8-82ab-584df0558c05} | DhcpNameServer : 10.6.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82d5a3ad-9c47-4c4c-9936-a06e9887a479} | DhcpNameServer : 10.1.0.1 ([X])  -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{76961B17-F6C9-4FC5-86FD-F67F949AC56F}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{B21F42D7-E696-47F8-BCE1-49AD5A9C93C8}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 5 ¤¤¤
[PUP.Funshion][Folder] C:\Users\user\AppData\Roaming\funspeed -> Found
[PUP.Gen1][Folder] C:\Users\user\AppData\Roaming\FunUninst -> Found
[Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [https://sg.search.yahoo.com/?type=715483&fr=yo-yhp-ch|https://twitter.com/|http://www.google.com.sg/|http://www.google.com/|http://start.search.us.com/v/2/?guid={22BF6A6C-F538-4644-A17F-F8D2ECD0FC07}&serpv=5|http://search.us.com/v/2/?guid={7C3681AB-4DDE-45D8-AB48-76A4A67254D7}&serpv=17|https://sg.yahoo.com?fr=hp-avast&type=avastbcl] -> Found
[PUM.SearchPage][Chrome:Config] Profile 1 [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 +++++
--- User ---
[MBR] 90a8013049dd06f1dba65c01a11c44ff
[BSP] ed5030732a5bccca9981a13f57733626 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 475908 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 975742976 | Size: 503 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01

Ran by user (administrator) on DELL (28-01-2017 13:02:57)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Windows\KMS\KMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2016-12-05] (Wargaming.net)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-26] (Spotify Ltd)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [7163504 2017-01-26] (Spotify Ltd)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-02] (AVAST Software)
ShellIconOverlayIdentifiers: [Arafael] -> {3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} => C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll [2016-09-22] (Accelerate )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-01-26]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2014-11-30]
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\user\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-01-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1d82a5c2-81a1-44e8-82ab-584df0558c05}: [DhcpNameServer] 10.6.0.1
Tcpip\..\Interfaces\{82d5a3ad-9c47-4c4c-9936-a06e9887a479}: [DhcpNameServer] 10.1.0.1
Tcpip\..\Interfaces\{8fc5ca92-77fc-48b3-9348-2584b5710be4}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
BHO: No Name -> {8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://sg.search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-22]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-26]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-04-12]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-12]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-12]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-09-03] ()
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-03] (Synaptics Incorporated)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-02] (AVAST Software)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-26] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-03] (Synaptics Incorporated)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-04] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-01-10] (SteelSeries ApS)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-28] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-19] (Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 13:02 - 2017-01-28 13:06 - 00023785 _____ C:\Users\user\Downloads\FRST.txt
2017-01-28 13:01 - 2017-01-28 13:02 - 00000000 ____D C:\FRST
2017-01-28 13:01 - 2017-01-28 13:01 - 02420736 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-01-28 13:00 - 2017-01-28 13:00 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-28 12:59 - 2017-01-28 12:59 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-28 12:59 - 2017-01-28 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-28 12:59 - 2017-01-28 12:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-28 12:58 - 2017-01-28 12:59 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-28 12:57 - 2017-01-28 12:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-28 12:57 - 2017-01-28 12:57 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-28 12:56 - 2017-01-28 12:58 - 34726608 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
2017-01-26 19:35 - 2017-01-26 19:38 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E09.HDTV.x264-KILLERS[ettv]
2017-01-26 19:35 - 2017-01-26 19:35 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E10.HDTV.x264-LOL[ettv]
2017-01-26 19:32 - 2016-12-17 17:33 - 00067743 _____ C:\Users\user\Desktop\designated.survivor.108.hdtv-lol[ettv].mkv.srt
2017-01-26 19:32 - 2016-12-17 17:33 - 00066368 _____ C:\Users\user\Desktop\Designated.Survivor.S01E09.HDTV.x264-KILLERS[ettv].mkv.srt
2017-01-26 19:32 - 2016-12-17 17:33 - 00059153 _____ C:\Users\user\Desktop\designated.survivor.110.hdtv-lol[ettv].mkv.srt
2017-01-26 19:31 - 2016-12-23 00:14 - 00074536 _____ C:\Users\user\Desktop\designated.survivor.106.hdtv-lol[ettv].mkv.srt
2017-01-26 19:31 - 2016-11-17 19:50 - 00067868 _____ C:\Users\user\Desktop\designated.survivor.107.hdtv-lol[ettv].mkv.srt
2017-01-26 19:31 - 2016-11-05 22:09 - 00071001 _____ C:\Users\user\Desktop\designated.survivor.104.hdtv-lol[ettv].mkv.srt
2017-01-26 19:31 - 2016-11-05 22:09 - 00065661 _____ C:\Users\user\Desktop\designated.survivor.105.hdtv-lol[ettv].mkv.srt
2017-01-26 19:31 - 2016-10-06 15:18 - 00065715 _____ C:\Users\user\Desktop\Designated.Survivor.S01E03.HDTV.x264-KILLERS[ettv].mkv.srt
2017-01-26 19:31 - 2016-09-29 16:08 - 00068298 _____ C:\Users\user\Desktop\Designated.Survivor.S01E02.HDTV.x264-KILLERS[ettv].mkv.srt
2017-01-26 19:30 - 2017-01-26 19:30 - 00028256 _____ C:\Users\user\Downloads\Designated Survivor_1x06_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00027832 _____ C:\Users\user\Downloads\Designated Survivor_1x04_HDTV.x264-LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00026020 _____ C:\Users\user\Downloads\Designated Survivor_1x08_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025663 _____ C:\Users\user\Downloads\Designated Survivor_1x03_HDTV.x264-KILLERS.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025625 _____ C:\Users\user\Downloads\Designated Survivor_1x07_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025484 _____ C:\Users\user\Downloads\Designated Survivor_1x09_HDTV.KILLERS.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00024776 _____ C:\Users\user\Downloads\Designated Survivor_1x05_HDTV.x264-LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00022519 _____ C:\Users\user\Downloads\Designated Survivor_1x10_HDTV.LOL.en.zip
2017-01-26 19:30 - 2016-09-23 21:11 - 00063569 _____ C:\Users\user\Desktop\Designated.Survivor.S01E01.HDTV.x264-KILLERS[ettv].mkv.srt
2017-01-26 19:29 - 2017-01-26 19:29 - 00026392 _____ C:\Users\user\Downloads\Designated Survivor_1x02_HDTV.x264-KILLERS.en.zip
2017-01-26 19:29 - 2017-01-26 19:29 - 00024555 _____ C:\Users\user\Downloads\Designated Survivor_1x01_HDTV.KILLERS.en.zip
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E08.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E07.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E06.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E05.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E04.HDTV.x264-LOL[ettv]
2017-01-26 18:50 - 2017-01-26 18:54 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E03.HDTV.x264-KILLERS[ettv]
2017-01-26 18:47 - 2017-01-26 18:53 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E01.HDTV.x264-KILLERS[ettv]
2017-01-26 18:47 - 2017-01-26 18:50 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E02.HDTV.x264-KILLERS[ettv]
2017-01-26 18:29 - 2017-01-26 18:29 - 00000000 ____D C:\Users\user\AppData\Roaming\FunUninst
2017-01-26 18:12 - 2017-01-26 19:42 - 00000000 ____D C:\Users\user\AppData\Roaming\funspeed
2017-01-26 17:55 - 2017-01-26 18:22 - 00000000 ____D C:\AdwCleaner
2017-01-26 17:55 - 2017-01-26 17:55 - 03988944 _____ C:\Users\user\Downloads\AdwCleaner.exe
2017-01-26 17:54 - 2017-01-26 17:55 - 01663040 _____ (Malwarebytes) C:\Users\user\Downloads\JRT.exe
2017-01-26 17:51 - 2017-01-26 17:51 - 00181235 _____ C:\Users\user\Downloads\22901.pdf
2017-01-26 17:20 - 2017-01-26 17:20 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-26 17:20 - 2017-01-26 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-26 17:20 - 2017-01-26 17:20 - 00000000 ____D C:\Program Files\iPod
2017-01-26 17:19 - 2017-01-26 17:20 - 00000000 ____D C:\Program Files\iTunes
2017-01-26 17:15 - 2017-01-26 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-26 17:14 - 2017-01-26 17:14 - 00001472 _____ C:\EsgInstallerResumeAction_ff00e6f2fa487fc76629666127044dea
2017-01-26 17:05 - 2017-01-26 17:07 - 08813488 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup526.exe
2017-01-25 20:54 - 2016-12-21 15:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 20:54 - 2016-12-21 12:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-22 16:32 - 2017-01-22 16:32 - 00080399 _____ C:\Users\user\Downloads\Intro_to_Organic_Chem_(Qn7).pptx
2017-01-22 16:22 - 2017-01-22 16:22 - 00220648 _____ C:\Users\user\Downloads\Intro_to_Organic_Chem_(Qn6).pptx
2017-01-22 16:08 - 2017-01-22 16:08 - 00410508 _____ C:\Users\user\Downloads\5a_Nomenclature_of_organic_compounds.pptx
2017-01-22 15:39 - 2017-01-22 15:39 - 00000000 _____ C:\autoexec.bat
2017-01-22 15:29 - 2017-01-22 15:29 - 00132792 _____ C:\Users\user\Downloads\2017_JC2_CTG_Timetable.pdf
2017-01-22 15:29 - 2017-01-22 15:29 - 00132164 _____ C:\Users\user\Downloads\2017_JC2_CTG_Attendance_List.pdf
2017-01-17 23:24 - 2017-01-17 23:24 - 00037655 _____ C:\Users\user\Downloads\37890429_20170117_0051.pdf
2017-01-17 23:22 - 2017-01-17 23:22 - 00039231 _____ C:\Users\user\Downloads\35735539_20170107_0056.pdf
2017-01-17 23:20 - 2017-01-17 23:20 - 00038037 _____ C:\Users\user\Downloads\39755061_20170116_0046.pdf
2017-01-17 23:20 - 2017-01-17 23:20 - 00038037 _____ C:\Users\user\Downloads\39755061_20170116_0046 (1).pdf
2017-01-11 20:46 - 2016-12-21 16:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 20:46 - 2016-12-21 16:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 20:46 - 2016-12-21 15:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 20:46 - 2016-12-21 15:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 20:46 - 2016-12-21 15:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 20:46 - 2016-12-21 15:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 20:46 - 2016-12-21 15:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 20:46 - 2016-12-21 15:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 20:46 - 2016-12-21 15:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 20:46 - 2016-12-21 15:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 20:46 - 2016-12-21 14:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 20:46 - 2016-12-21 14:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 20:46 - 2016-12-21 14:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 20:46 - 2016-12-21 14:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 20:46 - 2016-12-21 14:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 20:46 - 2016-12-21 14:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 20:46 - 2016-12-21 14:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 20:46 - 2016-12-21 14:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 20:46 - 2016-12-21 14:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 20:46 - 2016-12-21 14:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 20:46 - 2016-12-21 14:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 20:46 - 2016-12-21 13:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 20:46 - 2016-12-21 13:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 20:46 - 2016-12-21 13:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 20:46 - 2016-12-21 12:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 20:46 - 2016-12-21 12:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 20:46 - 2016-12-21 12:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 20:46 - 2016-12-21 12:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 20:46 - 2016-12-21 12:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 20:46 - 2016-12-21 12:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 20:46 - 2016-12-21 12:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 20:46 - 2016-12-21 12:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 20:46 - 2016-12-21 12:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 20:46 - 2016-12-21 12:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 20:46 - 2016-12-21 12:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 20:46 - 2016-12-21 12:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 20:46 - 2016-12-21 12:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 20:46 - 2016-12-21 12:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 20:46 - 2016-12-21 12:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 20:46 - 2016-12-21 12:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 20:46 - 2016-12-14 13:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 20:46 - 2016-12-14 13:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 20:46 - 2016-12-14 13:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 20:46 - 2016-12-14 13:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 20:46 - 2016-12-14 13:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 20:46 - 2016-12-14 13:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 20:46 - 2016-12-14 13:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 20:46 - 2016-12-14 13:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 20:46 - 2016-12-14 12:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 20:46 - 2016-12-14 12:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 20:46 - 2016-12-14 12:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 20:46 - 2016-12-14 12:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 20:46 - 2016-12-14 12:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 20:46 - 2016-12-14 12:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 20:46 - 2016-12-14 12:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 20:46 - 2016-12-14 12:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 20:46 - 2016-12-14 12:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 20:46 - 2016-12-14 12:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 20:46 - 2016-12-14 12:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 20:46 - 2016-12-14 12:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 20:46 - 2016-12-14 12:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 20:46 - 2016-12-14 12:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 20:46 - 2016-12-14 12:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 20:46 - 2016-12-14 12:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 20:46 - 2016-11-02 20:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 20:46 - 2016-11-02 18:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:46 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 20:45 - 2016-12-21 16:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 20:45 - 2016-12-21 15:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 20:45 - 2016-12-21 15:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 20:45 - 2016-12-21 15:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 20:45 - 2016-12-21 15:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 20:45 - 2016-12-21 15:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 20:45 - 2016-12-21 15:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 20:45 - 2016-12-21 15:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 20:45 - 2016-12-21 15:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 20:45 - 2016-12-21 15:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 20:45 - 2016-12-21 15:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 20:45 - 2016-12-21 15:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 20:45 - 2016-12-21 15:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 20:45 - 2016-12-21 15:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 20:45 - 2016-12-21 15:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 20:45 - 2016-12-21 15:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 20:45 - 2016-12-21 15:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 20:45 - 2016-12-21 14:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 20:45 - 2016-12-21 14:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 20:45 - 2016-12-21 14:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 20:45 - 2016-12-21 14:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 20:45 - 2016-12-21 14:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 20:45 - 2016-12-21 14:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 20:45 - 2016-12-21 12:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 20:45 - 2016-12-21 12:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:45 - 2016-12-21 12:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 20:45 - 2016-12-21 12:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 20:45 - 2016-12-21 12:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 20:45 - 2016-12-21 12:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 20:45 - 2016-12-21 12:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 20:45 - 2016-12-21 12:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 20:45 - 2016-12-21 12:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 20:45 - 2016-12-14 13:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 20:45 - 2016-12-14 13:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 20:45 - 2016-12-14 13:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 20:45 - 2016-12-14 13:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 20:45 - 2016-12-14 13:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 20:45 - 2016-12-14 13:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 20:45 - 2016-12-14 13:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 20:45 - 2016-12-14 13:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 20:45 - 2016-12-14 13:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 20:45 - 2016-12-14 13:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 20:45 - 2016-12-14 12:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 20:45 - 2016-12-14 12:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 20:45 - 2016-12-14 12:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 20:45 - 2016-12-14 12:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:45 - 2016-12-14 12:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 20:45 - 2016-12-14 12:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 20:45 - 2016-12-14 12:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 20:45 - 2016-12-14 12:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 20:45 - 2016-12-14 12:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 20:45 - 2016-12-14 12:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 20:45 - 2016-12-14 12:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 20:45 - 2016-12-14 12:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 20:45 - 2016-12-14 12:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 20:45 - 2016-12-14 12:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 20:45 - 2016-12-14 12:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 20:45 - 2016-12-14 12:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 20:45 - 2016-12-14 12:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 20:45 - 2016-12-14 12:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 20:45 - 2016-11-02 19:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 20:45 - 2016-11-02 18:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 20:45 - 2016-11-02 18:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-07 13:56 - 2017-01-08 19:32 - 00000000 ____D C:\Users\user\Downloads\FIFA 17 Super Deluxe Edition-FULL UNLOCKED
2017-01-06 15:04 - 2017-01-06 15:04 - 00075310 _____ C:\Users\user\Downloads\Guidelines_on_the_use_of_Calculators_-_1_Nov_2016_(memo_to_schools).pdf
2017-01-04 22:54 - 2017-01-04 22:54 - 00000000 ____D C:\Users\user\AppData\Local\Vivox
2017-01-02 20:56 - 2017-01-02 20:56 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-02 20:55 - 2017-01-02 20:55 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-01-01 18:03 - 2017-01-01 18:03 - 00001345 _____ C:\Users\user\Desktop\SpecialForce.lnk
2017-01-01 18:03 - 2017-01-01 18:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark
2017-01-01 17:58 - 2017-01-01 17:58 - 00000000 ____D C:\Program Files (x86)\Playpark
2017-01-01 17:39 - 2017-01-01 17:57 - 00000000 ____D C:\Users\user\Downloads\SF1_FULL_1.0.0
2017-01-01 17:35 - 2017-01-01 17:35 - 01038336 _____ C:\Users\user\Downloads\PlayparkDownloader_v0.3.6.1 (1).msi
2016-12-30 22:30 - 2016-12-30 22:30 - 00000000 ____D C:\Users\user\Intel
2016-12-30 22:29 - 2016-12-30 22:31 - 121132662 _____ C:\Users\user\Downloads\ME_Consumer_Win8.1_10_11.0.6.1194.zip
2016-12-30 22:18 - 2016-12-30 22:21 - 43080240 _____ (Dell Inc.) C:\Users\user\Downloads\7557_Chipset_Driver_VWP1F_WN32_11.0.0.1162_A00.EXE
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 13:05 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 13:04 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-28 12:51 - 2014-11-30 11:35 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2017-01-28 12:49 - 2016-10-30 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-26 20:54 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-26 20:54 - 2016-05-16 20:53 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-01-26 20:35 - 2016-06-26 13:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Arefresh
2017-01-26 19:36 - 2016-11-20 12:04 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-01-26 19:36 - 2016-11-20 12:03 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-26 19:36 - 2016-11-02 22:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-26 19:20 - 2016-10-30 13:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-26 18:46 - 2016-12-27 00:03 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2017-01-26 18:18 - 2016-11-29 17:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 18:16 - 2016-11-09 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2017-01-26 18:16 - 2016-11-09 01:15 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2017-01-26 17:46 - 2015-05-28 17:00 - 00000000 ___RD C:\Users\user\iCloudDrive
2017-01-26 17:43 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SKB
2017-01-26 17:20 - 2014-12-13 00:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-26 17:13 - 2016-12-14 12:26 - 00000000 ____D C:\Users\user\AppData\Roaming\steelseries-engine-3-client
2017-01-26 17:12 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:11 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-26 17:07 - 2015-12-03 21:46 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-25 20:44 - 2015-08-02 23:44 - 02659072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-22 16:04 - 2015-04-08 17:40 - 00000000 ____D C:\Users\user\AppData\Roaming\SystemSres
2017-01-19 17:41 - 2015-10-30 18:36 - 00036832 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2017-01-16 20:49 - 2014-11-30 00:47 - 00000000 ____D C:\ProgramData\Skype
2017-01-16 20:35 - 2015-08-02 23:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-16 20:30 - 2016-10-30 13:59 - 00248792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 23:13 - 2016-12-07 07:57 - 01804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 21:23 - 2014-11-30 10:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 21:20 - 2014-11-30 10:49 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 11:56 - 2016-12-07 07:57 - 00045928 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
2017-01-08 23:51 - 2015-02-08 16:04 - 00000000 ____D C:\ProgramData\Origin
2017-01-05 13:54 - 2014-11-30 10:39 - 00000000 ___RD C:\Users\user\Dropbox
2017-01-03 22:01 - 2016-10-30 14:34 - 00003998 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1461755249
2017-01-03 22:01 - 2016-04-27 19:07 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-02 20:57 - 2016-10-30 14:34 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-02 20:57 - 2014-11-30 10:25 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-01-02 20:57 - 2014-11-30 10:25 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-01-02 20:57 - 2014-11-30 10:25 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148336184917110
2017-01-02 20:56 - 2014-11-30 10:25 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148336185093712
2017-01-02 20:56 - 2014-11-30 10:25 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-02 20:55 - 2016-04-25 20:26 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-01-02 20:55 - 2014-11-30 10:25 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.148336184818707
2017-01-01 17:36 - 2016-06-05 22:52 - 00003107 _____ C:\Users\user\Desktop\Playpark Downloader.lnk
2017-01-01 17:36 - 2016-06-05 22:52 - 00003067 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
2016-12-30 22:31 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\drivers
2016-12-30 22:31 - 2015-07-26 13:31 - 00000000 ____D C:\ProgramData\Intel
2016-12-30 22:31 - 2014-11-29 11:00 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-30 22:23 - 2016-12-26 23:52 - 00000000 ____D C:\Users\user\Desktop\Running Man
 
==================== Files in the root of some directories =======
 
2015-02-18 16:40 - 2015-02-18 16:40 - 0000911 _____ () C:\Users\user\AppData\Roaming\coreavc.ini
2015-03-16 14:56 - 2015-03-16 14:56 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
 
Some files in TEMP:
====================
2016-12-17 18:20 - 2016-12-17 18:20 - 0000512 _____ () C:\Users\user\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
2016-12-17 18:20 - 2017-01-19 17:42 - 0000023 _____ () C:\Users\user\AppData\Local\Temp\66257856aba9e0a3a0f9a955070a185d.dll
2017-01-01 18:09 - 2017-01-01 18:09 - 0000512 _____ () C:\Users\user\AppData\Local\Temp\c1abb10993ccb70b48f8c380e5785eb7.dll
2017-01-28 12:59 - 2016-11-11 18:13 - 1886344 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
2017-01-01 18:09 - 2017-01-04 19:47 - 0000056 _____ () C:\Users\user\AppData\Local\Temp\f3b517601a48470fa9a04357d9b6225b.dll
2016-12-23 13:34 - 2016-12-23 13:34 - 74854376 _____ (Dropbox, Inc.) C:\Users\user\AppData\Local\Temp\{5EB3423E-B6BE-4A81-9051-D6FEDADEB32F}-DropboxClient_16.4.30.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 19:04
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by user (28-01-2017 13:06:50)
Running from C:\Users\user\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-30 06:39:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2527001886-3938107897-3316602562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2527001886-3938107897-3316602562-503 - Limited - Disabled)
Guest (S-1-5-21-2527001886-3938107897-3316602562-501 - Limited - Disabled)
user (S-1-5-21-2527001886-3938107897-3316602562-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{47B81DF4-AD5A-4F3A-3D73-0A81268B1637}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.7.672769 - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet (HKLM-x32\...\Betternet) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\73f463568823ebbe) (Version: 6.7.0.2 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Discord (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
FIFA 15 v.1.8.0.0 ModdingWay v.3.1.1 (HKLM-x32\...\FIFA 15_is1) (Version:  - )
GamersFirst LIVE! (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapleStorySEA version 1.61.1 (HKLM-x32\...\{2AC6892F-B107-4ED2-B949-BD3C287E133A}_is1) (Version: 1.61.1 - Asiasoft Online Pte.Ltd.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need For Speed Hot Pursuit version 1.0.5.0 (HKLM-x32\...\Need For Speed Hot Pursuit_is1) (Version: 1.0.5.0 - Mr DJ)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.37.1400.5 - Hi-Rez Studios)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RogueKiller version 12.9.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.5.0 - Adlice Software)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Special Force (HKLM-x32\...\SpecialForce) (Version:  - Playpark)
Spotify (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.9.10 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.10 - SteelSeries ApS)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{8C938905-C55F-48EC-9C08-91898B8CCAAC}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814asia}_is1) (Version:  - Wargaming.net)
风行视频加速器 (HKLM-x32\...\FunAccelerator) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0550C98D-3465-47E0-81D7-5D9D6AA7AF0B} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {0E220870-597D-4045-9D7C-51566892B010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-29] (Adobe Systems Incorporated)
Task: {10065799-EA87-425B-81C7-421DD7B7590D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {16B35CF3-AAD8-490F-8620-564AA9691933} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1A98CA0A-A44A-4D69-BE12-3035A2C2C181} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {26D9680C-63FE-4CB5-82DC-4AE5BDC019F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-02] (AVAST Software)
Task: {284D0003-2167-426D-AF94-6EAE971468D3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {28936B68-7D00-47B8-8B2A-13133EF4FAE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {2FEB934C-F152-4760-9BE1-1B05EA000EC0} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {32A06078-93F0-4B58-AC85-BABDE3E730E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {421F7491-F635-443A-B38A-54FF7CD31ACF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {56890EDA-2F45-47F9-AFC3-611DD994B83E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5C168816-6E34-43E8-8779-126C476D5EB4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {5EF73E60-51B7-4F59-A535-F4D9997EBFA1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66A02D2B-9E94-4577-A794-94E5E80DC421} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6A853491-E4DB-4106-80F2-5A13C20DAE71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6EA03820-9FD5-4EA9-B15D-925D30AFE73B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001Core1d2373d380091bf => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {7C37C997-FAB7-4E1C-BCF9-0A4102FA423F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8E7C0385-1ACA-4C85-B91E-D49B930F30EC} - System32\Tasks\SafeZone scheduled Autoupdate 1461755249 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {92575A17-3CB4-427A-9DFA-1D611383B467} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {955A40D6-CDD6-4C2E-9444-FC5CAE87C6CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A7F443B0-9C4C-4CA7-A2DC-3CF84478FD76} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AB56118E-D07B-4C15-BF45-31CCB60D7B14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-03] (Synaptics Incorporated)
Task: {AF0ABC7D-9140-469B-AAD6-325239D8BA96} - \WPD\SqmUpload_S-1-5-21-2527001886-3938107897-3316602562-1001 -> No File <==== ATTENTION
Task: {BB468082-0D3C-402E-946E-E655F28382A0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D75925AB-1373-40F9-9A35-05677E354A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {E769B77B-73FB-4824-B891-192E607531CC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001UA1d2373d3834340d => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001Core1d2373d380091bf.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001UA1d2373d3834340d.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\user\Desktop\Настройки-FIFA 15.lnk -> C:\Games\FIFA 15\fifasetup\fifaconfig.exe (Electronic Arts Canada) <===== Cyrillic
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:32 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-29 09:47 - 2014-01-04 19:52 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2014-11-29 09:47 - 2013-12-04 04:01 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2014-11-30 10:14 - 2015-09-03 17:57 - 00076152 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-12-17 18:32 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-31 05:51 - 2016-10-31 05:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 20:45 - 2016-12-21 14:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 20:45 - 2016-12-21 14:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-25 20:47 - 2017-01-25 20:49 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-25 20:47 - 2017-01-25 20:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-25 20:47 - 2017-01-25 20:49 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 12:17 - 2016-12-14 12:17 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-28 12:59 - 2017-01-23 09:43 - 25949256 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2017-01-02 20:55 - 2017-01-02 20:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-28 12:50 - 2017-01-28 12:50 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17012703\algo.dll
2017-01-02 20:55 - 2017-01-02 20:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-02 20:56 - 2017-01-02 20:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-10-30 14:55 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-10-30 14:55 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Desktop\Transformice.lnk:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{AE640FE1-5945-4072-A6D1-A5396DE6F36F}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8288BCCE-5CBC-4A02-841A-FA0555DF5509}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBE16A2F-5761-4A57-A82C-AEB7F49F3CAA}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{121FC229-5436-4218-ACCF-82277A50028D}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{1E7B8BDB-FBEC-4136-A8F6-1323651754DA}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{847CB0D8-2663-4A24-A20E-750859FCF1FB}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{9A4AB2FF-571B-4974-965F-2713F0CC13CB}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{8E7DB69A-429D-4235-9F99-6A8670479325}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{ED281CA1-106E-46E2-B250-A1B355BBF5A0}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{1D9FB8CC-30FD-4BE2-8A1D-21CBC426E614}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{8B5A6EE9-FE22-48BA-9882-C9B424EF6357}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8A4F1BBB-B95F-4D0F-BE99-66141870539D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{088B376D-9AAA-4126-9793-1008E2B5DD33}] => C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{3676DC93-C42A-4695-B1B5-A4EB6AB9A1DD}] => C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{76961B17-F6C9-4FC5-86FD-F67F949AC56F}C:\program files (x86)\orbitdownloader\orbitnet.exe] => C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{B21F42D7-E696-47F8-BCE1-49AD5A9C93C8}C:\program files (x86)\orbitdownloader\orbitnet.exe] => C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{053BFB81-F0FF-48F0-B5E2-2D9437CB8B8A}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397AAD6F-3317-4874-AA5D-8A423FE65009}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DAFE7EF3-2C4B-4DA4-990A-8D77342A7ADB}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F8357B90-3E94-43F9-B9E6-04512B5D08D3}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{37EAFF4A-A3C3-4FD0-90DD-63ADA67B2EA4}] => C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A7F67F37-F7CE-4471-878A-5948476DAFF3}] => C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{B9221B95-F33E-4C97-817C-C250F4677A3F}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{213C090B-701B-44ED-B365-66C3664AFB16}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{82277565-025C-483D-BADC-2B3E4178480D}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C8E62A02-719E-44D3-99E9-3D1E9095D341}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{41D721E8-14EE-4CD8-B30B-7819A6EAB646}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F313BA37-F94F-46B5-8B20-C721A8EAD2C3}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0073F1CF-D4A7-47A0-A599-20B61D11CF90}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9EA2405C-FA6C-4D28-ACAA-02E31D109F03}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1313160-1FAC-4040-993B-F1C65D52AFF0}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5CAD3746-DD3B-4736-9986-6BEE099D9C15}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E72E4E2-FCAB-4578-85D6-07BB23D64384}] => C:\Windows\KMS\KMS.exe
FirewallRules: [{E13C46BB-C1FA-4391-AF39-3FFC5D62C78A}] => C:\Windows\KMS\KMS.exe
FirewallRules: [{1072E17A-87AE-4819-9E1F-79119A926A16}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B044E157-5CC6-4E1E-AD54-600103D4AC22}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7EA63CA9-A055-49BE-82FE-CB66CBC4DB83}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1AF86F01-DD8E-43DD-B6A0-ED43BDA7300D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDBD227D-1DE9-4682-AFA1-CC26E15E2AE2}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{42817D47-1135-4057-A6EF-949392D62234}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D6176EC0-48F8-456F-9BEE-11116097A5BE}C:\users\user\appdata\roaming\spotify\spotify.exe] => C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A4432274-2C01-4B28-B391-BE2785DA9CE1}C:\users\user\appdata\roaming\spotify\spotify.exe] => C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{32D0CF73-B3B1-45F0-82B0-D946AEB714FD}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{CED3CF3B-D512-4ADA-A7AF-47C7FC15BF3B}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{2460C861-AFC5-41E5-BC68-BB771901354C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD9563A0-A394-49A6-AC51-8501182C4BED}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{B11341EE-227F-456A-831C-3F8F8B5F254C}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{ECB2701B-E11C-4773-B81F-5E43652958DD}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [{88860333-CE54-4799-8EAE-0F25020E4131}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [TCP Query User{95262343-6859-4244-B1B8-0CF13939C87C}C:\program files (x86)\playpark\special force\specialforce.exe] => C:\program files (x86)\playpark\special force\specialforce.exe
FirewallRules: [UDP Query User{4F0EDA14-C7B5-4766-AC1E-06A75FCB4EB9}C:\program files (x86)\playpark\special force\specialforce.exe] => C:\program files (x86)\playpark\special force\specialforce.exe
FirewallRules: [{A22E7C19-1866-4FF9-B67C-8E5C2F04C42F}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{490C469A-AE79-4674-B9EA-5B97BB3D8F8F}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{822FBC1D-FDC7-4432-AD99-E62D8B6BD414}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{07FE9CDF-DBAA-4CB4-8C2F-EE2EBEE8BCD0}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{C789D6CA-1013-49DD-A2B3-82D045162BCE}] => C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
 
==================== Restore Points =========================
 
31-12-2016 15:42:55 Scheduled Checkpoint
08-01-2017 13:25:49 Scheduled Checkpoint
11-01-2017 21:18:17 Windows Update
16-01-2017 20:47:27 ASU_MSI_TRAN
26-01-2017 17:05:40 Windows Update
26-01-2017 17:57:02 JRT Pre-Junkware Removal
26-01-2017 17:58:44 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2017 07:35:48 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (01/26/2017 07:35:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/26/2017 07:34:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/26/2017 07:10:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/26/2017 06:01:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.14393.447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 17f8
 
Start Time: 01d277bb26adb706
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: 6e41dd04-e3ae-11e6-833f-84a6c85aa112
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (01/26/2017 06:01:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DELL)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/26/2017 06:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DELL)
Description: App Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy+App did not launch within its allotted time.
 
Error: (01/26/2017 05:59:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/26/2017 05:57:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/26/2017 05:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.14393.0, time stamp: 0x57899002
Faulting module name: MSIFC81.tmp, version: 1.0.0.1, time stamp: 0x585a4cf2
Exception code: 0xc0000005
Fault offset: 0x00009d70
Faulting process id: 0x19c
Faulting application start time: 0x01d277b4968450ea
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: C:\WINDOWS\Installer\MSIFC81.tmp
Report Id: 8c7adb5e-e036-44ec-8e17-d8b34ee42a97
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/28/2017 01:02:49 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (01/28/2017 01:02:37 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 01:02:37 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 01:00:19 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (01/28/2017 12:58:06 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 12:58:06 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 12:56:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 12:56:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 12:55:58 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/28/2017 12:55:58 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-30 14:59:27.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:27.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:27.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:21.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:21.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:20.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:14.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 37%
Total physical RAM: 8058.5 MB
Available physical RAM: 5003.22 MB
Total Virtual: 16250.5 MB
Available Virtual: 13910.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.75 GB) (Free:167.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C947A08F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 28 January 2017 - 04:41 PM

Welcome back.
 

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/8/10: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the ‘Registry’ tab
  • make sure the following entries there are checked:


    [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} (C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Arafael | (default) : {3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} (C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll) [7] -> Found
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1d82a5c2-81a1-44e8-82ab-584df0558c05} | DhcpNameServer : 10.6.0.1 ([X])  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82d5a3ad-9c47-4c4c-9936-a06e9887a479} | DhcpNameServer : 10.1.0.1 ([X])  -> Found
    [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{76961B17-F6C9-4FC5-86FD-F67F949AC56F}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
    [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{B21F42D7-E696-47F8-BCE1-49AD5A9C93C8}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
     

  • click on the ‘Files’ tab make sure the following entry/ies is/are checked:


    [PUP.Funshion][Folder] C:\Users\user\AppData\Roaming\funspeed -> Found
    [PUP.Gen1][Folder] C:\Users\user\AppData\Roaming\FunUninst -> Found
    [Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
     

  • then press the Delete button and post the log it produces.

===================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 zzzfrendzzz

zzzfrendzzz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 29 January 2017 - 02:49 AM

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/29/2017 14:03:23 (Duration : 00:55:07)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} (C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Arafael | (default) : {3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} (C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll) [7] -> Deleted
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1d82a5c2-81a1-44e8-82ab-584df0558c05} | DhcpNameServer : 10.6.0.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{82d5a3ad-9c47-4c4c-9936-a06e9887a479} | DhcpNameServer : 10.1.0.1 ([X])  -> Replaced ()
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{76961B17-F6C9-4FC5-86FD-F67F949AC56F}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{B21F42D7-E696-47F8-BCE1-49AD5A9C93C8}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 5 ¤¤¤
[PUP.Funshion][Folder] C:\Users\user\AppData\Roaming\funspeed -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\BaseData\20170126.daw -> Deleted
[PUP.Funshion][Folder] C:\Users\user\AppData\Roaming\funspeed\BaseData -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Condor.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Condor.dll -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\config.ini -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Cuckoo.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Cuckoo.dll -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Cuckoo_data.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Firemanii.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Firemanii.dll -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunAcce.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunAcce.dll -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunAcceil.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunBSS.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunBSS64.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunKoala.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunKoala.dll -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunKoala64.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunKoala64.dll -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunNest.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\FunNest64.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Glede.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Glede.dll -> Deleted
[PUP.Funshion][Folder] C:\Users\user\AppData\Roaming\funspeed\LogData -> Deleted
[PUP.Funshion][Folder] C:\Users\user\AppData\Roaming\funspeed\RepData -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Tag.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\TagLog.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\Turkey.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\uninst.daw -> Deleted
[PUP.Funshion][File] C:\Users\user\AppData\Roaming\funspeed\uninst.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\user\AppData\Roaming\FunUninst -> Deleted
[Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [https://sg.search.yahoo.com/?type=715483&fr=yo-yhp-ch|https://twitter.com/|http://www.google.com.sg/|http://www.google.com/|http://start.search.us.com/v/2/?guid={22BF6A6C-F538-4644-A17F-F8D2ECD0FC07}&serpv=5|http://search.us.com/v/2/?guid={7C3681AB-4DDE-45D8-AB48-76A4A67254D7}&serpv=17|https://sg.yahoo.com?fr=hp-avast&type=avastbcl] -> Not selected
[PUM.SearchPage][Chrome:Config] Profile 1 [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 +++++
--- User ---
[MBR] 90a8013049dd06f1dba65c01a11c44ff
[BSP] ed5030732a5bccca9981a13f57733626 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 475908 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 975742976 | Size: 503 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\gamersfirst\apb reloaded\apbgame\content\release\packages\symboleditor\primitives_splatscracks.upk
c:\windows\kms\kms.exe
c:\windows\kms\windivert.dll
c:\windows\kms\windivert.inf
c:\windows\kms\windivert.sys
scanner sequence 3.BC.11.XJAPAZ
 ----- EOF ----- 
 

 



#6 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 29 January 2017 - 10:27 AM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

================================================

Uninstall programs

Your versions of Java are out-of-date and need to be removed and updated. Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall the following programs:


FunAccelerator
All versions of Java

 

To do this:

  • right-click the Start button and click Control Panel
  • go to “Programs and Features” - (if your Control Panel is in “Category” view, go to “Uninstall a Program”)
  • locate the program you want to uninstall, click it to select it, and then click Uninstall.

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers, therefore we recommend to disable java in web browsers.

More information can be found here.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [Arafael] -> {3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} => C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll [2016-09-22] (Accelerate )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
BHO: No Name -> {8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> No File
2017-01-26 18:29 - 2017-01-26 18:29 - 00000000 ____D C:\Users\user\AppData\Roaming\FunUninst
2017-01-26 18:12 - 2017-01-26 19:42 - 00000000 ____D C:\Users\user\AppData\Roaming\funspeed
C:\Users\user\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
C:\Users\user\AppData\Local\Temp\66257856aba9e0a3a0f9a955070a185d.dll
C:\Users\user\AppData\Local\Temp\c1abb10993ccb70b48f8c380e5785eb7.dll
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\f3b517601a48470fa9a04357d9b6225b.dll
Task: {10065799-EA87-425B-81C7-421DD7B7590D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1A98CA0A-A44A-4D69-BE12-3035A2C2C181} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {284D0003-2167-426D-AF94-6EAE971468D3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2FEB934C-F152-4760-9BE1-1B05EA000EC0} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {421F7491-F635-443A-B38A-54FF7CD31ACF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5EF73E60-51B7-4F59-A535-F4D9997EBFA1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66A02D2B-9E94-4577-A794-94E5E80DC421} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6A853491-E4DB-4106-80F2-5A13C20DAE71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7C37C997-FAB7-4E1C-BCF9-0A4102FA423F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {92575A17-3CB4-427A-9DFA-1D611383B467} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7F443B0-9C4C-4CA7-A2DC-3CF84478FD76} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AF0ABC7D-9140-469B-AAD6-325239D8BA96} - \WPD\SqmUpload_S-1-5-21-2527001886-3938107897-3316602562-1001 -> No File <==== ATTENTION
Task: {BB468082-0D3C-402E-946E-E655F28382A0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\Users\user\AppData\Roaming\Arefresh
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 zzzfrendzzz

zzzfrendzzz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 30 January 2017 - 01:02 AM

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by user (30-01-2017 13:46:44) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [Arafael] -> {3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} => C:\Users\user\AppData\Roaming\Arefresh\Arafael.dll [2016-09-22] (Accelerate )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
BHO: No Name -> {8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> No File
2017-01-26 18:29 - 2017-01-26 18:29 - 00000000 ____D C:\Users\user\AppData\Roaming\FunUninst
2017-01-26 18:12 - 2017-01-26 19:42 - 00000000 ____D C:\Users\user\AppData\Roaming\funspeed
C:\Users\user\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll
C:\Users\user\AppData\Local\Temp\66257856aba9e0a3a0f9a955070a185d.dll
C:\Users\user\AppData\Local\Temp\c1abb10993ccb70b48f8c380e5785eb7.dll
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\f3b517601a48470fa9a04357d9b6225b.dll
Task: {10065799-EA87-425B-81C7-421DD7B7590D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1A98CA0A-A44A-4D69-BE12-3035A2C2C181} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {284D0003-2167-426D-AF94-6EAE971468D3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2FEB934C-F152-4760-9BE1-1B05EA000EC0} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {421F7491-F635-443A-B38A-54FF7CD31ACF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5EF73E60-51B7-4F59-A535-F4D9997EBFA1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66A02D2B-9E94-4577-A794-94E5E80DC421} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6A853491-E4DB-4106-80F2-5A13C20DAE71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7C37C997-FAB7-4E1C-BCF9-0A4102FA423F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {92575A17-3CB4-427A-9DFA-1D611383B467} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7F443B0-9C4C-4CA7-A2DC-3CF84478FD76} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AF0ABC7D-9140-469B-AAD6-325239D8BA96} - \WPD\SqmUpload_S-1-5-21-2527001886-3938107897-3316602562-1001 -> No File <==== ATTENTION
Task: {BB468082-0D3C-402E-946E-E655F28382A0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\Users\user\AppData\Roaming\Arefresh
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Arafael => key removed successfully
HKCR\CLSID\{3C5AA3BF-16B3-4EB5-9D67-CC02427C77DD} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C} => key not found. 
HKCR\CLSID\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C} => key not found. 
"C:\Users\user\AppData\Roaming\FunUninst" => not found.
"C:\Users\user\AppData\Roaming\funspeed" => not found.
C:\Users\user\AppData\Local\Temp\4b0d6217db45cea6783f9cb9feeb9dba.dll => moved successfully
C:\Users\user\AppData\Local\Temp\66257856aba9e0a3a0f9a955070a185d.dll => moved successfully
C:\Users\user\AppData\Local\Temp\c1abb10993ccb70b48f8c380e5785eb7.dll => moved successfully
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\user\AppData\Local\Temp\f3b517601a48470fa9a04357d9b6225b.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10065799-EA87-425B-81C7-421DD7B7590D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10065799-EA87-425B-81C7-421DD7B7590D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A98CA0A-A44A-4D69-BE12-3035A2C2C181} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A98CA0A-A44A-4D69-BE12-3035A2C2C181} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{284D0003-2167-426D-AF94-6EAE971468D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{284D0003-2167-426D-AF94-6EAE971468D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FEB934C-F152-4760-9BE1-1B05EA000EC0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FEB934C-F152-4760-9BE1-1B05EA000EC0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{421F7491-F635-443A-B38A-54FF7CD31ACF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{421F7491-F635-443A-B38A-54FF7CD31ACF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EF73E60-51B7-4F59-A535-F4D9997EBFA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EF73E60-51B7-4F59-A535-F4D9997EBFA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A02D2B-9E94-4577-A794-94E5E80DC421} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A02D2B-9E94-4577-A794-94E5E80DC421} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A853491-E4DB-4106-80F2-5A13C20DAE71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A853491-E4DB-4106-80F2-5A13C20DAE71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C37C997-FAB7-4E1C-BCF9-0A4102FA423F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C37C997-FAB7-4E1C-BCF9-0A4102FA423F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92575A17-3CB4-427A-9DFA-1D611383B467} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92575A17-3CB4-427A-9DFA-1D611383B467} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7F443B0-9C4C-4CA7-A2DC-3CF84478FD76} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F443B0-9C4C-4CA7-A2DC-3CF84478FD76} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0ABC7D-9140-469B-AAD6-325239D8BA96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0ABC7D-9140-469B-AAD6-325239D8BA96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2527001886-3938107897-3316602562-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB468082-0D3C-402E-946E-E655F28382A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB468082-0D3C-402E-946E-E655F28382A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
C:\Users\user\AppData\Roaming\Arefresh => moved successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24657654 B
Java, Flash, Steam htmlcache => 145520186 B
Windows/system/drivers => 57822642 B
Edge => 572 B
Chrome => 409622776 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 1536 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6562 B
NetworkService => 0 B
user => 228271322 B
 
RecycleBin => 4329639124 B
EmptyTemp: => 4.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:47:24 ====
 
 
New Frst.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by user (administrator) on DELL (30-01-2017 13:54:42)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\KMS\KMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Users\user\Downloads\JavaSetup8u121.exe
(Oracle Corporation) C:\Users\user\AppData\Local\Temp\jds277265.tmp\JavaSetup8u121.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2016-12-05] (Wargaming.net)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-26] (Spotify Ltd)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [7163504 2017-01-26] (Spotify Ltd)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-01-26]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2014-11-30]
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\user\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-01-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8fc5ca92-77fc-48b3-9348-2584b5710be4}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://sg.search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-30]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-04-12]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-12]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-12]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-09-03] ()
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-03] (Synaptics Incorporated)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-02] (AVAST Software)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-26] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-03] (Synaptics Incorporated)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-04] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-01-10] (SteelSeries ApS)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-19] (Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 13:57 - 2017-01-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-30 13:57 - 2017-01-30 13:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-30 13:56 - 2017-01-30 13:56 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-30 13:55 - 2017-01-30 13:55 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-01-30 13:54 - 2017-01-30 13:56 - 00020633 _____ C:\Users\user\Desktop\FRST.txt
2017-01-30 13:46 - 2017-01-30 13:53 - 00739392 _____ (Oracle Corporation) C:\Users\user\Downloads\JavaSetup8u121.exe
2017-01-30 13:46 - 2017-01-30 13:47 - 00015801 _____ C:\Users\user\Desktop\Fixlog.txt
2017-01-30 13:43 - 2017-01-30 13:43 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2017-01-30 13:38 - 2017-01-30 13:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-01-29 15:49 - 2017-01-29 15:49 - 00000364 _____ C:\Users\user\Downloads\ckfiles.txt
2017-01-29 15:46 - 2017-01-29 15:47 - 00468480 _____ () C:\Users\user\Downloads\CKScanner.exe
2017-01-28 13:37 - 2017-01-28 13:37 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-28 13:36 - 2017-01-28 13:53 - 2683605614 _____ C:\Users\user\Downloads\iPhone_5.5_10.2_14C92_Restore.ipsw
2017-01-28 13:29 - 2017-01-28 13:29 - 00000094 _____ C:\Users\user\Desktop\jailbreak tweaks.txt
2017-01-28 13:06 - 2017-01-28 13:08 - 00044229 _____ C:\Users\user\Downloads\Addition.txt
2017-01-28 13:02 - 2017-01-28 13:08 - 00061946 _____ C:\Users\user\Downloads\FRST.txt
2017-01-28 13:01 - 2017-01-30 13:54 - 00000000 ____D C:\FRST
2017-01-28 13:01 - 2017-01-30 13:43 - 02420736 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-01-28 13:00 - 2017-01-29 14:03 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-28 12:59 - 2017-01-28 12:59 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-28 12:59 - 2017-01-28 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-28 12:59 - 2017-01-28 12:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-28 12:58 - 2017-01-28 12:59 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-28 12:57 - 2017-01-28 12:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-28 12:57 - 2017-01-28 12:57 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-28 12:56 - 2017-01-28 12:58 - 34726608 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
2017-01-26 19:35 - 2017-01-26 19:38 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E09.HDTV.x264-KILLERS[ettv]
2017-01-26 19:35 - 2017-01-26 19:35 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E10.HDTV.x264-LOL[ettv]
2017-01-26 19:30 - 2017-01-26 19:30 - 00028256 _____ C:\Users\user\Downloads\Designated Survivor_1x06_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00027832 _____ C:\Users\user\Downloads\Designated Survivor_1x04_HDTV.x264-LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00026020 _____ C:\Users\user\Downloads\Designated Survivor_1x08_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025663 _____ C:\Users\user\Downloads\Designated Survivor_1x03_HDTV.x264-KILLERS.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025625 _____ C:\Users\user\Downloads\Designated Survivor_1x07_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025484 _____ C:\Users\user\Downloads\Designated Survivor_1x09_HDTV.KILLERS.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00024776 _____ C:\Users\user\Downloads\Designated Survivor_1x05_HDTV.x264-LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00022519 _____ C:\Users\user\Downloads\Designated Survivor_1x10_HDTV.LOL.en.zip
2017-01-26 19:29 - 2017-01-26 19:29 - 00026392 _____ C:\Users\user\Downloads\Designated Survivor_1x02_HDTV.x264-KILLERS.en.zip
2017-01-26 19:29 - 2017-01-26 19:29 - 00024555 _____ C:\Users\user\Downloads\Designated Survivor_1x01_HDTV.KILLERS.en.zip
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E08.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E07.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E06.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E05.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E04.HDTV.x264-LOL[ettv]
2017-01-26 18:50 - 2017-01-26 18:54 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E03.HDTV.x264-KILLERS[ettv]
2017-01-26 18:47 - 2017-01-26 18:53 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E01.HDTV.x264-KILLERS[ettv]
2017-01-26 18:47 - 2017-01-26 18:50 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E02.HDTV.x264-KILLERS[ettv]
2017-01-26 17:55 - 2017-01-26 18:22 - 00000000 ____D C:\AdwCleaner
2017-01-26 17:55 - 2017-01-26 17:55 - 03988944 _____ C:\Users\user\Downloads\AdwCleaner.exe
2017-01-26 17:54 - 2017-01-26 17:55 - 01663040 _____ (Malwarebytes) C:\Users\user\Downloads\JRT.exe
2017-01-26 17:51 - 2017-01-26 17:51 - 00181235 _____ C:\Users\user\Downloads\22901.pdf
2017-01-26 17:20 - 2017-01-26 17:20 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-26 17:20 - 2017-01-26 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-26 17:20 - 2017-01-26 17:20 - 00000000 ____D C:\Program Files\iPod
2017-01-26 17:19 - 2017-01-26 17:20 - 00000000 ____D C:\Program Files\iTunes
2017-01-26 17:15 - 2017-01-26 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-26 17:14 - 2017-01-26 17:14 - 00001472 _____ C:\EsgInstallerResumeAction_ff00e6f2fa487fc76629666127044dea
2017-01-26 17:05 - 2017-01-26 17:07 - 08813488 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup526.exe
2017-01-25 20:54 - 2016-12-21 15:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 20:54 - 2016-12-21 12:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-22 16:32 - 2017-01-22 16:32 - 00080399 _____ C:\Users\user\Downloads\Intro_to_Organic_Chem_(Qn7).pptx
2017-01-22 16:22 - 2017-01-22 16:22 - 00220648 _____ C:\Users\user\Downloads\Intro_to_Organic_Chem_(Qn6).pptx
2017-01-22 16:08 - 2017-01-22 16:08 - 00410508 _____ C:\Users\user\Downloads\5a_Nomenclature_of_organic_compounds.pptx
2017-01-22 15:39 - 2017-01-22 15:39 - 00000000 _____ C:\autoexec.bat
2017-01-22 15:29 - 2017-01-22 15:29 - 00132792 _____ C:\Users\user\Downloads\2017_JC2_CTG_Timetable.pdf
2017-01-22 15:29 - 2017-01-22 15:29 - 00132164 _____ C:\Users\user\Downloads\2017_JC2_CTG_Attendance_List.pdf
2017-01-17 23:24 - 2017-01-17 23:24 - 00037655 _____ C:\Users\user\Downloads\37890429_20170117_0051.pdf
2017-01-17 23:22 - 2017-01-17 23:22 - 00039231 _____ C:\Users\user\Downloads\35735539_20170107_0056.pdf
2017-01-17 23:20 - 2017-01-17 23:20 - 00038037 _____ C:\Users\user\Downloads\39755061_20170116_0046.pdf
2017-01-17 23:20 - 2017-01-17 23:20 - 00038037 _____ C:\Users\user\Downloads\39755061_20170116_0046 (1).pdf
2017-01-11 20:46 - 2016-12-21 16:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 20:46 - 2016-12-21 16:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 20:46 - 2016-12-21 15:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 20:46 - 2016-12-21 15:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 20:46 - 2016-12-21 15:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 20:46 - 2016-12-21 15:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 20:46 - 2016-12-21 15:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 20:46 - 2016-12-21 15:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 20:46 - 2016-12-21 15:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 20:46 - 2016-12-21 15:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 20:46 - 2016-12-21 14:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 20:46 - 2016-12-21 14:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 20:46 - 2016-12-21 14:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 20:46 - 2016-12-21 14:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 20:46 - 2016-12-21 14:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 20:46 - 2016-12-21 14:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 20:46 - 2016-12-21 14:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 20:46 - 2016-12-21 14:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 20:46 - 2016-12-21 14:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 20:46 - 2016-12-21 14:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 20:46 - 2016-12-21 14:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 20:46 - 2016-12-21 13:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 20:46 - 2016-12-21 13:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 20:46 - 2016-12-21 13:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 20:46 - 2016-12-21 12:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 20:46 - 2016-12-21 12:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 20:46 - 2016-12-21 12:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 20:46 - 2016-12-21 12:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 20:46 - 2016-12-21 12:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 20:46 - 2016-12-21 12:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 20:46 - 2016-12-21 12:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 20:46 - 2016-12-21 12:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 20:46 - 2016-12-21 12:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 20:46 - 2016-12-21 12:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 20:46 - 2016-12-21 12:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 20:46 - 2016-12-21 12:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 20:46 - 2016-12-21 12:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 20:46 - 2016-12-21 12:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 20:46 - 2016-12-21 12:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 20:46 - 2016-12-21 12:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 20:46 - 2016-12-14 13:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 20:46 - 2016-12-14 13:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 20:46 - 2016-12-14 13:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 20:46 - 2016-12-14 13:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 20:46 - 2016-12-14 13:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 20:46 - 2016-12-14 13:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 20:46 - 2016-12-14 13:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 20:46 - 2016-12-14 13:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 20:46 - 2016-12-14 12:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 20:46 - 2016-12-14 12:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 20:46 - 2016-12-14 12:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 20:46 - 2016-12-14 12:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 20:46 - 2016-12-14 12:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 20:46 - 2016-12-14 12:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 20:46 - 2016-12-14 12:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 20:46 - 2016-12-14 12:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 20:46 - 2016-12-14 12:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 20:46 - 2016-12-14 12:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 20:46 - 2016-12-14 12:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 20:46 - 2016-12-14 12:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 20:46 - 2016-12-14 12:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 20:46 - 2016-12-14 12:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 20:46 - 2016-12-14 12:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 20:46 - 2016-12-14 12:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 20:46 - 2016-11-02 20:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 20:46 - 2016-11-02 18:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:46 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 20:45 - 2016-12-21 16:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 20:45 - 2016-12-21 15:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 20:45 - 2016-12-21 15:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 20:45 - 2016-12-21 15:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 20:45 - 2016-12-21 15:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 20:45 - 2016-12-21 15:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 20:45 - 2016-12-21 15:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 20:45 - 2016-12-21 15:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 20:45 - 2016-12-21 15:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 20:45 - 2016-12-21 15:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 20:45 - 2016-12-21 15:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 20:45 - 2016-12-21 15:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 20:45 - 2016-12-21 15:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 20:45 - 2016-12-21 15:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 20:45 - 2016-12-21 15:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 20:45 - 2016-12-21 15:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 20:45 - 2016-12-21 15:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 20:45 - 2016-12-21 14:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 20:45 - 2016-12-21 14:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 20:45 - 2016-12-21 14:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 20:45 - 2016-12-21 14:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 20:45 - 2016-12-21 14:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 20:45 - 2016-12-21 14:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 20:45 - 2016-12-21 12:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 20:45 - 2016-12-21 12:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:45 - 2016-12-21 12:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 20:45 - 2016-12-21 12:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 20:45 - 2016-12-21 12:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 20:45 - 2016-12-21 12:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 20:45 - 2016-12-21 12:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 20:45 - 2016-12-21 12:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 20:45 - 2016-12-21 12:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 20:45 - 2016-12-14 13:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 20:45 - 2016-12-14 13:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 20:45 - 2016-12-14 13:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 20:45 - 2016-12-14 13:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 20:45 - 2016-12-14 13:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 20:45 - 2016-12-14 13:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 20:45 - 2016-12-14 13:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 20:45 - 2016-12-14 13:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 20:45 - 2016-12-14 13:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 20:45 - 2016-12-14 13:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 20:45 - 2016-12-14 12:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 20:45 - 2016-12-14 12:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 20:45 - 2016-12-14 12:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 20:45 - 2016-12-14 12:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:45 - 2016-12-14 12:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 20:45 - 2016-12-14 12:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 20:45 - 2016-12-14 12:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 20:45 - 2016-12-14 12:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 20:45 - 2016-12-14 12:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 20:45 - 2016-12-14 12:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 20:45 - 2016-12-14 12:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 20:45 - 2016-12-14 12:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 20:45 - 2016-12-14 12:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 20:45 - 2016-12-14 12:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 20:45 - 2016-12-14 12:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 20:45 - 2016-12-14 12:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 20:45 - 2016-12-14 12:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 20:45 - 2016-12-14 12:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 20:45 - 2016-11-02 19:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 20:45 - 2016-11-02 18:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 20:45 - 2016-11-02 18:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-07 13:56 - 2017-01-08 19:32 - 00000000 ____D C:\Users\user\Downloads\FIFA 17 Super Deluxe Edition-FULL UNLOCKED
2017-01-06 15:04 - 2017-01-06 15:04 - 00075310 _____ C:\Users\user\Downloads\Guidelines_on_the_use_of_Calculators_-_1_Nov_2016_(memo_to_schools).pdf
2017-01-04 22:54 - 2017-01-04 22:54 - 00000000 ____D C:\Users\user\AppData\Local\Vivox
2017-01-02 20:56 - 2017-01-02 20:56 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-02 20:55 - 2017-01-02 20:55 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-01-01 18:03 - 2017-01-01 18:03 - 00001345 _____ C:\Users\user\Desktop\SpecialForce.lnk
2017-01-01 18:03 - 2017-01-01 18:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark
2017-01-01 17:58 - 2017-01-01 17:58 - 00000000 ____D C:\Program Files (x86)\Playpark
2017-01-01 17:39 - 2017-01-01 17:57 - 00000000 ____D C:\Users\user\Downloads\SF1_FULL_1.0.0
2017-01-01 17:35 - 2017-01-01 17:35 - 01038336 _____ C:\Users\user\Downloads\PlayparkDownloader_v0.3.6.1 (1).msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 13:57 - 2014-12-07 00:16 - 00000000 ____D C:\ProgramData\Oracle
2017-01-30 13:50 - 2014-11-30 11:35 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2017-01-30 13:49 - 2016-11-30 13:42 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-30 13:49 - 2016-10-30 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-30 13:48 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-30 13:46 - 2013-08-22 23:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-29 15:30 - 2016-10-30 13:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-29 13:55 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 13:57 - 2016-10-18 23:06 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-01-28 13:38 - 2014-11-30 10:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2017-01-28 13:06 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-26 20:54 - 2016-05-16 20:53 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-01-26 19:36 - 2016-11-20 12:04 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-01-26 19:36 - 2016-11-20 12:03 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-26 19:36 - 2016-11-02 22:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-26 18:46 - 2016-12-27 00:03 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2017-01-26 18:18 - 2016-11-29 17:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 18:16 - 2016-11-09 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2017-01-26 18:16 - 2016-11-09 01:15 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2017-01-26 17:46 - 2015-05-28 17:00 - 00000000 ___RD C:\Users\user\iCloudDrive
2017-01-26 17:43 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SKB
2017-01-26 17:20 - 2014-12-13 00:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-26 17:13 - 2016-12-14 12:26 - 00000000 ____D C:\Users\user\AppData\Roaming\steelseries-engine-3-client
2017-01-26 17:12 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:11 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-26 17:07 - 2015-12-03 21:46 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-25 20:44 - 2015-08-02 23:44 - 02659072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-22 16:04 - 2015-04-08 17:40 - 00000000 ____D C:\Users\user\AppData\Roaming\SystemSres
2017-01-19 17:41 - 2015-10-30 18:36 - 00036832 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2017-01-16 20:49 - 2014-11-30 00:47 - 00000000 ____D C:\ProgramData\Skype
2017-01-16 20:35 - 2015-08-02 23:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-16 20:30 - 2016-10-30 13:59 - 00248792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 23:13 - 2016-12-07 07:57 - 01804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 21:23 - 2014-11-30 10:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 21:20 - 2014-11-30 10:49 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 11:56 - 2016-12-07 07:57 - 00045928 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
2017-01-08 23:51 - 2015-02-08 16:04 - 00000000 ____D C:\ProgramData\Origin
2017-01-05 13:54 - 2014-11-30 10:39 - 00000000 ___RD C:\Users\user\Dropbox
2017-01-03 22:01 - 2016-10-30 14:34 - 00003998 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1461755249
2017-01-03 22:01 - 2016-04-27 19:07 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-02 20:57 - 2016-10-30 14:34 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-02 20:57 - 2014-11-30 10:25 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-01-02 20:57 - 2014-11-30 10:25 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-01-02 20:57 - 2014-11-30 10:25 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148336184917110
2017-01-02 20:56 - 2014-11-30 10:25 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148336185093712
2017-01-02 20:56 - 2014-11-30 10:25 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-02 20:55 - 2016-04-25 20:26 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-01-02 20:55 - 2014-11-30 10:25 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.148336184818707
2017-01-01 17:36 - 2016-06-05 22:52 - 00003107 _____ C:\Users\user\Desktop\Playpark Downloader.lnk
2017-01-01 17:36 - 2016-06-05 22:52 - 00003067 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
 
==================== Files in the root of some directories =======
 
2015-02-18 16:40 - 2015-02-18 16:40 - 0000911 _____ () C:\Users\user\AppData\Roaming\coreavc.ini
2015-03-16 14:56 - 2015-03-16 14:56 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 19:04
 
==================== End of FRST.txt ============================
 
 

New Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017

Ran by user (30-01-2017 13:59:37)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-30 06:39:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2527001886-3938107897-3316602562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2527001886-3938107897-3316602562-503 - Limited - Disabled)
Guest (S-1-5-21-2527001886-3938107897-3316602562-501 - Limited - Disabled)
user (S-1-5-21-2527001886-3938107897-3316602562-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{47B81DF4-AD5A-4F3A-3D73-0A81268B1637}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.7.672769 - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet (HKLM-x32\...\Betternet) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\73f463568823ebbe) (Version: 6.7.0.2 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Discord (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
FIFA 15 v.1.8.0.0 ModdingWay v.3.1.1 (HKLM-x32\...\FIFA 15_is1) (Version:  - )
GamersFirst LIVE! (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapleStorySEA version 1.61.1 (HKLM-x32\...\{2AC6892F-B107-4ED2-B949-BD3C287E133A}_is1) (Version: 1.61.1 - Asiasoft Online Pte.Ltd.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need For Speed Hot Pursuit version 1.0.5.0 (HKLM-x32\...\Need For Speed Hot Pursuit_is1) (Version: 1.0.5.0 - Mr DJ)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.37.1400.5 - Hi-Rez Studios)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RogueKiller version 12.9.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.5.0 - Adlice Software)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Special Force (HKLM-x32\...\SpecialForce) (Version:  - Playpark)
Spotify (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.9.10 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.10 - SteelSeries ApS)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{8C938905-C55F-48EC-9C08-91898B8CCAAC}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814asia}_is1) (Version:  - Wargaming.net)
风行视频加速器 (HKLM-x32\...\FunAccelerator) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0550C98D-3465-47E0-81D7-5D9D6AA7AF0B} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {0E220870-597D-4045-9D7C-51566892B010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-29] (Adobe Systems Incorporated)
Task: {16B35CF3-AAD8-490F-8620-564AA9691933} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {26D9680C-63FE-4CB5-82DC-4AE5BDC019F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-02] (AVAST Software)
Task: {28936B68-7D00-47B8-8B2A-13133EF4FAE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {32A06078-93F0-4B58-AC85-BABDE3E730E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {56890EDA-2F45-47F9-AFC3-611DD994B83E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5C168816-6E34-43E8-8779-126C476D5EB4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {6EA03820-9FD5-4EA9-B15D-925D30AFE73B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001Core1d2373d380091bf => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {8E7C0385-1ACA-4C85-B91E-D49B930F30EC} - System32\Tasks\SafeZone scheduled Autoupdate 1461755249 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {955A40D6-CDD6-4C2E-9444-FC5CAE87C6CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AB56118E-D07B-4C15-BF45-31CCB60D7B14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-03] (Synaptics Incorporated)
Task: {D75925AB-1373-40F9-9A35-05677E354A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {E769B77B-73FB-4824-B891-192E607531CC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001UA1d2373d3834340d => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001Core1d2373d380091bf.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001UA1d2373d3834340d.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\user\Desktop\Настройки-FIFA 15.lnk -> C:\Games\FIFA 15\fifasetup\fifaconfig.exe (Electronic Arts Canada) <===== Cyrillic
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:32 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-29 09:47 - 2014-01-04 19:52 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2014-11-29 09:47 - 2013-12-04 04:01 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2014-11-30 10:14 - 2015-09-03 17:57 - 00076152 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-12-17 18:32 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-31 05:51 - 2016-10-31 05:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 20:45 - 2016-12-21 14:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 20:45 - 2016-12-21 14:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-25 20:47 - 2017-01-25 20:49 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-25 20:47 - 2017-01-25 20:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-25 20:47 - 2017-01-25 20:49 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 12:17 - 2016-12-14 12:17 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-25 20:44 - 2017-01-25 20:44 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-26 17:02 - 2017-01-26 17:02 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-01-26 17:02 - 2017-01-26 17:02 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-01-02 20:55 - 2017-01-02 20:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-30 13:30 - 2017-01-30 13:30 - 04377600 _____ () C:\Program Files\AVAST Software\Avast\defs\17012901\algo.dll
2017-01-02 20:55 - 2017-01-02 20:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-02 20:56 - 2017-01-02 20:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-17 18:39 - 2016-12-08 15:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-17 18:39 - 2016-12-08 15:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-16 20:42 - 2017-01-16 20:42 - 17835096 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Desktop\Transformice.lnk:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{AE640FE1-5945-4072-A6D1-A5396DE6F36F}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8288BCCE-5CBC-4A02-841A-FA0555DF5509}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBE16A2F-5761-4A57-A82C-AEB7F49F3CAA}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{121FC229-5436-4218-ACCF-82277A50028D}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{1E7B8BDB-FBEC-4136-A8F6-1323651754DA}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{847CB0D8-2663-4A24-A20E-750859FCF1FB}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{9A4AB2FF-571B-4974-965F-2713F0CC13CB}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{8E7DB69A-429D-4235-9F99-6A8670479325}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{ED281CA1-106E-46E2-B250-A1B355BBF5A0}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{1D9FB8CC-30FD-4BE2-8A1D-21CBC426E614}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{8B5A6EE9-FE22-48BA-9882-C9B424EF6357}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8A4F1BBB-B95F-4D0F-BE99-66141870539D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{088B376D-9AAA-4126-9793-1008E2B5DD33}] => C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{3676DC93-C42A-4695-B1B5-A4EB6AB9A1DD}] => C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{053BFB81-F0FF-48F0-B5E2-2D9437CB8B8A}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397AAD6F-3317-4874-AA5D-8A423FE65009}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DAFE7EF3-2C4B-4DA4-990A-8D77342A7ADB}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F8357B90-3E94-43F9-B9E6-04512B5D08D3}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{37EAFF4A-A3C3-4FD0-90DD-63ADA67B2EA4}] => C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A7F67F37-F7CE-4471-878A-5948476DAFF3}] => C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{B9221B95-F33E-4C97-817C-C250F4677A3F}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{213C090B-701B-44ED-B365-66C3664AFB16}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{82277565-025C-483D-BADC-2B3E4178480D}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C8E62A02-719E-44D3-99E9-3D1E9095D341}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{41D721E8-14EE-4CD8-B30B-7819A6EAB646}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F313BA37-F94F-46B5-8B20-C721A8EAD2C3}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0073F1CF-D4A7-47A0-A599-20B61D11CF90}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9EA2405C-FA6C-4D28-ACAA-02E31D109F03}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1313160-1FAC-4040-993B-F1C65D52AFF0}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5CAD3746-DD3B-4736-9986-6BEE099D9C15}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E72E4E2-FCAB-4578-85D6-07BB23D64384}] => C:\Windows\KMS\KMS.exe
FirewallRules: [{E13C46BB-C1FA-4391-AF39-3FFC5D62C78A}] => C:\Windows\KMS\KMS.exe
FirewallRules: [{1072E17A-87AE-4819-9E1F-79119A926A16}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B044E157-5CC6-4E1E-AD54-600103D4AC22}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7EA63CA9-A055-49BE-82FE-CB66CBC4DB83}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1AF86F01-DD8E-43DD-B6A0-ED43BDA7300D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDBD227D-1DE9-4682-AFA1-CC26E15E2AE2}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{42817D47-1135-4057-A6EF-949392D62234}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D6176EC0-48F8-456F-9BEE-11116097A5BE}C:\users\user\appdata\roaming\spotify\spotify.exe] => C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A4432274-2C01-4B28-B391-BE2785DA9CE1}C:\users\user\appdata\roaming\spotify\spotify.exe] => C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{32D0CF73-B3B1-45F0-82B0-D946AEB714FD}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{CED3CF3B-D512-4ADA-A7AF-47C7FC15BF3B}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{2460C861-AFC5-41E5-BC68-BB771901354C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD9563A0-A394-49A6-AC51-8501182C4BED}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{B11341EE-227F-456A-831C-3F8F8B5F254C}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{ECB2701B-E11C-4773-B81F-5E43652958DD}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [{88860333-CE54-4799-8EAE-0F25020E4131}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [TCP Query User{95262343-6859-4244-B1B8-0CF13939C87C}C:\program files (x86)\playpark\special force\specialforce.exe] => C:\program files (x86)\playpark\special force\specialforce.exe
FirewallRules: [UDP Query User{4F0EDA14-C7B5-4766-AC1E-06A75FCB4EB9}C:\program files (x86)\playpark\special force\specialforce.exe] => C:\program files (x86)\playpark\special force\specialforce.exe
FirewallRules: [{A22E7C19-1866-4FF9-B67C-8E5C2F04C42F}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{490C469A-AE79-4674-B9EA-5B97BB3D8F8F}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{822FBC1D-FDC7-4432-AD99-E62D8B6BD414}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{07FE9CDF-DBAA-4CB4-8C2F-EE2EBEE8BCD0}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{C789D6CA-1013-49DD-A2B3-82D045162BCE}] => C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
 
==================== Restore Points =========================
 
30-01-2017 13:37:19 Removed Java 8 Update 31
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2017 01:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x585a2708
Exception code: 0x80000003
Fault offset: 0x0000000000064ddd
Faulting process id: 0x10f4
Faulting application start time: 0x01d27abcd9a108be
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Report Id: c914f78c-f636-4fc2-a791-fbc527298f5c
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/30/2017 01:37:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/29/2017 02:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x15e0
Faulting application start time: 0x01d279fcf98d250c
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 572586db-6189-44de-91a0-777af63f1eba
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2017 02:58:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2017 02:58:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2017 02:57:59 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2017 02:57:59 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/28/2017 02:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: msvcrt.dll, version: 7.0.14393.0, time stamp: 0x57899b47
Exception code: 0xc0000005
Fault offset: 0x000000000005b1bd
Faulting process id: 0x1dd0
Faulting application start time: 0x01d2792cffb41223
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: 2ec751b2-fb1f-4b20-8364-84b032eb7a24
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/28/2017 02:09:33 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/28/2017 02:09:33 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
 
System errors:
=============
Error: (01/30/2017 01:58:07 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:58:07 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:58:02 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:58:02 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:56:05 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:56:05 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:55:39 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:55:39 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 01:55:03 PM) (Source: DCOM) (EventID: 10016) (User: DELL)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dell\user SID (S-1-5-21-2527001886-3938107897-3316602562-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/30/2017 01:54:53 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-30 14:59:27.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:27.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:27.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:21.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:21.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:20.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:14.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 25%
Total physical RAM: 8058.5 MB
Available physical RAM: 6013.47 MB
Total Virtual: 16250.5 MB
Available Virtual: 14193.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.75 GB) (Free:179.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C947A08F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 30 January 2017 - 05:06 AM

This is showing up as still being installed. You need to uninstall it via the Control Panel..

 

风行视频加速器 (HKLM-x32\...\FunAccelerator) (Version:  - )

 

All-in-all things look better but a few things to 'fix'.

 

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2017-01-22 15:39 - 2017-01-22 15:39 - 00000000 _____ C:\autoexec.bat
C:\Users\user\AppData\Roaming\coreavc.ini
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

New Fixlog.txt
New Frst.txt
New Addition.txt


Can you tell me if there are any outstanding problems.

Thanks

Satchfan

 

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 zzzfrendzzz

zzzfrendzzz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 30 January 2017 - 05:32 AM

Ohh, i did not know that funaccerlator was the chinese program. It should be uninstalled now.

 

fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by user (30-01-2017 18:15:17) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2017-01-22 15:39 - 2017-01-22 15:39 - 00000000 _____ C:\autoexec.bat
C:\Users\user\AppData\Roaming\coreavc.ini
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\autoexec.bat => moved successfully
C:\Users\user\AppData\Roaming\coreavc.ini => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10242372 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 21288382 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2462 B
NetworkService => 0 B
user => 5539934 B
 
RecycleBin => 115277 B
EmptyTemp: => 35.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:15:35 ====
 
frst.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by user (administrator) on DELL (30-01-2017 18:19:02)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Windows\KMS\KMS.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2016-12-05] (Wargaming.net)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-26] (Spotify Ltd)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [7163504 2017-01-26] (Spotify Ltd)
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-01-26]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2014-11-30]
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\user\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-01-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8fc5ca92-77fc-48b3-9348-2584b5710be4}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-30] (Oracle Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://sg.search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-30]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-04-12]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-12]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-12]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-03] (Synaptics Incorporated)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-02] (AVAST Software)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-26] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-03] (Synaptics Incorporated)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-04] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-01-10] (SteelSeries ApS)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36832 2017-01-30] (Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 18:19 - 2017-01-30 18:21 - 00020207 _____ C:\Users\user\Desktop\FRST.txt
2017-01-30 14:30 - 2017-01-30 14:30 - 00000016 _____ C:\ProgramData\mntemp
2017-01-30 14:14 - 2017-01-30 14:14 - 00003292 _____ C:\WINDOWS\System32\Tasks\{BDDAF317-1888-45A0-ACBD-B1BAB41D2293}
2017-01-30 14:13 - 2017-01-30 14:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-30 13:57 - 2017-01-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-30 13:57 - 2017-01-30 13:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-30 13:56 - 2017-01-30 13:56 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-30 13:55 - 2017-01-30 14:32 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-01-30 13:46 - 2017-01-30 18:15 - 00001822 _____ C:\Users\user\Desktop\Fixlog.txt
2017-01-30 13:46 - 2017-01-30 13:53 - 00739392 _____ (Oracle Corporation) C:\Users\user\Downloads\JavaSetup8u121.exe
2017-01-30 13:43 - 2017-01-30 13:43 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2017-01-30 13:38 - 2017-01-30 13:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-01-29 15:49 - 2017-01-29 15:49 - 00000364 _____ C:\Users\user\Downloads\ckfiles.txt
2017-01-29 15:46 - 2017-01-29 15:47 - 00468480 _____ () C:\Users\user\Downloads\CKScanner.exe
2017-01-28 13:37 - 2017-01-28 13:37 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-28 13:36 - 2017-01-28 13:53 - 2683605614 _____ C:\Users\user\Downloads\iPhone_5.5_10.2_14C92_Restore.ipsw
2017-01-28 13:29 - 2017-01-28 13:29 - 00000094 _____ C:\Users\user\Desktop\jailbreak tweaks.txt
2017-01-28 13:06 - 2017-01-28 13:08 - 00044229 _____ C:\Users\user\Downloads\Addition.txt
2017-01-28 13:02 - 2017-01-28 13:08 - 00061946 _____ C:\Users\user\Downloads\FRST.txt
2017-01-28 13:01 - 2017-01-30 18:19 - 00000000 ____D C:\FRST
2017-01-28 13:01 - 2017-01-30 13:43 - 02420736 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-01-28 13:00 - 2017-01-29 14:03 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-28 12:59 - 2017-01-28 12:59 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-28 12:59 - 2017-01-28 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-28 12:59 - 2017-01-28 12:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-28 12:58 - 2017-01-28 12:59 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-28 12:57 - 2017-01-28 12:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-28 12:57 - 2017-01-28 12:57 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-28 12:56 - 2017-01-28 12:58 - 34726608 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
2017-01-26 19:35 - 2017-01-26 19:38 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E09.HDTV.x264-KILLERS[ettv]
2017-01-26 19:35 - 2017-01-26 19:35 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E10.HDTV.x264-LOL[ettv]
2017-01-26 19:30 - 2017-01-26 19:30 - 00028256 _____ C:\Users\user\Downloads\Designated Survivor_1x06_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00027832 _____ C:\Users\user\Downloads\Designated Survivor_1x04_HDTV.x264-LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00026020 _____ C:\Users\user\Downloads\Designated Survivor_1x08_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025663 _____ C:\Users\user\Downloads\Designated Survivor_1x03_HDTV.x264-KILLERS.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025625 _____ C:\Users\user\Downloads\Designated Survivor_1x07_HDTV.LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00025484 _____ C:\Users\user\Downloads\Designated Survivor_1x09_HDTV.KILLERS.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00024776 _____ C:\Users\user\Downloads\Designated Survivor_1x05_HDTV.x264-LOL.en.zip
2017-01-26 19:30 - 2017-01-26 19:30 - 00022519 _____ C:\Users\user\Downloads\Designated Survivor_1x10_HDTV.LOL.en.zip
2017-01-26 19:29 - 2017-01-26 19:29 - 00026392 _____ C:\Users\user\Downloads\Designated Survivor_1x02_HDTV.x264-KILLERS.en.zip
2017-01-26 19:29 - 2017-01-26 19:29 - 00024555 _____ C:\Users\user\Downloads\Designated Survivor_1x01_HDTV.KILLERS.en.zip
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E08.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E07.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E06.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E05.HDTV.x264-LOL[ettv]
2017-01-26 19:26 - 2017-01-26 19:26 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E04.HDTV.x264-LOL[ettv]
2017-01-26 18:50 - 2017-01-26 18:54 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E03.HDTV.x264-KILLERS[ettv]
2017-01-26 18:47 - 2017-01-26 18:53 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E01.HDTV.x264-KILLERS[ettv]
2017-01-26 18:47 - 2017-01-26 18:50 - 00000000 ____D C:\Users\user\Downloads\Designated.Survivor.S01E02.HDTV.x264-KILLERS[ettv]
2017-01-26 17:55 - 2017-01-26 18:22 - 00000000 ____D C:\AdwCleaner
2017-01-26 17:55 - 2017-01-26 17:55 - 03988944 _____ C:\Users\user\Downloads\AdwCleaner.exe
2017-01-26 17:54 - 2017-01-26 17:55 - 01663040 _____ (Malwarebytes) C:\Users\user\Downloads\JRT.exe
2017-01-26 17:51 - 2017-01-26 17:51 - 00181235 _____ C:\Users\user\Downloads\22901.pdf
2017-01-26 17:20 - 2017-01-26 17:20 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-26 17:20 - 2017-01-26 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-26 17:20 - 2017-01-26 17:20 - 00000000 ____D C:\Program Files\iPod
2017-01-26 17:19 - 2017-01-26 17:20 - 00000000 ____D C:\Program Files\iTunes
2017-01-26 17:15 - 2017-01-26 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-26 17:14 - 2017-01-26 17:14 - 00001472 _____ C:\EsgInstallerResumeAction_ff00e6f2fa487fc76629666127044dea
2017-01-26 17:05 - 2017-01-26 17:07 - 08813488 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup526.exe
2017-01-25 20:54 - 2016-12-21 15:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 20:54 - 2016-12-21 12:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-22 16:32 - 2017-01-22 16:32 - 00080399 _____ C:\Users\user\Downloads\Intro_to_Organic_Chem_(Qn7).pptx
2017-01-22 16:22 - 2017-01-22 16:22 - 00220648 _____ C:\Users\user\Downloads\Intro_to_Organic_Chem_(Qn6).pptx
2017-01-22 16:08 - 2017-01-22 16:08 - 00410508 _____ C:\Users\user\Downloads\5a_Nomenclature_of_organic_compounds.pptx
2017-01-22 15:29 - 2017-01-22 15:29 - 00132792 _____ C:\Users\user\Downloads\2017_JC2_CTG_Timetable.pdf
2017-01-22 15:29 - 2017-01-22 15:29 - 00132164 _____ C:\Users\user\Downloads\2017_JC2_CTG_Attendance_List.pdf
2017-01-17 23:24 - 2017-01-17 23:24 - 00037655 _____ C:\Users\user\Downloads\37890429_20170117_0051.pdf
2017-01-17 23:22 - 2017-01-17 23:22 - 00039231 _____ C:\Users\user\Downloads\35735539_20170107_0056.pdf
2017-01-17 23:20 - 2017-01-17 23:20 - 00038037 _____ C:\Users\user\Downloads\39755061_20170116_0046.pdf
2017-01-17 23:20 - 2017-01-17 23:20 - 00038037 _____ C:\Users\user\Downloads\39755061_20170116_0046 (1).pdf
2017-01-11 20:46 - 2016-12-21 16:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 20:46 - 2016-12-21 16:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 20:46 - 2016-12-21 15:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 20:46 - 2016-12-21 15:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 20:46 - 2016-12-21 15:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 20:46 - 2016-12-21 15:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 20:46 - 2016-12-21 15:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 20:46 - 2016-12-21 15:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 20:46 - 2016-12-21 15:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 20:46 - 2016-12-21 15:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 20:46 - 2016-12-21 15:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 20:46 - 2016-12-21 14:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 20:46 - 2016-12-21 14:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 20:46 - 2016-12-21 14:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 20:46 - 2016-12-21 14:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 20:46 - 2016-12-21 14:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 20:46 - 2016-12-21 14:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 20:46 - 2016-12-21 14:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 20:46 - 2016-12-21 14:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 20:46 - 2016-12-21 14:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 20:46 - 2016-12-21 14:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 20:46 - 2016-12-21 14:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 20:46 - 2016-12-21 13:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 20:46 - 2016-12-21 13:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 20:46 - 2016-12-21 13:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 20:46 - 2016-12-21 12:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 20:46 - 2016-12-21 12:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 20:46 - 2016-12-21 12:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 20:46 - 2016-12-21 12:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 20:46 - 2016-12-21 12:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 20:46 - 2016-12-21 12:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 20:46 - 2016-12-21 12:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 20:46 - 2016-12-21 12:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 20:46 - 2016-12-21 12:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 20:46 - 2016-12-21 12:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 20:46 - 2016-12-21 12:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 20:46 - 2016-12-21 12:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 20:46 - 2016-12-21 12:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 20:46 - 2016-12-21 12:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 20:46 - 2016-12-21 12:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 20:46 - 2016-12-21 12:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 20:46 - 2016-12-14 13:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 20:46 - 2016-12-14 13:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 20:46 - 2016-12-14 13:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 20:46 - 2016-12-14 13:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 20:46 - 2016-12-14 13:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 20:46 - 2016-12-14 13:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 20:46 - 2016-12-14 13:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 20:46 - 2016-12-14 13:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 20:46 - 2016-12-14 12:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 20:46 - 2016-12-14 12:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 20:46 - 2016-12-14 12:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 20:46 - 2016-12-14 12:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 20:46 - 2016-12-14 12:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 20:46 - 2016-12-14 12:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 20:46 - 2016-12-14 12:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 20:46 - 2016-12-14 12:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 20:46 - 2016-12-14 12:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 20:46 - 2016-12-14 12:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 20:46 - 2016-12-14 12:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 20:46 - 2016-12-14 12:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 20:46 - 2016-12-14 12:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 20:46 - 2016-12-14 12:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 20:46 - 2016-12-14 12:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 20:46 - 2016-12-14 12:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 20:46 - 2016-12-14 12:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 20:46 - 2016-12-14 12:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 20:46 - 2016-11-02 20:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 20:46 - 2016-11-02 18:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:46 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 20:45 - 2016-12-21 16:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 20:45 - 2016-12-21 15:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 20:45 - 2016-12-21 15:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 20:45 - 2016-12-21 15:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 20:45 - 2016-12-21 15:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 20:45 - 2016-12-21 15:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 20:45 - 2016-12-21 15:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 20:45 - 2016-12-21 15:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 20:45 - 2016-12-21 15:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 20:45 - 2016-12-21 15:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 20:45 - 2016-12-21 15:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 20:45 - 2016-12-21 15:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 20:45 - 2016-12-21 15:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 20:45 - 2016-12-21 15:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 20:45 - 2016-12-21 15:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 20:45 - 2016-12-21 15:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 20:45 - 2016-12-21 15:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 20:45 - 2016-12-21 15:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 20:45 - 2016-12-21 14:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 20:45 - 2016-12-21 14:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 20:45 - 2016-12-21 14:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 20:45 - 2016-12-21 14:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 20:45 - 2016-12-21 14:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 20:45 - 2016-12-21 14:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 20:45 - 2016-12-21 14:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 20:45 - 2016-12-21 13:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 20:45 - 2016-12-21 12:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 20:45 - 2016-12-21 12:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:45 - 2016-12-21 12:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 20:45 - 2016-12-21 12:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 20:45 - 2016-12-21 12:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 20:45 - 2016-12-21 12:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 20:45 - 2016-12-21 12:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 20:45 - 2016-12-21 12:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 20:45 - 2016-12-21 12:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 20:45 - 2016-12-21 12:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 20:45 - 2016-12-14 13:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 20:45 - 2016-12-14 13:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 20:45 - 2016-12-14 13:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 20:45 - 2016-12-14 13:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 20:45 - 2016-12-14 13:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 20:45 - 2016-12-14 13:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 20:45 - 2016-12-14 13:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 20:45 - 2016-12-14 13:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 20:45 - 2016-12-14 13:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 20:45 - 2016-12-14 13:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 20:45 - 2016-12-14 13:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 20:45 - 2016-12-14 13:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 20:45 - 2016-12-14 12:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 20:45 - 2016-12-14 12:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 20:45 - 2016-12-14 12:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 20:45 - 2016-12-14 12:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:45 - 2016-12-14 12:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 20:45 - 2016-12-14 12:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 20:45 - 2016-12-14 12:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 20:45 - 2016-12-14 12:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 20:45 - 2016-12-14 12:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 20:45 - 2016-12-14 12:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 20:45 - 2016-12-14 12:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 20:45 - 2016-12-14 12:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 20:45 - 2016-12-14 12:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 20:45 - 2016-12-14 12:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 20:45 - 2016-12-14 12:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 20:45 - 2016-12-14 12:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 20:45 - 2016-12-14 12:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 20:45 - 2016-12-14 12:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 20:45 - 2016-12-14 12:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 20:45 - 2016-12-14 12:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 20:45 - 2016-11-02 19:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 20:45 - 2016-11-02 18:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 20:45 - 2016-11-02 18:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-07 13:56 - 2017-01-08 19:32 - 00000000 ____D C:\Users\user\Downloads\FIFA 17 Super Deluxe Edition-FULL UNLOCKED
2017-01-06 15:04 - 2017-01-06 15:04 - 00075310 _____ C:\Users\user\Downloads\Guidelines_on_the_use_of_Calculators_-_1_Nov_2016_(memo_to_schools).pdf
2017-01-04 22:54 - 2017-01-04 22:54 - 00000000 ____D C:\Users\user\AppData\Local\Vivox
2017-01-02 20:56 - 2017-01-02 20:56 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-02 20:55 - 2017-01-02 20:55 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-01-01 18:03 - 2017-01-01 18:03 - 00001345 _____ C:\Users\user\Desktop\SpecialForce.lnk
2017-01-01 18:03 - 2017-01-01 18:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark
2017-01-01 17:58 - 2017-01-01 17:58 - 00000000 ____D C:\Program Files (x86)\Playpark
2017-01-01 17:39 - 2017-01-01 17:57 - 00000000 ____D C:\Users\user\Downloads\SF1_FULL_1.0.0
2017-01-01 17:35 - 2017-01-01 17:35 - 01038336 _____ C:\Users\user\Downloads\PlayparkDownloader_v0.3.6.1 (1).msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 18:18 - 2014-11-30 11:35 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2017-01-30 18:17 - 2016-10-30 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-30 18:16 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-30 14:30 - 2015-10-30 18:36 - 00036832 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2017-01-30 14:15 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-30 14:13 - 2016-01-27 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-01-30 14:13 - 2016-01-27 18:50 - 00000000 ____D C:\Program Files (x86)\NCWest
2017-01-30 14:10 - 2015-08-02 23:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-30 14:08 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-30 14:04 - 2015-02-08 16:13 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2017-01-30 13:57 - 2014-12-07 00:16 - 00000000 ____D C:\ProgramData\Oracle
2017-01-30 13:49 - 2016-11-30 13:42 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-30 13:46 - 2013-08-22 23:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-29 15:30 - 2016-10-30 13:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-29 13:55 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 13:57 - 2016-10-18 23:06 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-01-28 13:38 - 2014-11-30 10:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2017-01-28 13:06 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-26 20:54 - 2016-05-16 20:53 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-01-26 19:36 - 2016-11-20 12:04 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-01-26 19:36 - 2016-11-20 12:03 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-26 19:36 - 2016-11-02 22:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-26 18:46 - 2016-12-27 00:03 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2017-01-26 18:18 - 2016-11-29 17:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 18:16 - 2016-11-09 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2017-01-26 18:16 - 2016-11-09 01:15 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2017-01-26 17:46 - 2015-05-28 17:00 - 00000000 ___RD C:\Users\user\iCloudDrive
2017-01-26 17:43 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SKB
2017-01-26 17:20 - 2014-12-13 00:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-26 17:13 - 2016-12-14 12:26 - 00000000 ____D C:\Users\user\AppData\Roaming\steelseries-engine-3-client
2017-01-26 17:12 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:07 - 2015-12-03 21:46 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-25 20:44 - 2015-08-02 23:44 - 02659072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-22 16:04 - 2015-04-08 17:40 - 00000000 ____D C:\Users\user\AppData\Roaming\SystemSres
2017-01-16 20:49 - 2014-11-30 00:47 - 00000000 ____D C:\ProgramData\Skype
2017-01-16 20:35 - 2015-08-02 23:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-16 20:30 - 2016-10-30 13:59 - 00248792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 23:13 - 2016-12-07 07:57 - 01804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 22:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 21:23 - 2014-11-30 10:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 21:20 - 2014-11-30 10:49 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 11:56 - 2016-12-07 07:57 - 00045928 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
2017-01-08 23:51 - 2015-02-08 16:04 - 00000000 ____D C:\ProgramData\Origin
2017-01-05 13:54 - 2014-11-30 10:39 - 00000000 ___RD C:\Users\user\Dropbox
2017-01-03 22:01 - 2016-10-30 14:34 - 00003998 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1461755249
2017-01-03 22:01 - 2016-04-27 19:07 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-02 20:57 - 2016-10-30 14:34 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-02 20:57 - 2014-11-30 10:25 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-01-02 20:57 - 2014-11-30 10:25 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-01-02 20:57 - 2014-11-30 10:25 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148336184917110
2017-01-02 20:56 - 2014-11-30 10:25 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148336185093712
2017-01-02 20:56 - 2014-11-30 10:25 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-01-02 20:56 - 2014-11-30 10:25 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-02 20:55 - 2016-04-25 20:26 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-01-02 20:55 - 2014-11-30 10:25 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.148336184818707
2017-01-01 17:36 - 2016-06-05 22:52 - 00003107 _____ C:\Users\user\Desktop\Playpark Downloader.lnk
2017-01-01 17:36 - 2016-06-05 22:52 - 00003067 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
 
==================== Files in the root of some directories =======
 
2015-03-16 14:56 - 2015-03-16 14:56 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2017-01-30 14:30 - 2017-01-30 14:30 - 0000016 _____ () C:\ProgramData\mntemp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 19:04
 
==================== End of FRST.txt ============================
 
addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by user (30-01-2017 18:22:20)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-30 06:39:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2527001886-3938107897-3316602562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2527001886-3938107897-3316602562-503 - Limited - Disabled)
Guest (S-1-5-21-2527001886-3938107897-3316602562-501 - Limited - Disabled)
user (S-1-5-21-2527001886-3938107897-3316602562-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{47B81DF4-AD5A-4F3A-3D73-0A81268B1637}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.7.672769 - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet (HKLM-x32\...\Betternet) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\73f463568823ebbe) (Version: 6.7.0.2 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Discord (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
FIFA 15 v.1.8.0.0 ModdingWay v.3.1.1 (HKLM-x32\...\FIFA 15_is1) (Version:  - )
GamersFirst LIVE! (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapleStorySEA version 1.61.1 (HKLM-x32\...\{2AC6892F-B107-4ED2-B949-BD3C287E133A}_is1) (Version: 1.61.1 - Asiasoft Online Pte.Ltd.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Need For Speed Hot Pursuit version 1.0.5.0 (HKLM-x32\...\Need For Speed Hot Pursuit_is1) (Version: 1.0.5.0 - Mr DJ)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
RogueKiller version 12.9.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.5.0 - Adlice Software)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Special Force (HKLM-x32\...\SpecialForce) (Version:  - Playpark)
Spotify (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.9.10 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.10 - SteelSeries ApS)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814asia}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0550C98D-3465-47E0-81D7-5D9D6AA7AF0B} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {0E220870-597D-4045-9D7C-51566892B010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-29] (Adobe Systems Incorporated)
Task: {16B35CF3-AAD8-490F-8620-564AA9691933} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {26D9680C-63FE-4CB5-82DC-4AE5BDC019F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-02] (AVAST Software)
Task: {28936B68-7D00-47B8-8B2A-13133EF4FAE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {32A06078-93F0-4B58-AC85-BABDE3E730E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {56890EDA-2F45-47F9-AFC3-611DD994B83E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5C168816-6E34-43E8-8779-126C476D5EB4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {6EA03820-9FD5-4EA9-B15D-925D30AFE73B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001Core1d2373d380091bf => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {8E7C0385-1ACA-4C85-B91E-D49B930F30EC} - System32\Tasks\SafeZone scheduled Autoupdate 1461755249 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {955A40D6-CDD6-4C2E-9444-FC5CAE87C6CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AB56118E-D07B-4C15-BF45-31CCB60D7B14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-03] (Synaptics Incorporated)
Task: {D75925AB-1373-40F9-9A35-05677E354A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {E769B77B-73FB-4824-B891-192E607531CC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001UA1d2373d3834340d => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {FD71BD45-CE4A-4CFD-ADBA-E218A8DC8903} - System32\Tasks\{BDDAF317-1888-45A0-ACBD-B1BAB41D2293} => pcalua.exe -a "C:\PROGRAM FILES (X86)\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe" -c -u
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001Core1d2373d380091bf.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2527001886-3938107897-3316602562-1001UA1d2373d3834340d.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\user\Desktop\Настройки-FIFA 15.lnk -> C:\Games\FIFA 15\fifasetup\fifaconfig.exe (Electronic Arts Canada) <===== Cyrillic
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:32 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-29 09:47 - 2014-01-04 19:52 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2014-11-29 09:47 - 2013-12-04 04:01 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2016-12-17 18:32 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-31 05:51 - 2016-10-31 05:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 20:45 - 2016-12-21 15:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-29 18:29 - 2016-09-16 01:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-10-31 05:51 - 2016-10-31 05:51 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-01-11 20:45 - 2016-12-21 14:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 20:45 - 2016-12-21 14:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 20:45 - 2016-12-21 14:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-25 20:47 - 2017-01-25 20:49 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-25 20:47 - 2017-01-25 20:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-25 20:47 - 2017-01-25 20:49 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 12:17 - 2016-12-14 12:17 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-02 20:55 - 2017-01-02 20:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-30 18:09 - 2017-01-30 18:09 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17013000\algo.dll
2017-01-02 20:55 - 2017-01-02 20:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-02 20:56 - 2017-01-02 20:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Desktop\Transformice.lnk:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2527001886-3938107897-3316602562-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{AE640FE1-5945-4072-A6D1-A5396DE6F36F}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8288BCCE-5CBC-4A02-841A-FA0555DF5509}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBE16A2F-5761-4A57-A82C-AEB7F49F3CAA}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{121FC229-5436-4218-ACCF-82277A50028D}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{1E7B8BDB-FBEC-4136-A8F6-1323651754DA}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{847CB0D8-2663-4A24-A20E-750859FCF1FB}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{9A4AB2FF-571B-4974-965F-2713F0CC13CB}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{8E7DB69A-429D-4235-9F99-6A8670479325}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{ED281CA1-106E-46E2-B250-A1B355BBF5A0}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{1D9FB8CC-30FD-4BE2-8A1D-21CBC426E614}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{8B5A6EE9-FE22-48BA-9882-C9B424EF6357}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8A4F1BBB-B95F-4D0F-BE99-66141870539D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{37EAFF4A-A3C3-4FD0-90DD-63ADA67B2EA4}] => C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A7F67F37-F7CE-4471-878A-5948476DAFF3}] => C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{B9221B95-F33E-4C97-817C-C250F4677A3F}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{213C090B-701B-44ED-B365-66C3664AFB16}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{82277565-025C-483D-BADC-2B3E4178480D}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C8E62A02-719E-44D3-99E9-3D1E9095D341}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{41D721E8-14EE-4CD8-B30B-7819A6EAB646}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F313BA37-F94F-46B5-8B20-C721A8EAD2C3}C:\users\user\appdata\local\akamai\netsession_win.exe] => C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0E72E4E2-FCAB-4578-85D6-07BB23D64384}] => C:\Windows\KMS\KMS.exe
FirewallRules: [{E13C46BB-C1FA-4391-AF39-3FFC5D62C78A}] => C:\Windows\KMS\KMS.exe
FirewallRules: [{BDBD227D-1DE9-4682-AFA1-CC26E15E2AE2}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{42817D47-1135-4057-A6EF-949392D62234}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D6176EC0-48F8-456F-9BEE-11116097A5BE}C:\users\user\appdata\roaming\spotify\spotify.exe] => C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A4432274-2C01-4B28-B391-BE2785DA9CE1}C:\users\user\appdata\roaming\spotify\spotify.exe] => C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2460C861-AFC5-41E5-BC68-BB771901354C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD9563A0-A394-49A6-AC51-8501182C4BED}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{B11341EE-227F-456A-831C-3F8F8B5F254C}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{ECB2701B-E11C-4773-B81F-5E43652958DD}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [{88860333-CE54-4799-8EAE-0F25020E4131}] => C:\Program Files (x86)\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [TCP Query User{95262343-6859-4244-B1B8-0CF13939C87C}C:\program files (x86)\playpark\special force\specialforce.exe] => C:\program files (x86)\playpark\special force\specialforce.exe
FirewallRules: [UDP Query User{4F0EDA14-C7B5-4766-AC1E-06A75FCB4EB9}C:\program files (x86)\playpark\special force\specialforce.exe] => C:\program files (x86)\playpark\special force\specialforce.exe
FirewallRules: [{C789D6CA-1013-49DD-A2B3-82D045162BCE}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AAE83EA-3E7A-46BE-9308-A8415A43C750}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{5D4E6BBA-4AE0-4A0D-9AAD-CCD5ADF0F593}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{4AD26836-32AC-4456-84F1-92060A96043A}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{DDFDACB8-3473-498B-BBD7-410C5E03B73D}] => C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
 
==================== Restore Points =========================
 
30-01-2017 13:37:19 Removed Java 8 Update 31
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2017 02:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MapleStory.exe, version: 7.164.2.0, time stamp: 0x5875ed42
Faulting module name: MapleStory.exe, version: 7.164.2.0, time stamp: 0x5875ed42
Exception code: 0xc0000005
Fault offset: 0x00beaf94
Faulting process id: 0x47c
Faulting application start time: 0x01d27ac24756cac9
Faulting application path: C:\Program Files (x86)\Wizet\MapleStorySEA\MapleStory.exe
Faulting module path: C:\Program Files (x86)\Wizet\MapleStorySEA\MapleStory.exe
Report Id: eb00ce29-c141-41c3-b967-7e285a558ff0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/30/2017 02:11:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/30/2017 02:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/30/2017 01:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x585a2708
Exception code: 0x80000003
Fault offset: 0x0000000000064ddd
Faulting process id: 0x10f4
Faulting application start time: 0x01d27abcd9a108be
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Report Id: c914f78c-f636-4fc2-a791-fbc527298f5c
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/30/2017 01:37:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/29/2017 02:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x15e0
Faulting application start time: 0x01d279fcf98d250c
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 572586db-6189-44de-91a0-777af63f1eba
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2017 02:58:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2017 02:58:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2017 02:57:59 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2017 02:57:59 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
 
System errors:
=============
Error: (01/30/2017 06:22:54 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 06:22:54 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 06:20:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (01/30/2017 06:19:47 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 06:19:47 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 06:19:21 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (01/30/2017 06:18:34 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 06:18:34 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (01/30/2017 06:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/30/2017 06:17:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-30 14:59:27.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:27.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:27.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:21.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:21.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:20.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:17.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-30 14:59:14.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 18%
Total physical RAM: 8058.5 MB
Available physical RAM: 6551.5 MB
Total Virtual: 16250.5 MB
Available Virtual: 14816.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.75 GB) (Free:178.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C947A08F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
The issue seems to be fixed, thank you very much for your service, Satchfan.
As for other outstanding problems, my computer is unable to shut down correctly. It goes through the shutdown process and turns everything off except the power button which remains lit. But i doubt that is within your expertise.
Hence, once again thank you for solving this issue for me.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 30 January 2017 - 06:13 AM

thank you very much for your service, Satchfan.

You're welcome

 

my computer is unable to shut down correctly. It goes through the shutdown process and turns everything off except the power button which remains lit. But i doubt that is within your expertise.

You're correct in that it is not my forte but I've seen others with that issue and it turns out to be BIOS/CMOS-related. There's a topic about it here.

 

 If you don't feel comfortable tackling it yourself, start a topic in our Windows 10 Support forum where I'm sure you'll get help.

 

If you're happy that this topic is solved, let me know and I'll send instructions to tidy up.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 zzzfrendzzz

zzzfrendzzz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 30 January 2017 - 06:45 AM

Yes please do so thank you

#12 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 30 January 2017 - 09:11 AM

Your computer appears to be clean.


Now that you’re free from malware, as long as it seems to be running well, please follow these simple steps to tidy up your computer and decrease the likelihood of getting infected again:

 Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:59 PM

Posted 31 January 2017 - 10:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users