Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow system


  • Please log in to reply
7 replies to this topic

#1 Petenkelly

Petenkelly

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 12 May 2017 - 05:06 PM

Hi all I have a slow system that takes an age to load anything, I don't use IE but that browser has been hijacked. I have a relatively new laptop with a good spec so that isn't an issue. Any help greatly appreciated.


Edited by hamluis, 12 May 2017 - 07:26 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:59 AM

Posted 12 May 2017 - 08:05 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Peteandkelly

Peteandkelly

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 14 May 2017 - 12:18 AM

Hi

 

Hopefully i have done this correctly and in the right order. aia could not see an option for uploading the documents so i will copy and paste them here.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by peter (14-05-2017 00:01:02)
Running from C:\Users\peter\Desktop
Windows 8.1 (Update) (X64) (2016-07-15 22:24:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3079031520-2956614243-2143490567-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3079031520-2956614243-2143490567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3079031520-2956614243-2143490567-1003 - Limited - Enabled)
peter (S-1-5-21-3079031520-2956614243-2143490567-1001 - Administrator - Enabled) => C:\Users\peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Ace Stream Media 3.1.7 (HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\AceStream) (Version: 3.1.7 - Ace Stream Media) <==== ATTENTION
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bing Search Engine (HKLM-x32\...\{57D7BF17-0757-6E97-B6D7-1E176657CD97}) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrightPay UK 2016/17 (HKLM-x32\...\{3AA3F6CA-2791-4F5B-BD44-13A998AC2BB6}) (Version: 16.4.0 - Thesaurus Software Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
FinalBurner PRO v2.7.0.182 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}) (Version:  - )
FonePaw Android Data Recovery 1.9.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.9.0 - FonePaw)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM-x32\...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
Herramientas de corrección de Microsoft Office 2016: español (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iSkysoft Toolbox for iOS (Version 5.0.1) (HKLM-x32\...\{10B4DAB2-9F85-483e-BF03-31771821E060}_is1) (Version: 5.0.1.7 - iSkysoft Software Co.,Ltd.)
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Kingo ROOT version 1.4.9.2847 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.9.2847 - Kingosoft Technology Ltd.)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mnemosyne 2.3.6 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mozilla Firefox 53.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-GB)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
ONVIF Device Manager v2.2.250 (HKLM-x32\...\{6AC771CF-4EAA-41B7-A398-61A33701E076}) (Version: 2.2.250 - Synesis)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outlook Privacy Plugin (HKLM-x32\...\{68E34B9C-F9B5-4346-B394-F22B2A726306}) (Version: 2.0.5627.23349 - Deja vu Security)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden
SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.04.6401 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC Streamer 5.31 (HKLM-x32\...\VLC Streamer_is1) (Version:  - Hobbyist Software)
WinAVI All-in-One Converter (HKLM-x32\...\WinAVI All-in-One Converter_is1) (Version: 1.7.0 - )
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
Yahoo! Powered (HKLM-x32\...\{CF952755-9F15-F6D5-2E95-8655FE1555D5}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00553EC3-DE39-4E1A-82F5-20F7338BE42E} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {0A7F1AB6-B379-4E30-94BA-A4E86EB44C47} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0B27139A-AA24-4C31-919C-6EADE0B11561} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {24BDF68B-DCC5-44EB-8ADC-67CD2D041DFE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {3E9FC16C-83D4-4A73-9689-4D176E5EBD13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {3F8FA7A1-0ADA-44EA-9A76-69581AD0E53A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {411BD2D6-242C-47CF-99AF-F9ACED48D552} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {4DC3E4D1-1B76-4A29-9A4A-840A6307CEFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {5C47484E-CFF5-4AFA-BBD0-3DE2C6E3E65F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {731EFA43-4CF2-4066-AC0B-5AF30C601E44} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {73AE6C39-6657-4FBC-AFAD-CFF84EC221B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8304F6EE-A854-4537-9B0E-030E10EC1DE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {93E75CEE-F214-4E39-9E3A-366449AF7750} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {9A89870B-8562-4A09-9979-747BDDFDE46E} - System32\Tasks\Bing Search Engine locid => Wscript.exe "C:\ProgramData\{F5EA3089-7FA8-BA4F-F96E-240D632CAFC3}\dosa.txt" "68747470733a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b46354541333038392d374641382d424134462d463936452d3234304436333243414643337d5c6d6964697469" "433a5c50726f6772616d446174615c7b46354541333038392d374641382d424134462d (the data entry has 84 more characters).
Task: {AB07F736-1AA1-41C5-B019-F02955DF7240} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {C1E134F1-23A8-4895-A4C3-56DF0B770AB2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C8762F27-8817-42D5-AEBE-E47290463B22} - System32\Tasks\BitX => C:\Program Files (x86)\BitX\BitXSplash.exe
Task: {DE62D95C-10B8-4F0B-8950-53DFB6988993} - System32\Tasks\Yahoo! Powered locid => Wscript.exe "C:\ProgramData\{1242D721-9800-5DE7-1EC6-C3A58484486B}\dosa.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b31323432443732312d393830302d354445372d314543362d4333413538343834343836427d5c6d6964697469" "433a5c50726f6772616d446174615c7b31323432443732312d393830302d354445372d314543 (the data entry has 78 more characters).
Task: {E5DF4F1F-B23D-43E5-B4DF-1103AB96EA67} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {E90EDF6C-5059-417C-AA69-3B04BC11405A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {EB4DBE9F-7295-4513-A403-9AF6AE479845} - System32\Tasks\HP AR Program Upload - 5886f231bb29469081bd4c7e75c8676075144ac765194397bd4b3b999ce9c622 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {EE5B3D4B-3D84-4DE5-A522-615DD878A17F} - System32\Tasks\BitX Updater Service => C:\Program Files (x86)\BitX\BitXUpdaterService.exe
Task: {F6D2237B-ECBA-4BAB-836D-0722D11E7899} - System32\Tasks\{109395F2-5F8D-5910-0D71-1F06C958536E} => C:\Users\peter\AppData\Roaming\Nuharuh\updane.exe [2013-05-06] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Bing Search Engine locid.job => Wscript.exe  C:\ProgramData\{F5EA3089-7FA8-BA4F-F96E-240D632CAFC3}\dosa.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered locid.job => Wscript.exe  C:\ProgramData\{1242D721-9800-5DE7-1EC6-C3A58484486B}\dosa.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{109395F2-5F8D-5910-0D71-1F06C958536E}.job => C:\Users\peter\AppData\Roaming\Nuharuh\updane.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Torrent Stream.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=icocmgpofpimcojhefbcfbdldkmndpgj

==================== Loaded Modules (Whitelisted) ==============

2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 11:50 - 2016-07-05 11:50 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-03-03 13:30 - 2014-03-03 13:30 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-10-18 14:12 - 2016-10-18 16:31 - 00017376 _____ () C:\Users\peter\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2017-01-22 22:46 - 2016-11-29 07:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-23 00:49 - 2017-02-23 00:49 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-01-06 17:41 - 2016-01-06 17:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2015-11-10 07:54 - 2015-11-10 07:54 - 00027000 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\ace_update.exe
2017-05-13 22:52 - 2017-05-13 22:52 - 00852798 _____ () C:\Users\peter\Desktop\SecurityCheck.exe
2016-07-05 11:38 - 2016-07-05 11:38 - 00222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-07-05 11:27 - 2016-07-05 11:27 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-07-05 11:38 - 2016-07-05 11:38 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-07-05 11:41 - 2016-07-05 11:41 - 00750592 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-07-05 11:32 - 2016-07-05 11:32 - 00103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2017-01-22 22:46 - 2016-11-08 10:46 - 00693248 _____ () C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-07-11 12:39 - 2017-03-20 19:57 - 00329216 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-04-16 13:27 - 2015-04-16 13:27 - 00018944 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2017-02-04 02:54 - 2017-02-02 12:54 - 00093696 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00152576 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2015-11-07 13:14 - 2015-11-07 13:14 - 02977792 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00167424 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2012-02-07 17:35 - 2012-02-07 17:35 - 00110080 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 17:36 - 2012-02-07 17:36 - 00035840 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2014-01-23 12:37 - 2014-01-23 12:37 - 00036352 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00098816 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 17:38 - 2012-02-07 17:38 - 00358912 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 17:36 - 2012-02-07 17:36 - 00111616 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 17:36 - 2012-02-07 17:36 - 00024064 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2015-04-16 13:27 - 2015-04-16 13:27 - 02386432 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2016-07-11 12:37 - 2017-03-20 19:57 - 03137536 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2013-12-21 14:20 - 2013-12-21 14:20 - 00053248 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00106496 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 14:20 - 2013-12-21 14:20 - 00040448 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00011776 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-18 22:56 - 2011-01-18 22:56 - 00334336 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-02-13 16:02 - 2011-02-13 16:02 - 00031232 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2016-07-11 13:03 - 2017-03-20 19:57 - 05573632 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00057344 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00635392 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll
2016-05-08 20:48 - 2016-05-08 20:48 - 00014848 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd
2010-10-10 23:23 - 2010-10-10 23:23 - 00723968 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 17:20 - 2013-01-29 17:20 - 00082944 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 20:37 - 2011-07-15 20:37 - 00981504 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00746496 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00670720 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00966144 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00674816 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00688128 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2016-05-08 20:13 - 2017-02-02 12:54 - 00264296 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2015-04-16 13:29 - 2015-04-16 13:29 - 00112142 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2015-04-16 13:29 - 2015-04-16 13:29 - 00061952 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2017-02-04 02:54 - 2017-02-02 12:54 - 00028672 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd
2013-01-29 17:20 - 2013-01-29 17:20 - 00066048 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2016-09-11 11:51 - 2016-03-09 07:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2014-10-28 10:38 - 2014-10-28 10:38 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2014-10-28 10:38 - 2014-10-28 10:38 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll
2014-10-28 10:38 - 2014-10-28 10:38 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2017-01-13 09:52 - 2016-10-08 17:59 - 01506304 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-01-13 09:52 - 2016-07-21 11:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-10-02 05:46 - 2017-02-02 12:54 - 00283648 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd
2016-10-02 05:46 - 2016-10-01 20:50 - 00350720 _____ () C:\Users\peter\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd
2015-08-06 13:30 - 2017-01-31 13:29 - 00165216 _____ () C:\Users\peter\AppData\Roaming\ACEStream\player\libtsplayer.dll
2015-08-06 13:30 - 2017-01-31 13:29 - 01968480 _____ () C:\Users\peter\AppData\Roaming\ACEStream\player\libtsplayercore.dll
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 20:37 - 2011-07-15 20:37 - 00981504 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00746496 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00670720 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00966144 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00674816 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 22:56 - 2011-01-18 22:56 - 00334336 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00011776 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00152576 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00098816 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 17:35 - 2012-02-07 17:35 - 00110080 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 17:38 - 2012-02-07 17:38 - 00358912 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 17:36 - 2012-02-07 17:36 - 00111616 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 17:36 - 2012-02-07 17:36 - 00024064 _____ () C:\Users\peter\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2017-02-23 00:49 - 2017-02-23 00:49 - 08911560 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-01-26 21:31 - 00001138 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                   23.74.204.49
127.0.0.1                   2.20.235.247
127.0.0.1                   216.58.214.40
127.0.0.1                   151.101.12.143
127.0.0.1                   66.117.29.4
127.0.0.1                   63.140.41.167
127.0.0.1     13.80.12.54
127.0.0.1  239.255.255.250

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F3E0E259-8209-437C-B5F1-4AEC995BFDAF}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{303F4909-DC99-4C8B-9E7C-DB3627FAB055}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{05B0412D-17CC-492E-933C-67DE5F80D3DB}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{BC3033BC-AC20-4029-B702-73377B492F96}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F707E056-899D-4C56-B152-8601453CE91A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{627296BA-F36B-4642-9AB5-FC35B8DE0EA3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A67DD45D-3436-473B-A244-85405FA91F4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60A68EAF-E5C2-4DC2-9B85-F2B9C5FC646A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAFE66D4-BC25-4B72-8D44-1AA89E6DBB32}] => (Allow) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE2BB002-BAC7-400F-AC29-B9682D7DA22A}] => (Allow) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7E39FC6-953F-4872-9D47-7D2DF4523B84}] => (Allow) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACC22A0D-A96A-4DEF-9FCC-FB3CACA19C1D}] => (Allow) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F0E912D-8A52-47C3-B20B-DB1142E75032}] => (Allow) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DBCD0C81-C441-4F9C-8F71-7722C794E140}] => (Allow) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1CCCF59D-AFF4-4CA9-BAD1-A6148BFEB540}C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{ED6D3906-ABAD-4E10-A3AA-A743E4312ED5}C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{D1A4A70C-94CD-4CDE-936C-A3559FBC2288}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{DC0D0AF1-6ABF-4419-A2F8-C59266428A68}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EA9EADD1-01AA-4CAA-8B85-7F1CDBECAC8C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{73DC9D5F-74D7-4801-ACA2-73E0EA0C4427}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{A4F7B167-066F-408C-9FCD-641D64BB6FD8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{7E5EFB42-8BCF-4BB7-ACF5-24F84180FDD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{F4C175B0-959B-4B9A-A8D5-75BAE0FDD8A3}] => (Allow) LPort=8298
FirewallRules: [TCP Query User{C2A45D6F-3430-4CB7-9F77-8E5DD26E4F59}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{95DE25C2-DC73-4330-B5C6-90C6BC4A08AB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7745073A-D6F2-4075-8D63-FF96F701D8BF}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{183DA5DD-5C14-4F3C-8035-1FC1AA4B249A}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\mDNSResponder.exe
FirewallRules: [TCP Query User{BAFECD7D-5EA1-4F23-A08C-D1149156A0CC}C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{640B0E2F-51BE-4717-AAF6-06E877D0B2CA}C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\peter\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{FBE290EC-3344-4B33-9FB1-B757AAEE932B}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{68D82BFF-7F7B-4C44-B852-BD4511B945D0}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{E30C0C11-BABC-4774-BBEC-9C5CD2D0C67A}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B562EFCA-B75D-4ACA-99C2-88178775731C}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{8011C3BD-D34D-4599-8364-FD2486A9E3BF}] => (Allow) C:\Users\peter\AppData\Local\Temp\7zS667B\HPDiagnosticCoreUI.exe
FirewallRules: [{CCEFD16F-DCBD-4226-941D-E3AFB84464BB}] => (Allow) C:\Users\peter\AppData\Local\Temp\7zS667B\HPDiagnosticCoreUI.exe
FirewallRules: [{A791807E-6396-49C1-8A8D-019E5BF33676}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{27E1C043-9419-4BBB-A221-6D06C188155E}] => (Allow) LPort=5357
FirewallRules: [{CC0BE84D-9534-47A4-87A1-E4791044A4E8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{7C3F7E5C-44F1-4F9F-9EE4-1CB71B7D0838}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F93EE74C-3903-412B-9C6E-BF4BBD16AC52}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{48D2DAFA-1ACC-4DBA-A79F-7CAF65FB7343}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{32B2D346-B5B1-4A43-AE5F-0D94276F0156}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [{0CF67A26-F637-49B6-A48A-C863D5D10498}] => (Allow) C:\Users\peter\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{50DA398B-54AD-4E82-B0A3-12C5659C8E00}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe
FirewallRules: [{6085E0AD-0B12-440A-B1E7-AF1990E761DF}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe
FirewallRules: [{569CCFDF-3F61-4274-95D0-9E842D410309}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{332ACBED-70EC-4E1A-B744-1BA88068B9B2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{BF247A34-0759-48DC-990D-17D9F7614203}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{2E2AD069-E9CF-4802-B044-512F675C9D46}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{5F5ED0D9-89DF-4761-8788-7FD20DF10B1F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4D6E0C6-741E-4C66-A404-BC9F95086836}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD099BF1-45C7-4950-AF53-B7C5B4BC01AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2EEDE20-5DE4-4057-93F8-C94E49C2C2E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D85EBB0-2073-4BD7-81B4-BBA43C19E490}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5AFE1E48-C150-449F-BC69-1FC70DE4AC97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{1E660FB8-0D95-41B0-BDC0-D26EB458AF28}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-05-2017 01:04:15 Windows Update
12-05-2017 23:31:53 Windows Update
13-05-2017 22:30:23 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2017 11:44:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS1975)
Description: Activation of application Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2017 11:44:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a9c

Start Time: 01d2cc3a7793c99f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: bfadc863-382d-11e7-82d0-4cbb5817d3ce

Faulting package full name: Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (05/13/2017 11:44:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ANONYMOUS1975)
Description: App Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe+AppexSports did not launch within its allotted time.

Error: (05/13/2017 11:43:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/13/2017 11:43:50 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (05/13/2017 11:43:49 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (05/13/2017 11:43:31 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/13/2017 11:43:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/13/2017 11:43:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/13/2017 11:43:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (05/13/2017 11:34:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Iskysoft Application Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/13/2017 11:34:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Iskysoft Application Framework Service service to connect.

Error: (05/13/2017 11:28:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (05/13/2017 10:49:57 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/12/2017 09:51:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


CodeIntegrity:
===================================
  Date: 2016-12-17 20:06:23.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-14 21:48:16.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-07 19:19:13.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-02 20:53:46.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-23 09:06:55.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 00:11:46.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-08 10:18:37.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-07 11:00:17.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-04 16:34:00.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-30 09:58:23.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 3981.93 MB
Available physical RAM: 1492.56 MB
Total Virtual: 5837.93 MB
Available Virtual: 3291.16 MB

==================== Drives ================================

Drive c: (TI31338200A) (Fixed) (Total:919.33 GB) (Free:335.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET Smart Security 8.0   
Windows Defender          
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     25.0.0.171  
 Mozilla Firefox (53.0.2)
 Google Chrome (58.0.3029.96)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by peter (administrator) on ANONYMOUS1975 (13-05-2017 23:57:51)
Running from C:\Users\peter\Desktop
Loaded Profiles: peter (Available Profiles: peter & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Users\peter\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Wondershare) C:\Program Files (x86)\iSkysoft\iSkysoft Toolbox for iOS\Library\DriverInstaller\DriverInstall.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe
(Innovative Digital Technologies) C:\Users\peter\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\peter\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(BitTorrent Inc.) C:\Users\peter\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hobbyist Software) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(Innovative Digital Technologies) C:\Users\peter\AppData\Roaming\ACEStream\engine\ace_engine.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Users\peter\AppData\Roaming\ACEStream\updater\ace_update.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
() C:\Users\peter\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2016-06-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [uTorrent] => C:\Users\peter\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-04-10] (BitTorrent Inc.)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [AceStream] => C:\Users\peter\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4338880 2016-02-02] (Disc Soft Ltd)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [Hobbyist Software VLC Streamer] => C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1237032 2016-11-30] (Hobbyist Software)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Run: [Chromium] => c:\users\peter\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\MountPoints2: {906d27a2-52b5-11e6-826d-4cbb5817d3ce} - "E:\SETUP.EXE"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2016-08-12]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ACE088C-8066-4C0C-A6A4-AD08B44720A4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-f3046eb1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-f3046eb1
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-f3046eb1
HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
SearchScopes: HKLM -> DefaultScope {C1FE096E-8236-4C96-9D3F-D76638DF486A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f3046eb1&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_9ae4fc5a&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYNVA4JaYVvFFdJaYUwVQ4IWYYNVU9GqYVNUI3wGYGwVM3vmIWwVQ9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IVwVVdICIXNVA4IWYWvFM9I6IVvFI9J6IVwVxdJCoWNVJdImISvFQ9JmoVvmo9IaYWNVFdJ6oWwVVdJ6k4NVRdICoXNVE4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGNVI4JmoUvFM3vCIVNVM4ISISvmk9JCk3vFM9I6oUwVU4IGYWwVxdJqYYNVBdJCISvmo4IWYUNVM9ISoXvmo4JmoWwVJdJqYVNoU9GqYYNVc3wCoUQGR7B6RoN9JcMWx5LWV8MaFcQGR7BHFaISopzU0aCaV7CaFdC78kBrFbMn0aC6AoxrFaIWBfNbFbMn0aQGMVE7ofAT06xbFbJqtfNJ%3D%3D&param2=NGV8LWJdMapaMZ%3D%3D&p={searchTerms}
SearchScopes: HKLM -> {C1FE096E-8236-4C96-9D3F-D76638DF486A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f3046eb1&q={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0FyC0DyE0C0EtByD0A0AtN0D0Tzu0StCyByDtBtN1L2XzutAtFtByEtFtByCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0CtAtB0E0B0DtAtGyCyDtDyBtGtAtByEtBtGtDyDyByBtG0FtB0A0AyCtC0C0F0EzyyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByEyCzytD0CyDtGzztAzzyCtGyEtAyE0CtG0B0A0F0AtGzyyD0E0CtDyBzyyByCtD0B0D2QtN0A0LzuyE%26cr%3D143424430%26a%3Dwbf_fs_16_42%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {C1FE096E-8236-4C96-9D3F-D76638DF486A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f3046eb1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3079031520-2956614243-2143490567-1001 -> DefaultScope {C1FE096E-8236-4C96-9D3F-D76638DF486A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f3046eb1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3079031520-2956614243-2143490567-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0FyC0DyE0C0EtByD0A0AtN0D0Tzu0StCyByDtBtN1L2XzutAtFtByEtFtByCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0CtAtB0E0B0DtAtGyCyDtDyBtGtAtByEtBtGtDyDyByBtG0FtB0A0AyCtC0C0F0EzyyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByEyCzytD0CyDtGzztAzzyCtGyEtAyE0CtG0B0A0F0AtGzyyD0E0CtDyBzyyByCtD0B0D2QtN0A0LzuyE%26cr%3D143424430%26a%3Dwbf_fs_16_42%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3079031520-2956614243-2143490567-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_9ae4fc5a&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVA3vqYYvmo4J6IYNVA4JaYVvFFdJaYUwVQ4IWYYNVU9GqYVNUI3wGYGwVM3vmIWwVQ9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IVwVVdICIXNVA4IWYWvFM9I6IVvFI9J6IVwVxdJCoWNVJdImISvFQ9JmoVvmo9IaYWNVFdJ6oWwVVdJ6k4NVRdICoXNVE4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGNVI4JmoUvFM3vCIVNVM4ISISvmk9JCk3vFM9I6oUwVU4IGYWwVxdJqYYNVBdJCISvmo4IWYUNVM9ISoXvmo4JmoWwVJdJqYVNoU9GqYYNVc3wCoUQGR7B6RoN9JcMWx5LWV8MaFcQGR7BHFaISopzU0aCaV7CaFdC78kBrFbMn0aC6AoxrFaIWBfNbFbMn0aQGMVE7ofAT06xbFbJqtfNJ%3D%3D&param2=NGV8LWJdMapaMZ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3079031520-2956614243-2143490567-1001 -> {C1FE096E-8236-4C96-9D3F-D76638DF486A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f3046eb1&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2017-04-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469 [2017-05-13]
FF NewTab: Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469 -> search.yahoo.com
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469 -> search.yahoo.com
FF Homepage: Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469 -> hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-c2e233d0
FF Keyword.URL: Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469 -> user_pref("keyword.URL", true);
FF Extension: (SaveFrom.net helper) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469\Extensions\helper-sig@savefrom.net.xpi [2017-05-12]
FF SearchPlugin: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\shvy0srj.default-1469054622469\searchplugins\search.yahoo.com.xml [2016-12-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-08-06] [not signed]
FF HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\peter\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\peter\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3079031520-2956614243-2143490567-1001: @acestream.net/acestreamplugin,version=3.1.7 -> C:\Users\peter\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-31] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-01-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default [2017-05-08]
CHR Extension: (Google Slides) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-27]
CHR Extension: (Google Docs) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-27]
CHR Extension: (Google Drive) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-27]
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-27]
CHR Extension: (uTab) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp [2017-02-13]
CHR Extension: (Adobe Acrobat) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Google Sheets) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-28]
CHR Extension: (Torrent Stream) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\icocmgpofpimcojhefbcfbdldkmndpgj [2016-10-17]
CHR Extension: (Home Tab) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2016-12-24]
CHR Extension: (Ace Stream Web Extension) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-23]
CHR Extension: (Beebs - Access BBC iPlayer) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmliiafmgjkgkfadkpomlefdllhajdi [2017-03-24]
CHR Extension: (Search Manager) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-01-21]
CHR Extension: (Gmail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3079031520-2956614243-2143490567-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-18] (Windows ® Win 7 DDK provider) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1439424 2016-02-02] (Disc Soft Ltd)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Iskysoft)
R2 KingoSoftService; C:\Users\peter\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-10-18] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WsDrvInst; C:\Program Files (x86)\iSkysoft\iSkysoft Toolbox for iOS\Library\DriverInstaller\DriverInstall.exe [112632 2017-04-12] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2016-08-03] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2016-08-03] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-05-13] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 23:46 - 2017-05-13 23:54 - 00000000 ____D C:\Users\peter\Desktop\Bleeping
2017-05-13 23:35 - 2017-04-28 23:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-13 23:35 - 2017-04-28 23:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-13 23:33 - 2017-05-13 23:33 - 00000022 _____ C:\WINDOWS\S.dirmngr
2017-05-13 22:52 - 2017-05-13 22:52 - 00852798 _____ C:\Users\peter\Desktop\SecurityCheck.exe
2017-05-13 22:36 - 2017-03-30 14:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-05-13 22:36 - 2017-03-30 14:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-05-13 22:36 - 2017-03-30 14:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-05-13 22:36 - 2017-03-30 14:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-05-12 21:49 - 2017-05-12 21:57 - 00000000 ____D C:\Users\peter\Downloads\Fate Of The Furious 2017 720p HDTC x264 AC3 TiTAN
2017-05-12 21:42 - 2017-04-16 09:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-12 21:42 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-12 21:42 - 2017-04-16 08:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-12 21:41 - 2017-04-28 22:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-12 21:41 - 2017-04-26 15:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-05-12 21:41 - 2017-04-16 11:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-12 21:41 - 2017-04-16 11:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-12 21:41 - 2017-04-16 11:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-12 21:41 - 2017-04-16 11:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-12 21:41 - 2017-04-16 11:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-12 21:41 - 2017-04-16 10:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-12 21:41 - 2017-04-16 10:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-12 21:41 - 2017-04-16 10:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-12 21:41 - 2017-04-16 10:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-12 21:41 - 2017-04-16 09:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-12 21:41 - 2017-04-16 09:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-12 21:41 - 2017-04-16 09:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-12 21:41 - 2017-04-16 09:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-12 21:41 - 2017-04-16 09:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-05-12 21:41 - 2017-04-16 09:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-12 21:41 - 2017-04-16 09:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-12 21:41 - 2017-04-16 09:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-12 21:41 - 2017-04-16 09:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-12 21:41 - 2017-04-16 09:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-12 21:41 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-12 21:41 - 2017-04-16 09:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-12 21:41 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-05-12 21:41 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-12 21:41 - 2017-04-16 08:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-05-12 21:41 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-05-12 21:41 - 2017-04-16 08:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-12 21:41 - 2017-04-16 08:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-12 21:41 - 2017-04-16 08:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-12 21:41 - 2017-04-16 08:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-12 21:41 - 2017-04-16 08:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-12 21:41 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-12 21:41 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-12 21:41 - 2017-04-16 08:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-12 21:41 - 2017-04-16 08:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-12 21:41 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-12 21:41 - 2017-04-16 08:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-05-12 21:41 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-12 21:41 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-12 21:41 - 2017-04-16 08:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-12 21:41 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-12 21:41 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-12 21:41 - 2017-04-16 08:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-12 21:41 - 2017-04-16 08:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-05-12 21:41 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-12 21:41 - 2017-04-16 07:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-12 21:41 - 2017-04-16 07:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-12 21:41 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-12 21:41 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-12 21:41 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-12 21:41 - 2017-04-09 23:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-12 21:41 - 2017-04-09 23:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-12 21:41 - 2017-04-08 00:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-12 21:41 - 2017-04-07 14:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-05-12 21:41 - 2017-04-02 17:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-12 21:41 - 2017-04-02 17:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-12 21:41 - 2017-04-01 00:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-12 21:41 - 2017-03-31 22:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-12 21:41 - 2017-03-13 17:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-05-12 21:41 - 2017-03-13 17:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-05-12 21:41 - 2017-03-13 17:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-05-12 21:41 - 2017-03-13 17:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-05-12 21:41 - 2017-03-13 17:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-12 21:41 - 2017-03-13 17:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-05-12 21:41 - 2017-03-11 20:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-05-12 21:41 - 2017-03-11 20:32 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-05-12 21:41 - 2017-03-11 20:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-05-12 21:41 - 2017-03-11 19:49 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-12 21:41 - 2017-03-11 18:58 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-12 21:41 - 2017-03-11 18:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-05-12 21:41 - 2017-03-11 00:38 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-12 21:41 - 2017-03-11 00:38 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-05-12 21:41 - 2017-03-09 21:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-05-12 21:41 - 2017-03-09 20:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-05-12 21:41 - 2017-03-08 03:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-05-12 21:33 - 2017-05-13 23:42 - 00000000 ____D C:\Users\peter\AppData\LocalLow\uTorrent
2017-05-08 00:08 - 2017-05-08 00:12 - 00000000 ____D C:\iSkysoft_iPhoneDataRecovery_temp
2017-05-05 23:08 - 2017-05-05 23:08 - 00000000 ____D C:\ProgramData\Wondershare
2017-05-05 23:05 - 2017-05-05 23:05 - 00001524 _____ C:\Users\Public\Desktop\iSkysoft Toolbox for iOS.lnk
2017-05-05 23:05 - 2017-05-05 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2017-05-05 23:05 - 2017-01-12 11:45 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-05-05 23:05 - 2017-01-12 11:45 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\Drivers\libusb0.sys
2017-05-05 23:05 - 2015-02-27 10:35 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2017-05-05 22:54 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2017-05-05 22:37 - 2017-05-05 23:25 - 27986127 ____R C:\Users\peter\Downloads\iphone-data-recovery_full1656.rar
2017-05-03 10:39 - 2017-05-03 10:44 - 00000000 ____D C:\Users\peter\Downloads\The Real Housewives Of Orange County S10E01 – Under Construction x264 [DTW]
2017-05-03 08:46 - 2017-05-03 08:47 - 00000000 ____D C:\Users\peter\Downloads\Happy Valley 2 - COMPLETE Episodes 1-6 DVD Rip HD [BipolarBob]
2017-04-16 18:37 - 2017-03-14 15:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-16 18:37 - 2017-01-06 18:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-04-16 18:37 - 2017-01-06 18:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-04-16 18:36 - 2017-03-14 20:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-16 18:36 - 2017-03-14 15:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-16 18:36 - 2017-03-14 15:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-16 18:36 - 2017-03-14 15:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-16 18:36 - 2017-03-13 17:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-04-16 18:36 - 2017-03-12 16:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-16 18:36 - 2017-03-11 04:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-16 18:36 - 2017-03-11 04:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-16 18:36 - 2017-03-11 04:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-16 18:36 - 2017-03-11 04:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-16 18:36 - 2017-03-04 20:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-16 18:36 - 2017-03-04 20:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-16 18:36 - 2017-03-04 19:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-16 18:36 - 2017-03-04 17:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-16 18:36 - 2017-03-03 16:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-16 18:36 - 2017-03-03 16:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-16 18:36 - 2017-03-03 16:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-16 18:36 - 2017-03-03 16:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-16 18:36 - 2017-02-11 19:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-16 18:36 - 2017-02-11 18:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-16 18:36 - 2017-02-11 17:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-04-16 18:36 - 2017-02-11 17:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-04-16 18:36 - 2017-02-10 15:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-04-16 18:36 - 2017-02-04 18:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-16 18:36 - 2017-02-04 18:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-16 18:36 - 2017-02-04 18:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-16 18:36 - 2017-01-19 03:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-16 18:36 - 2017-01-18 15:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-16 18:36 - 2017-01-18 15:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-16 18:36 - 2017-01-14 21:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-16 18:36 - 2017-01-14 20:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-16 18:36 - 2017-01-12 17:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-04-16 18:36 - 2017-01-12 17:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-04-16 18:36 - 2017-01-12 07:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-04-16 18:36 - 2017-01-11 20:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-04-16 18:36 - 2017-01-11 18:28 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-04-16 18:36 - 2017-01-11 16:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-04-16 18:36 - 2017-01-10 23:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-04-16 18:36 - 2017-01-10 22:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-04-16 18:36 - 2017-01-10 21:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-04-16 18:36 - 2017-01-10 20:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-04-16 18:36 - 2017-01-10 20:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-04-16 18:36 - 2016-12-25 02:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-04-16 18:36 - 2016-12-25 01:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-04-16 18:36 - 2016-12-25 01:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-04-16 18:36 - 2016-12-25 00:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-04-16 18:36 - 2016-12-09 09:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-04-16 18:35 - 2017-03-13 17:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-16 18:35 - 2017-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-16 18:35 - 2017-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-16 18:35 - 2017-03-13 16:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-16 18:35 - 2017-03-13 16:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-16 18:35 - 2017-03-13 16:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-16 18:35 - 2017-03-09 22:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-16 18:35 - 2017-03-09 20:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-16 18:35 - 2016-12-25 02:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-04-15 09:02 - 2017-04-15 09:03 - 00000000 ____D C:\Program Files (x86)\GUM9FD7.tmp
2017-04-15 09:02 - 2017-04-15 09:02 - 07639040 _____ C:\Program Files (x86)\GUT9FD8.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-14 00:00 - 2017-01-22 02:19 - 00031087 _____ C:\Users\peter\Desktop\FRST.txt
2017-05-14 00:00 - 2016-07-29 19:09 - 00000000 ____D C:\Users\peter\AppData\Roaming\uTorrent
2017-05-13 23:57 - 2017-01-22 02:19 - 00000000 ____D C:\Users\peter\Desktop\FRST-OlderVersion
2017-05-13 23:57 - 2016-12-18 12:51 - 02429440 _____ (Farbar) C:\Users\peter\Desktop\FRST64.exe
2017-05-13 23:57 - 2015-12-19 11:37 - 00000000 ____D C:\FRST
2017-05-13 23:55 - 2016-11-19 08:27 - 00000000 ____D C:\Users\peter\AppData\LocalLow\Mozilla
2017-05-13 23:44 - 2017-02-13 00:26 - 00001018 _____ C:\WINDOWS\Tasks\Bing Search Engine locid.job
2017-05-13 23:44 - 2016-08-02 10:16 - 00000000 ____D C:\Users\peter\AppData\Roaming\Skype
2017-05-13 23:43 - 2016-07-30 18:04 - 00000000 ____D C:\Users\peter\AppData\Roaming\.ACEStream
2017-05-13 23:42 - 2015-10-24 11:45 - 00000000 __RDO C:\Users\peter\OneDrive
2017-05-13 23:34 - 2017-01-22 22:46 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-13 23:33 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-13 23:32 - 2013-08-22 15:44 - 00486896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-13 23:32 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-13 23:28 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-05-13 23:27 - 2017-02-13 00:27 - 00000296 _____ C:\WINDOWS\Tasks\{109395F2-5F8D-5910-0D71-1F06C958536E}.job
2017-05-13 23:22 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-13 23:22 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-13 23:22 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-13 23:14 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-13 23:13 - 2016-10-18 14:13 - 00001006 _____ C:\WINDOWS\Tasks\Yahoo! Powered locid.job
2017-05-13 23:11 - 2016-08-03 03:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-13 23:04 - 2016-08-03 03:44 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-13 23:00 - 2016-07-15 23:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3079031520-2956614243-2143490567-1001
2017-05-13 22:54 - 2017-01-13 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-05-13 22:49 - 2013-08-22 14:25 - 00000199 _____ C:\WINDOWS\win.ini
2017-05-13 22:44 - 2017-02-13 00:26 - 00000000 ____D C:\ProgramData\{F5EA3089-7FA8-BA4F-F96E-240D632CAFC3}
2017-05-13 22:42 - 2016-12-30 00:06 - 00000000 ____D C:\Users\peter\AppData\Roaming\mIRC
2017-05-13 22:23 - 2016-12-30 00:06 - 00000000 ____D C:\Program Files (x86)\mIRC
2017-05-12 21:59 - 2016-08-12 20:16 - 00000000 ____D C:\Users\peter\AppData\Local\CrashDumps
2017-05-12 21:56 - 2014-03-18 16:25 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-11 02:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2017-05-11 01:28 - 2017-02-13 00:26 - 00000000 ____D C:\Users\peter\AppData\Roaming\Nuharuh
2017-05-11 01:28 - 2016-07-25 23:24 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-11 01:28 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-11 01:27 - 2016-10-19 11:13 - 00000348 _____ C:\Users\peter\AppData\Roaming\WB.CFG
2017-05-11 01:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-08 01:08 - 2016-07-15 23:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-05 23:07 - 2017-01-13 09:51 - 00000000 ____D C:\Users\peter\AppData\Roaming\iSkysoft
2017-05-05 23:05 - 2017-01-13 09:53 - 00000000 ____D C:\ProgramData\iSkysoft
2017-05-05 22:54 - 2017-01-13 09:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2017-05-05 22:26 - 2016-12-15 23:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-04 23:34 - 2016-10-17 22:29 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-04 23:34 - 2016-10-17 22:29 - 00002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-03 22:49 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-03 22:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-30 07:21 - 2014-05-22 22:41 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 07:21 - 2014-05-22 22:41 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-26 03:23 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-04-26 03:23 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-26 03:23 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-22 22:52 - 2016-07-29 19:28 - 00000000 ____D C:\Users\peter\AppData\Roaming\vlc
2017-04-16 18:56 - 2016-12-17 19:50 - 00000000 ___HD C:\_acestream_cache_
2017-04-16 17:03 - 2017-03-30 08:44 - 00000000 ____D C:\Users\peter\AppData\Local\79002e3fd5bb0b6adb2e6033ffc5c633
2017-04-16 17:03 - 2016-12-23 15:23 - 00000000 ____D C:\Users\peter\AppData\Local\{059E3325-20CC-5E53-4BFA-7981972884BF}
2017-04-16 16:56 - 2016-10-18 14:12 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-16 16:56 - 2016-07-15 23:12 - 00000000 ____D C:\Users\peter

==================== Files in the root of some directories =======

2017-04-15 09:02 - 2017-04-15 09:02 - 7639040 _____ () C:\Program Files (x86)\GUT9FD8.tmp
2016-10-19 11:13 - 2017-05-11 01:27 - 0000348 _____ () C:\Users\peter\AppData\Roaming\WB.CFG
2016-10-18 14:12 - 2016-10-18 14:12 - 0000177 _____ () C:\Users\peter\AppData\Local\uts.ini
2016-10-10 10:52 - 2016-10-10 10:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-09-26 12:15 - 2014-09-26 12:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{109395F2-5F8D-5910-0D71-1F06C958536E}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-12 23:31

==================== End of FRST.txt ============================

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by peter (administrator) on 14-05-2017 at 00:09:35
Running from "C:\Users\peter\Desktop"
Microsoft Windows 8.1  (X64)
Model: SATELLITE C50-B Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1                   23.74.204.49
127.0.0.1                   2.20.235.247
127.0.0.1                   216.58.214.40
127.0.0.1                   151.101.12.143
127.0.0.1                   66.117.29.4
127.0.0.1                   63.140.41.167
127.0.0.1     13.80.12.54
127.0.0.1  239.255.255.250
========================= IP Configuration: ================================

Qualcomm Atheros AR956x Wireless Network Adapter = WiFi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe FE Family Controller = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Anonymous1975
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller #2
   Physical Address. . . . . . . . . : F8-A9-63-F6-D4-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 4C-BB-58-17-D3-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-BB-58-17-D3-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
   Physical Address. . . . . . . . . : 4C-BB-58-17-D3-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a966:dcc0:67f7:eb63%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 13 May 2017 23:33:07
   Lease Expires . . . . . . . . . . : 14 May 2017 23:33:12
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 105691992
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B6-FF-D8-F8-A9-63-F6-D4-CE
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3cd4:1b8f:adeb:fcd9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3cd4:1b8f:adeb:fcd9%9(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B6-FF-D8-F8-A9-63-F6-D4-CE
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{2ACE088C-8066-4C0C-A6A4-AD08B44720A4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  routerlogin.net
Address:  192.168.0.1

Name:    google.com
Addresses:  2a00:1450:4009:80c::200e
      216.58.213.110
      216.58.213.110
      216.58.213.110


Pinging google.com [216.58.213.110] with 32 bytes of data:
Reply from 216.58.213.110: bytes=32 time=24ms TTL=54
Reply from 216.58.213.110: bytes=32 time=18ms TTL=54

Ping statistics for 216.58.213.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 24ms, Average = 21ms
Server:  routerlogin.net
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=160ms TTL=45
Reply from 206.190.36.45: bytes=32 time=1018ms TTL=45

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 160ms, Maximum = 1018ms, Average = 589ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...f8 a9 63 f6 d4 ce ......Realtek PCIe FE Family Controller #2
  8...4c bb 58 17 d3 ce ......Bluetooth Device (Personal Area Network)
  6...1e bb 58 17 d3 cd ......Microsoft Wi-Fi Direct Virtual Adapter
  5...4c bb 58 17 d3 cd ......Qualcomm Atheros AR956x Wireless Network Adapter
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.7     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.7    281
      192.168.0.7  255.255.255.255         On-link       192.168.0.7    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.7    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.7    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.7    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  9    306 2001::/32                On-link
  9    306 2001:0:4137:9e76:3cd4:1b8f:adeb:fcd9/128
                                    On-link
  5    281 fe80::/64                On-link
  9    306 fe80::/64                On-link
  9    306 fe80::3cd4:1b8f:adeb:fcd9/128
                                    On-link
  5    281 fe80::a966:dcc0:67f7:eb63/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
  9    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/13/2017 11:44:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ANONYMOUS1975)
Description: Activation of application Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2017 11:44:50 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a9c

Start Time: 01d2cc3a7793c99f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: bfadc863-382d-11e7-82d0-4cbb5817d3ce

Faulting package full name: Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (05/13/2017 11:44:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ANONYMOUS1975)
Description: App Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe+AppexSports did not launch within its allotted time.

Error: (05/13/2017 11:43:52 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (05/13/2017 11:43:50 PM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (05/13/2017 11:43:49 PM) (Source: PerfNet) (User: )
Description:

Error: (05/13/2017 11:43:31 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/13/2017 11:43:27 PM) (Source: Perflib) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (05/13/2017 11:43:23 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (05/13/2017 11:43:23 PM) (Source: Perflib) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4


System errors:
=============
Error: (05/13/2017 11:34:00 PM) (Source: Service Control Manager) (User: )
Description: The Iskysoft Application Framework Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (05/13/2017 11:34:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Iskysoft Application Framework Service service to connect.

Error: (05/13/2017 11:28:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (05/13/2017 10:49:57 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/12/2017 09:51:30 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:30 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:29 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/12/2017 09:51:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


Microsoft Office Sessions:
=========================
Error: (05/13/2017 11:44:51 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ANONYMOUS1975)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927142

Error: (05/13/2017 11:44:50 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.174151a9c01d2cc3a7793c99f4294967295C:\WINDOWS\system32\wwahost.exebfadc863-382d-11e7-82d0-4cbb5817d3ceMicrosoft.BingSports_3.0.4.345_x64__8wekyb3d8bbweAppexSports

Error: (05/13/2017 11:44:39 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ANONYMOUS1975)
Description: Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe+AppexSports

Error: (05/13/2017 11:43:52 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (05/13/2017 11:43:50 PM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (05/13/2017 11:43:49 PM) (Source: PerfNet)(User: )
Description:

Error: (05/13/2017 11:43:31 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (05/13/2017 11:43:27 PM) (Source: Perflib)(User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (05/13/2017 11:43:23 PM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (05/13/2017 11:43:23 PM) (Source: Perflib)(User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4


CodeIntegrity Errors:
===================================
  Date: 2016-12-17 20:06:23.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-14 21:48:16.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-07 19:19:13.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-02 20:53:46.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-23 09:06:55.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 00:11:46.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-08 10:18:37.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-07 11:00:17.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-04 16:34:00.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-30 09:58:23.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Ace Stream Media 3.1.7 (HKCU\...\AceStream) (Version: 3.1.7 - Ace Stream Media)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bing Search Engine (HKLM-x32\...\{57D7BF17-0757-6E97-B6D7-1E176657CD97}) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrightPay UK 2016/17 (HKLM-x32\...\{3AA3F6CA-2791-4F5B-BD44-13A998AC2BB6}) (Version: 16.4.0 - Thesaurus Software Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
FinalBurner PRO v2.7.0.182 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}) (Version:  - )
FonePaw Android Data Recovery 1.9.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.9.0 - FonePaw)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM-x32\...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iSkysoft Toolbox for iOS (Version 5.0.1) (HKLM-x32\...\{10B4DAB2-9F85-483e-BF03-31771821E060}_is1) (Version: 5.0.1.7 - iSkysoft Software Co.,Ltd.)
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Kingo ROOT version 1.4.9.2847 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.9.2847 - Kingosoft Technology Ltd.)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mnemosyne 2.3.6 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mozilla Firefox 53.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-GB)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
ONVIF Device Manager v2.2.250 (HKLM-x32\...\{6AC771CF-4EAA-41B7-A398-61A33701E076}) (Version: 2.2.250 - Synesis)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outlook Privacy Plugin (HKLM-x32\...\{68E34B9C-F9B5-4346-B394-F22B2A726306}) (Version: 2.0.5627.23349 - Deja vu Security)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.04.6401 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version:  - Microsoft)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC Streamer 5.31 (HKLM-x32\...\VLC Streamer_is1) (Version:  - Hobbyist Software)
WinAVI All-in-One Converter (HKLM-x32\...\WinAVI All-in-One Converter_is1) (Version: 1.7.0 - )
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
Yahoo! Powered (HKLM-x32\...\{CF952755-9F15-F6D5-2E95-8655FE1555D5}) (Version:  - )

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 3981.93 MB
Available physical RAM: 1433.14 MB
Total Virtual: 5837.93 MB
Available Virtual: 3249.97 MB

========================= Partitions: =====================================

1 Drive c: (TI31338200A) (Fixed) (Total:919.33 GB) (Free:335.98 GB) NTFS

========================= Users: ========================================

User accounts for \\ANONYMOUS1975

Administrator            Guest                    peter                    

========================= Restore Points ==================================

08-05-2017 00:04:15 Windows Update
12-05-2017 22:31:53 Windows Update
13-05-2017 21:30:23 Windows Modules Installer

**** End of log ****
 

 

 

 

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/14/2017 06:05:40 AM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:59 AM

Posted 14 May 2017 - 12:42 PM

No.

I didn't ask for Farbar Recovery Scan Tool log but Farbar Service Scanner log.

MBAM and MBAR logs are missing.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Petenkelly

Petenkelly
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 15 May 2017 - 09:01 AM

My apologies I will amend as soon as I have finished work.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:59 AM

Posted 15 May 2017 - 08:17 PM

OK :)


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Peteandkelly

Peteandkelly

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 20 May 2017 - 10:22 AM

We had a death in the family so please accept my apologies i will make sure this is completed today.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:59 AM

Posted 20 May 2017 - 12:34 PM

My deepest condolences...


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users