Inactive Results after a clean boot Windows 10

mathewboan · 2016/04/02

[Inactive] Results after a clean boot Windows 10

this is the malware scan result after i done a clean boot as i had Display screen problems on startup after a Windows Update version 1511 . Please help i'm not sure what i am supposed to look for to fix my problem. Please let me know what to do to try fixing it & if i have pasted this correctly.
Below is the first & Additional of the scan. Please let me know what the problem is as i dont know what to look for.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Mango (administrator) on MATTS-ACER (03-04-2016 07:39:06)
Running from C:\Users\Mango\Documents\Downloads
Loaded Profiles: Mango (Available Profiles: Mango)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40721.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40721.0_x64__8wekyb3d8bbwe\HxTsr.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5370144 2016-03-18] (IObit)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [116088 2015-09-03] (The Nielsen Company)
HKLM\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\RunOnce: [Uninstall C:\Users\Mango\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mango\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_2\amd64 "
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\MountPoints2: {5921fb1b-c247-11e5-9c25-7427eab4456e} - "E:\AutoRun.exe"
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\MountPoints2: {5921fbb4-c247-11e5-9c25-7427eab4456e} - "E:\AutoRun.exe"
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\MountPoints2: {b7847369-744b-11e5-9bdd-7427eab4456e} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\MountPoints2: {c21b1c60-54f7-11e5-9bc4-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wlidNSP.dll [43520 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [43520 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [66048 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [66048 2015-10-30] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{50622d22-2a61-4370-944f-be515af921c8}: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{58bc6d8f-8f99-417b-a5fc-4f3f4b77281d}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{893f9cd2-a95c-40e4-8fc7-cf9337ed095f}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{893f9cd2-a95c-40e4-8fc7-cf9337ed095f}: [DhcpNameServer] 192.168.137.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97530839_hao_pg
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-03-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1967804330-1418288720-2008775586-1001 -> No Name - {41564753-5033-2D53-4700-7A786E7484D7} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-03-30] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-03-30] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1967804330-1418288720-2008775586-1001 -> hxxp://www.google.com.au/

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-30] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-03-30] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found

Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.com.au/ "
CHR Profile: C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Web Boost - Wait Less, Browse Faster!) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbkhnpmoamidjgbneafjipbmdfpefad [2016-04-02]
CHR Extension: (Google Drive) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Nielsen NetSight) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2016-04-02]
CHR Extension: (Google Search) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2016-01-28]
CHR Extension: (Gmail Offline) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-09-07]
CHR Extension: (Bing) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-17]
CHR Extension: (Network Requests Monitor) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgbbcmdelmcoeklbnghlbpcmakchda [2016-01-28]
CHR Extension: (SwagButton) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2016-03-30]
CHR Extension: (Badge) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobgfokkfmmdehpedkjgkhjcnejfoodf [2016-03-21]
CHR Extension: (Google Hangouts) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Swagbucks Search) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnegnghjbbaaojdkcdgmdehpakckeekb [2016-04-02]
CHR Extension: (WebRTC Network Limiter) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2016-01-28]
CHR Extension: (Gmail) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR Extension: (Mobogenie) - C:\Users\Mango\AppData\Local\Google\Chrome\User Data\Default\Extensions\poibplaoblmmhpihedkebjncigmkdmgg [2015-09-07]
CHR HKLM\...\Chrome\Extension: [aaaacnnimempmlomnnhdkimkfahjplfp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaacnnimempmlomnnhdkimkfahjplfp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1580352 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
S4 BB1116475; C:\WINDOWS\GJFix\BB1116475 [129504 2016-03-03] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-12-09] (NVIDIA Corporation)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S3 Mcx2Svc; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 Mcx2Svc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S4 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2965368 2015-09-03] (The Nielsen Company)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-12-09] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6299952 2015-12-09] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4804400 2015-12-09] (NVIDIA Corporation)
S2 QQRepair1bf8; C:\WINDOWS\GJFix\QQRepair1bf8 [129504 2016-04-03] ()
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-08-12] (@ByELDI) [File not signed]
S4 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2444608 2016-02-01] (SuperBoost Software)
S4 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [31176 2016-01-14] (SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-15] (AVG Technologies CZ, s.r.o.)
S1 bd0001; C:\Windows\SysWOW64\DRIVERS\bd0001.sys [203280 2016-03-03] (Baidu)
R1 bd0002; C:\Windows\System32\Drivers\bd0002.sys [212488 2016-01-29] (Baidu)
R1 bd0002; C:\Windows\SysWow64\Drivers\bd0002.sys [219144 2016-03-03] (Baidu)
S2 BDArKit; C:\WINDOWS\System32\Drivers\BDArKit.SYS [152392 2016-01-29] (Baidu Technology)
R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [241992 2016-01-29] (Baidu)
S1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2016-01-29] (Baidu)
S3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2016-01-25] (Cypress Semiconductor, Inc.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2015-12-16] (Intel Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [22208 2016-01-11] (IObit)
S3 huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [86016 2016-01-25] (Huawei Technologies Co., Ltd.) [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-25] (REALiX(tm))
S2 ISOMount; no ImagePath
S3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [26488 2015-09-03] (The Nielsen Company)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S1 QMUdisk; no ImagePath
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-01-11] (IObit.com)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2016-03-18] (Realsil Semiconductor Corporation)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-06] (SerComm Corporation)
S1 softaal; no ImagePath
S2 tsnethlpx64; no ImagePath
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2016-01-11] (IObit.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\System32\drivers\lgandnetndis64.sys [X]
S3 cpuz138; \??\C:\Users\Mango\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 ewusbmbb; \SystemRoot\System32\drivers\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
U3 MediaMall Server; no ImagePath
S1 SRepairDrv; \??\C:\WINDOWS\GJFix\SRepairDrv [X]
S3 usbbus; \SystemRoot\System32\drivers\lgx64bus.sys [X]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgx64modem.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 VMSVSP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

mathewboan · 2016/04/02

Part 2 of the FRST.TXT

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 07:38 - 2016-04-03 07:39 - 00000000 ____D C:\FRST
2016-04-02 23:43 - 2016-04-02 23:45 - 00000000 ___RD C:\Users\Mango\Desktop\MOBILE PHONE UNLOCK CODES & SOFTWARE
2016-04-02 21:02 - 2016-04-02 21:03 - 00000561 _____ C:\Users\Mango\AppData\Roaming\Microsoft\Windows\Start Menu\Nielsen--NetRatings.website
2016-04-02 20:37 - 2016-04-02 20:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2016-04-02 20:25 - 2016-04-02 20:25 - 00000000 ____D C:\Program Files (x86)\NetRatingsNetSight
2016-04-02 19:36 - 2016-04-02 19:36 - 00000000 ____D C:\Users\Mango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universal Simlock Remover
2016-04-02 19:36 - 2016-04-02 19:36 - 00000000 ____D C:\Program Files (x86)\USR
2016-04-02 09:29 - 2016-04-02 09:29 - 00771229 _____ C:\Users\Mango\Documents\User Manual ZTE T792_Help.pdf
2016-04-01 15:04 - 2016-04-01 15:04 - 00000000 ____D C:\Users\Mango\AppData\Roaming\thriXXX
2016-04-01 15:04 - 2016-04-01 15:04 - 00000000 ____D C:\Users\Mango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2016-04-01 15:04 - 2016-04-01 15:04 - 00000000 ____D C:\ProgramData\thriXXX
2016-04-01 15:04 - 2016-04-01 15:04 - 00000000 ____D C:\Program Files (x86)\thriXXX
2016-04-01 12:05 - 2016-04-01 12:05 - 00132104 _____ C:\Users\Mango\Documents\Available games backward.html
2016-04-01 12:05 - 2016-04-01 12:05 - 00002486 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Mango
2016-04-01 12:05 - 2016-04-01 12:05 - 00000300 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Mango.job
2016-04-01 12:05 - 2016-04-01 12:05 - 00000000 ____D C:\Users\Mango\Documents\Available games backward_files
2016-03-31 13:28 - 2016-03-31 13:28 - 00000017 _____ C:\Users\Mango\AppData\Local\resmon.resmoncfg
2016-03-31 13:11 - 2016-03-31 13:11 - 00000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2016-03-31 11:28 - 2016-03-31 11:28 - 79536128 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-03-31 11:28 - 2016-03-31 11:28 - 05697536 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2016-03-31 11:28 - 2016-03-31 11:28 - 00495616 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-03-31 11:28 - 2016-03-31 11:28 - 00114688 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-03-31 11:28 - 2016-03-31 11:28 - 00036864 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-03-31 11:28 - 2016-03-31 11:28 - 00000000 ____H C:\asc_rdflag
2016-03-31 10:52 - 2016-03-31 10:52 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-31 07:35 - 2016-01-23 10:17 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-31 07:34 - 2016-01-23 10:31 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-31 07:32 - 2016-03-31 07:33 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-31 01:16 - 2016-03-31 01:16 - 00000424 __RSH C:\ProgramData\ntuser.pol
2016-03-31 01:09 - 2016-03-31 13:38 - 00335810 _____ C:\WINDOWS\ntbtlog.txt
2016-03-30 23:26 - 2016-03-30 23:26 - 00000969 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-03-30 21:02 - 2016-03-30 21:02 - 02804212 _____ C:\WINDOWS\chromebrowser.exe
2016-03-30 20:59 - 2010-12-06 11:46 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2016-03-30 20:58 - 2016-03-30 20:59 - 00003466 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2016-03-30 20:39 - 2016-03-30 20:39 - 00000000 ___HD C:\$Windows.~WS
2016-03-30 20:39 - 2016-03-30 20:39 - 00000000 ____D C:\$WINDOWS.~BT
2016-03-30 20:29 - 2016-03-30 20:29 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-30 19:04 - 2016-03-30 19:04 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-30 18:04 - 2016-03-30 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-30 13:46 - 2016-03-30 13:46 - 02090057 _____ C:\Users\Mango\Downloads\NF10W-User-Guide.pdf
2016-03-30 13:45 - 2016-03-30 13:46 - 00641627 _____ C:\Users\Mango\Downloads\NF10W-Spec-Sheet.pdf
2016-03-30 08:27 - 2016-04-01 08:26 - 00000000 ____D C:\WINDOWS\pss
2016-03-30 01:16 - 2016-03-08 16:42 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-30 01:16 - 2016-03-08 16:42 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 23:34 - 2016-03-29 23:34 - 00001222 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2016-03-29 23:34 - 2015-01-10 14:02 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-03-29 23:31 - 2016-04-03 07:04 - 00000260 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Mango.job
2016-03-29 23:31 - 2016-03-30 00:08 - 00002210 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-03-29 23:31 - 2016-03-29 23:31 - 00003308 _____ C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor
2016-03-29 23:31 - 2016-03-29 23:31 - 00002432 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Mango
2016-03-29 23:31 - 2016-03-29 23:31 - 00001401 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-03-29 23:31 - 2016-03-29 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-03-29 21:53 - 2016-03-01 15:01 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-29 21:53 - 2016-03-01 14:52 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-29 21:53 - 2016-02-24 19:22 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-29 21:53 - 2016-02-24 19:21 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-29 21:53 - 2016-02-24 19:18 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-29 21:53 - 2016-02-24 19:17 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-29 21:53 - 2016-02-24 19:10 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-29 21:53 - 2016-02-24 19:04 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-29 21:53 - 2016-02-24 18:58 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-29 21:53 - 2016-02-24 18:45 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-29 21:53 - 2016-02-24 18:28 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-29 21:53 - 2016-02-24 18:21 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-29 21:53 - 2016-02-24 18:20 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-29 21:53 - 2016-02-24 18:16 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-29 21:53 - 2016-02-24 18:13 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-29 21:53 - 2016-02-24 18:09 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-29 21:53 - 2016-02-24 18:09 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-29 21:53 - 2016-02-24 17:49 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-29 21:53 - 2016-02-24 17:44 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-29 21:53 - 2016-02-24 17:41 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-29 21:53 - 2016-02-24 17:41 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-29 21:53 - 2016-02-24 17:41 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-29 21:53 - 2016-02-24 17:41 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-29 21:53 - 2016-02-24 17:41 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-29 21:53 - 2016-02-24 17:41 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-29 21:53 - 2016-02-24 17:40 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-29 21:53 - 2016-02-24 17:40 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-29 21:53 - 2016-02-24 17:39 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-29 21:53 - 2016-02-24 17:39 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-29 21:53 - 2016-02-24 17:36 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-29 21:53 - 2016-02-24 17:29 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-29 21:53 - 2016-02-24 17:09 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-29 21:53 - 2016-02-24 17:09 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-29 21:53 - 2016-02-24 17:08 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-29 21:53 - 2016-02-24 17:08 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-29 21:53 - 2016-02-24 17:07 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-29 21:53 - 2016-02-24 17:06 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-29 21:53 - 2016-02-24 17:05 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-29 21:53 - 2016-02-24 17:05 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-29 21:53 - 2016-02-24 17:05 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-29 21:53 - 2016-02-24 17:05 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-29 21:53 - 2016-02-24 17:03 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-29 21:53 - 2016-02-24 17:03 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-29 21:53 - 2016-02-24 17:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-29 21:53 - 2016-02-24 17:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-29 21:53 - 2016-02-24 16:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-29 21:53 - 2016-02-24 16:53 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-29 21:53 - 2016-02-24 16:53 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-29 21:53 - 2016-02-24 16:52 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-29 21:53 - 2016-02-24 16:50 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-29 21:53 - 2016-02-24 16:50 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-29 21:53 - 2016-02-24 16:50 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-29 21:53 - 2016-02-24 16:49 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-29 21:53 - 2016-02-24 16:49 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-29 21:53 - 2016-02-24 16:45 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-29 21:53 - 2016-02-24 16:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-29 21:53 - 2016-02-24 16:43 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-29 21:53 - 2016-02-24 16:42 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-29 21:53 - 2016-02-24 16:42 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-29 21:53 - 2016-02-24 16:40 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-29 21:53 - 2016-02-24 16:39 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-29 21:53 - 2016-02-24 16:39 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-29 21:53 - 2016-02-24 16:37 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-29 21:53 - 2016-02-24 16:35 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-29 21:53 - 2016-02-24 16:33 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-29 21:53 - 2016-02-24 16:32 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-29 21:53 - 2016-02-24 16:31 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-29 21:53 - 2016-02-24 16:31 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-29 21:53 - 2016-02-24 16:31 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-29 21:53 - 2016-02-24 16:30 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-29 21:53 - 2016-02-24 16:29 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-29 21:53 - 2016-02-24 16:29 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-29 21:53 - 2016-02-24 16:29 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-29 21:53 - 2016-02-24 16:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-29 21:53 - 2016-02-24 16:25 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-29 21:53 - 2016-02-24 16:25 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-29 21:53 - 2016-02-24 16:25 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-29 21:53 - 2016-02-24 16:24 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-29 21:53 - 2016-02-24 16:24 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-29 21:53 - 2016-02-24 16:24 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-29 21:53 - 2016-02-24 16:24 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-29 21:53 - 2016-02-24 16:23 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-29 21:53 - 2016-02-24 16:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-29 21:53 - 2016-02-24 16:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-29 21:53 - 2016-02-24 16:22 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-29 21:53 - 2016-02-24 16:21 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-29 21:53 - 2016-02-24 16:19 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-29 21:53 - 2016-02-24 16:17 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-29 21:53 - 2016-02-24 16:16 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-29 21:53 - 2016-02-24 16:14 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-29 21:53 - 2016-02-24 16:14 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-29 21:53 - 2016-02-24 16:14 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-29 21:53 - 2016-02-24 16:14 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-29 21:53 - 2016-02-24 16:13 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-29 21:53 - 2016-02-24 16:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-29 21:53 - 2016-02-24 16:11 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-29 21:53 - 2016-02-24 16:11 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-29 21:53 - 2016-02-24 16:10 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-29 21:53 - 2016-02-24 16:10 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-29 21:53 - 2016-02-24 16:10 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-29 21:53 - 2016-02-24 16:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-29 21:53 - 2016-02-24 16:09 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-29 21:53 - 2016-02-24 16:08 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-29 21:53 - 2016-02-24 16:06 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-29 21:53 - 2016-02-24 16:04 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-29 21:53 - 2016-02-24 16:04 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-29 21:53 - 2016-02-24 16:02 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-29 21:53 - 2016-02-24 16:02 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-29 21:53 - 2016-02-24 16:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-29 21:53 - 2016-02-24 16:01 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-29 21:53 - 2016-02-24 15:58 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-29 21:53 - 2016-02-24 15:58 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-29 21:53 - 2016-02-24 15:58 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-29 21:53 - 2016-02-24 15:55 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-29 21:53 - 2016-02-24 15:53 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-29 21:53 - 2016-02-24 15:52 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-29 21:53 - 2016-02-24 15:51 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-29 21:53 - 2016-02-24 15:51 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-29 21:53 - 2016-02-24 15:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-29 21:53 - 2016-02-24 15:48 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-29 21:53 - 2016-02-24 15:48 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-29 21:53 - 2016-02-24 15:47 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-29 21:53 - 2016-02-24 15:46 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-29 21:53 - 2016-02-24 15:43 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-29 21:53 - 2016-02-24 15:41 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-29 21:53 - 2016-02-24 15:39 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-29 21:53 - 2016-02-24 15:39 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-29 21:53 - 2016-02-24 15:39 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-29 21:53 - 2016-02-24 15:39 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-29 21:53 - 2016-02-24 15:37 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-29 21:53 - 2016-02-24 15:37 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-29 21:53 - 2016-02-24 15:37 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-29 21:53 - 2016-02-24 15:34 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-29 21:53 - 2016-02-24 15:33 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-29 21:53 - 2016-02-24 15:31 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-29 21:53 - 2016-02-24 15:30 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-29 21:53 - 2016-02-24 15:30 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-29 21:53 - 2016-02-24 15:27 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-29 21:53 - 2016-02-24 15:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-29 21:53 - 2016-02-24 15:13 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-29 21:53 - 2016-02-24 15:04 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-29 21:53 - 2016-02-24 14:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-29 21:53 - 2016-02-24 14:50 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-29 21:53 - 2016-02-24 14:48 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-29 21:53 - 2016-02-24 14:42 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-29 21:53 - 2016-02-24 14:42 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-29 21:53 - 2016-02-24 14:40 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-29 21:53 - 2016-02-24 14:39 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-29 21:53 - 2016-02-24 14:35 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-29 21:53 - 2016-02-24 14:33 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-29 21:53 - 2016-02-24 14:29 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-29 21:53 - 2016-02-24 14:25 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-19 10:11 - 2016-03-19 10:11 - 00510068 _____ C:\WINDOWS\Minidump\031916-40203-01.dmp
2016-03-19 02:06 - 2016-03-19 10:11 - 478067738 _____ C:\WINDOWS\MEMORY.DMP
2016-03-18 21:36 - 2016-03-18 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dodo Mobile
2016-03-18 21:16 - 2016-03-18 21:16 - 00000000 ____D C:\Users\Mango\AppData\Roaming\Vodafone
2016-03-18 21:15 - 2016-03-18 21:15 - 00000000 ____D C:\ProgramData\FLEXnet
2016-03-18 21:15 - 2016-03-18 21:15 - 00000000 ____D C:\Program Files (x86)\Vodafone
2016-03-18 21:14 - 2016-03-19 02:50 - 00000000 ____D C:\ProgramData\Vodafone
2016-03-18 05:39 - 2016-03-18 05:39 - 04739328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-03-18 05:39 - 2016-03-18 05:39 - 00413912 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-03-18 03:52 - 2016-03-18 03:52 - 00000000 __SHD C:\Users\Mango\Phone Browser
2016-03-18 01:14 - 2016-03-18 01:14 - 00199293 _____ C:\Users\Mango\Downloads\New Student Enrollment Steps Fillable v2.2.pdf
2016-03-17 02:49 - 2016-03-17 03:07 - 00000000 ____D C:\Users\Mango\AppData\Roaming\PC Suite
2016-03-17 02:49 - 2016-03-17 03:07 - 00000000 ____D C:\Users\Mango\AppData\Roaming\Nokia
2016-03-17 02:49 - 2016-03-17 02:49 - 00000000 ____D C:\ProgramData\PC Suite
2016-03-17 02:46 - 2016-03-19 02:50 - 00000000 ____D C:\Program Files\DIFX
2016-03-17 02:46 - 2016-03-19 02:50 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2016-03-17 02:46 - 2016-03-19 02:50 - 00000000 ____D C:\Program Files (x86)\Nokia
2016-03-17 02:44 - 2016-03-17 03:12 - 00000000 ____D C:\ProgramData\Installations
2016-03-16 22:42 - 2016-03-16 22:42 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-03-16 03:54 - 2016-03-16 22:43 - 00000044 ___SH C:\ProgramData\.zreglib
2016-03-16 03:54 - 2016-03-16 03:54 - 00000000 ____D C:\Program Files (x86)\SlySoft
2016-03-15 14:45 - 2016-03-15 14:45 - 00000000 ____D C:\Users\Mango\AppData\Roaming\Canon
2016-03-15 14:35 - 2016-03-19 02:50 - 00000000 ____D C:\Program Files\CanonBJ
2016-03-15 14:26 - 2016-03-15 14:36 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-15 13:52 - 2016-03-15 13:52 - 00000000 ____D C:\ProgramData\CanonBJ
2016-03-12 02:25 - 2016-03-15 10:24 - 00000000 ____D C:\ProgramData\0a3c2bd9-4f97-1
2016-03-12 02:25 - 2016-03-15 10:24 - 00000000 ____D C:\ProgramData\0a3c2bd9-19e1-0
2016-03-11 02:25 - 2016-03-11 17:55 - 00000000 ____D C:\ProgramData\0a3c2bd9-4ad5-1
2016-03-11 02:25 - 2016-03-11 17:55 - 00000000 ____D C:\ProgramData\0a3c2bd9-3481-0
2016-03-10 20:25 - 2016-03-10 20:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-72e7-1
2016-03-10 20:25 - 2016-03-10 20:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-1ef7-0
2016-03-10 17:53 - 2016-02-24 18:24 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-10 14:25 - 2016-03-10 14:31 - 00000000 ____D C:\ProgramData\0a3c2bd9-5d37-0
2016-03-10 14:25 - 2016-03-10 14:31 - 00000000 ____D C:\ProgramData\0a3c2bd9-2c85-1
2016-03-10 08:25 - 2016-03-10 09:37 - 00000000 ____D C:\ProgramData\0a3c2bd9-6495-1
2016-03-10 08:25 - 2016-03-10 09:37 - 00000000 ____D C:\ProgramData\0a3c2bd9-4f95-0
2016-03-10 02:25 - 2016-03-10 03:59 - 00000000 ____D C:\ProgramData\0a3c2bd9-7241-0
2016-03-10 02:25 - 2016-03-10 03:59 - 00000000 ____D C:\ProgramData\0a3c2bd9-5c65-1
2016-03-10 00:53 - 2016-03-10 00:53 - 00000774 _____ C:\Users\Mango\Desktop\Videos.lnk
2016-03-10 00:26 - 2016-03-10 00:26 - 00002407 _____ C:\Users\Mango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-09 21:29 - 2016-03-09 21:29 - 00000558 _____ C:\Users\Mango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive (2).lnk
2016-03-09 18:27 - 2016-03-09 18:27 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-03-09 18:27 - 2016-03-09 18:27 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-03-09 08:25 - 2016-03-09 08:27 - 00000000 ____D C:\ProgramData\0a3c2bd9-56e5-0
2016-03-09 08:25 - 2016-03-09 08:27 - 00000000 ____D C:\ProgramData\0a3c2bd9-5261-1
2016-03-09 02:43 - 2016-04-03 07:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 02:43 - 2016-03-29 23:37 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-09 02:25 - 2016-03-09 02:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-6f23-1
2016-03-09 02:25 - 2016-03-09 02:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-4755-0
2016-03-08 20:25 - 2016-03-08 20:28 - 00000000 ____D C:\ProgramData\0a3c2bd9-1f35-0
2016-03-08 20:25 - 2016-03-08 20:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-6915-1
2016-03-08 14:25 - 2016-03-08 15:16 - 00000000 ____D C:\ProgramData\0a3c2bd9-77f3-1
2016-03-08 14:25 - 2016-03-08 14:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-6511-0
2016-03-08 08:25 - 2016-03-08 09:28 - 00000000 ____D C:\ProgramData\0a3c2bd9-6f61-0
2016-03-08 08:25 - 2016-03-08 09:28 - 00000000 ____D C:\ProgramData\0a3c2bd9-6163-1
2016-03-08 02:25 - 2016-03-08 06:01 - 00000000 ____D C:\ProgramData\0a3c2bd9-2ae1-1
2016-03-08 02:25 - 2016-03-08 06:01 - 00000000 ____D C:\ProgramData\0a3c2bd9-05d5-0
2016-03-07 20:25 - 2016-03-08 06:01 - 00000000 ____D C:\ProgramData\0a3c2bd9-2563-0
2016-03-07 20:25 - 2016-03-08 06:01 - 00000000 ____D C:\ProgramData\0a3c2bd9-16b3-1
2016-03-07 14:25 - 2016-03-07 15:51 - 00000000 ____D C:\ProgramData\0a3c2bd9-7943-1
2016-03-07 14:25 - 2016-03-07 15:51 - 00000000 ____D C:\ProgramData\0a3c2bd9-5ca3-0
2016-03-07 08:25 - 2016-03-07 08:30 - 00000000 ____D C:\ProgramData\0a3c2bd9-3053-1
2016-03-07 08:25 - 2016-03-07 08:30 - 00000000 ____D C:\ProgramData\0a3c2bd9-27b5-0
2016-03-07 02:25 - 2016-03-07 07:14 - 00000000 ____D C:\ProgramData\0a3c2bd9-6631-1
2016-03-07 02:25 - 2016-03-07 07:14 - 00000000 ____D C:\ProgramData\0a3c2bd9-27e3-0
2016-03-06 20:25 - 2016-03-06 20:35 - 00000000 ____D C:\ProgramData\0a3c2bd9-4931-1
2016-03-06 20:25 - 2016-03-06 20:35 - 00000000 ____D C:\ProgramData\0a3c2bd9-00c7-0
2016-03-06 14:25 - 2016-03-06 14:41 - 00000000 ____D C:\ProgramData\0a3c2bd9-49d7-1
2016-03-06 14:25 - 2016-03-06 14:41 - 00000000 ____D C:\ProgramData\0a3c2bd9-1ca3-0
2016-03-06 08:25 - 2016-03-06 09:37 - 00000000 ____D C:\ProgramData\0a3c2bd9-4b95-0
2016-03-06 08:25 - 2016-03-06 09:37 - 00000000 ____D C:\ProgramData\0a3c2bd9-1a47-1
2016-03-06 02:25 - 2016-03-06 09:37 - 00000000 ____D C:\ProgramData\0a3c2bd9-36a3-1
2016-03-06 02:25 - 2016-03-06 09:37 - 00000000 ____D C:\ProgramData\0a3c2bd9-3331-0
2016-03-05 20:25 - 2016-03-05 20:28 - 00000000 ____D C:\ProgramData\0a3c2bd9-45a5-0
2016-03-05 20:25 - 2016-03-05 20:27 - 00000000 ____D C:\ProgramData\0a3c2bd9-09d3-1
2016-03-05 14:25 - 2016-03-05 14:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-79b3-1
2016-03-05 14:25 - 2016-03-05 14:26 - 00000000 ____D C:\ProgramData\0a3c2bd9-1bf7-0
2016-03-05 08:25 - 2016-03-05 08:27 - 00000000 ____D C:\ProgramData\0a3c2bd9-6e43-0
2016-03-05 08:25 - 2016-03-05 08:27 - 00000000 ____D C:\ProgramData\0a3c2bd9-3aa5-1
2016-03-05 08:20 - 2016-03-05 08:21 - 00000000 ____D C:\ProgramData\0a3c2bd9-4317-0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 07:27 - 2015-11-04 15:15 - 00000000 ____D C:\ProgramData\MFAData
2016-04-03 07:21 - 2015-10-15 03:28 - 00000000 ____D C:\Users\Mango\AppData\Roaming\Azureus
2016-04-03 07:17 - 2016-02-12 11:05 - 00000000 ____D C:\Users\Mango\Documents\Vuze Downloads
2016-04-03 06:03 - 2015-10-30 16:51 - 00000000 ____D C:\WINDOWS\INF
2016-04-03 06:03 - 2015-09-07 09:58 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-03 05:57 - 2015-12-19 02:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-03 05:56 - 2016-03-03 04:24 - 00000000 ____D C:\WINDOWS\GJFix
2016-04-03 05:56 - 2015-10-30 15:58 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-04-03 04:19 - 2015-09-08 19:15 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6EA4FDB5-677F-4F38-8414-6FF976A0741E}
2016-04-02 23:12 - 2016-01-08 11:56 - 00000000 ____D C:\Users\Mango\AppData\Local\CrashDumps
2016-04-02 18:16 - 2015-10-30 16:54 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-02 18:16 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-01 08:49 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-01 07:55 - 2015-12-19 02:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-31 22:05 - 2015-11-12 21:45 - 00031744 ___SH C:\Users\Mango\Documents\Thumbs.db
2016-03-31 13:56 - 2015-09-07 10:00 - 00000000 ____D C:\Users\Mango\AppData\Local\ElevatedDiagnostics
2016-03-31 13:14 - 2016-02-04 21:13 - 00000910 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
2016-03-31 11:11 - 2016-02-18 01:57 - 00000000 ___RD C:\Users\Mango\Google Drive
2016-03-31 10:12 - 2016-03-02 21:32 - 00000000 ____D C:\Users\Mango\Documents\Advanced SystemCare Pro 9.0
2016-03-31 07:37 - 2015-09-07 09:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-31 07:35 - 2016-01-25 16:11 - 00000000 ____D C:\temp
2016-03-31 07:35 - 2015-12-19 02:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-31 01:07 - 2015-07-10 20:34 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-03-31 00:40 - 2015-09-08 23:38 - 00000000 ____D C:\Users\Mango\AppData\Roaming\vlc
2016-03-30 23:26 - 2015-11-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-30 23:26 - 2015-10-30 16:54 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-30 23:21 - 2015-12-19 02:18 - 00215088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-30 23:18 - 2015-12-19 02:23 - 00000000 ____D C:\Users\Mango
2016-03-30 22:05 - 2015-12-19 21:17 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-30 20:59 - 2015-12-20 09:25 - 00000000 ____D C:\Program Files\KMSpico
2016-03-30 20:29 - 2015-10-30 16:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-30 20:29 - 2015-10-30 16:54 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-30 17:41 - 2015-10-16 04:42 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-30 05:48 - 2015-10-30 16:54 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-30 05:48 - 2015-10-30 16:54 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-30 05:48 - 2015-10-30 16:54 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-30 05:48 - 2015-10-30 16:54 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-30 05:31 - 2015-09-07 09:54 - 00000000 ____D C:\Users\Mango\AppData\Local\Packages
2016-03-30 02:46 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\rescache
2016-03-30 01:16 - 2015-10-30 16:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-30 00:20 - 2015-09-07 19:19 - 00000000 ____D C:\Users\Mango\AppData\Roaming\IObit
2016-03-30 00:16 - 2015-09-07 19:19 - 00000000 ____D C:\Program Files (x86)\IObit
2016-03-29 23:44 - 2015-09-07 16:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-29 23:41 - 2015-09-07 16:23 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-29 23:34 - 2016-01-25 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-03-29 23:34 - 2015-09-07 19:19 - 00000000 ____D C:\ProgramData\ProductData
2016-03-29 23:34 - 2015-09-07 19:19 - 00000000 ____D C:\ProgramData\IObit
2016-03-29 23:31 - 2016-02-18 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-03-29 21:44 - 2015-10-30 15:58 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-22 19:43 - 2016-01-27 11:51 - 00003974 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-22 19:43 - 2015-12-30 14:40 - 00000140 _____ C:\WINDOWS\Reimage.ini
2016-03-19 10:11 - 2015-12-30 10:53 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-19 03:01 - 2016-02-28 23:41 - 00000000 ____D C:\ProgramData\6e5a08be
2016-03-19 02:50 - 2016-01-25 16:07 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-03-19 02:50 - 2015-12-19 02:21 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-03-19 02:50 - 2015-12-19 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-19 02:50 - 2015-11-13 09:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-19 02:50 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\security
2016-03-19 02:50 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-19 02:50 - 2015-10-30 15:58 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-19 02:50 - 2015-10-30 15:58 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-19 02:50 - 2015-10-30 15:58 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-19 02:50 - 2015-09-07 19:20 - 00000000 ____D C:\Users\Mango\AppData\Roaming\ProductData
2016-03-19 02:50 - 2015-09-07 19:19 - 00000000 ____D C:\Users\Mango\AppData\LocalLow\IObit
2016-03-19 02:26 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\registration
2016-03-18 09:33 - 2016-03-03 07:48 - 00000000 ____D C:\Users\Mango\Documents\Microsoft Windows 10 Home and Pro x64 Clean ISO(2)
2016-03-16 04:02 - 2015-09-07 09:56 - 00000000 ___RD C:\Users\Mango\OneDrive
2016-03-15 13:53 - 2015-10-30 16:54 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-15 11:38 - 2016-02-28 23:41 - 00000000 ____D C:\ProgramData\{113c9aa5-212c-1}
2016-03-15 11:38 - 2016-02-28 23:41 - 00000000 ____D C:\ProgramData\{0734196d-512c-0}
2016-03-10 00:18 - 2015-10-30 15:58 - 00786432 ___SH C:\WINDOWS\system32\config\BBI(6560)
2016-03-10 00:09 - 2016-02-02 08:21 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-10 00:09 - 2016-02-02 08:20 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 21:27 - 2015-09-07 10:05 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-09 21:27 - 2015-09-07 10:05 - 00003740 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-09 18:27 - 2016-02-18 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-09 02:49 - 2015-09-07 13:03 - 00000000 ____D C:\Users\Mango\AppData\Local\Adobe
2016-03-05 17:43 - 2016-02-19 04:38 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-03-05 08:20 - 2016-02-28 23:47 - 00000000 ____D C:\ProgramData\0a3c2bd9-6313-0
2016-03-05 08:20 - 2016-02-28 23:41 - 00000000 ____D C:\ProgramData\0a3c2bd9-0643-0

==================== Files in the root of some directories =======

2016-03-03 04:24 - 2016-03-03 04:25 - 0005120 _____ () C:\Users\Mango\AppData\Roaming\GiftBag.db
2016-01-31 09:27 - 2016-02-10 18:50 - 0004608 _____ () C:\Users\Mango\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-06 14:03 - 2016-03-30 01:41 - 0026616 _____ () C:\Users\Mango\AppData\Local\HWVendorDetection.log
2016-02-25 22:22 - 2016-02-25 22:22 - 0970506 _____ () C:\Users\Mango\AppData\Local\ISO-Mount_1690.rar
2016-02-28 15:26 - 2016-02-25 22:22 - 1022480 _____ (web ) C:\Users\Mango\AppData\Local\isomount_setup.exe
2016-03-31 13:28 - 2016-03-31 13:28 - 0000017 _____ () C:\Users\Mango\AppData\Local\resmon.resmoncfg
2016-03-16 03:54 - 2016-03-16 22:43 - 0000044 ___SH () C:\ProgramData\.zreglib
2010-06-21 16:35 - 2010-06-21 16:35 - 0157470 ____R () C:\ProgramData\DeviceManager.xml.rc4
2016-01-25 16:07 - 2016-01-25 16:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-23 09:55 - 2016-02-23 10:08 - 0001464 _____ () C:\ProgramData\hpzinstall.log
2015-10-16 14:52 - 2015-10-16 14:52 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
C:\Users\Mango\AppData\Local\Temp\dxdiag.exe
C:\Users\Mango\AppData\Local\Temp\i4jdel0.exe
C:\Users\Mango\AppData\Local\Temp\mesox.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-29 21:52

==================== End of FRST.txt ============================

mathewboan · 2016/04/02

the finish of Additional.TXT from previous post below. I hope someone can help me understand it or if there is a problem as i am lost as what i am supposed to be looking for.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService9 => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: BB1116475 => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Dodo_Australia Flame Modem Device Helper => 2
MSCONFIG\Services: GfExperienceService => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 3
MSCONFIG\Services: NielsenUpdate => 2
MSCONFIG\Services: NvNetworkService => 3
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: QQRepair31a => 2
MSCONFIG\Services: QQRepaird5f => 2
MSCONFIG\Services: Service KMSELDI => 3
MSCONFIG\Services: sgbupt => 3
MSCONFIG\Services: ShareItSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: Survarium Update Service => 3
MSCONFIG\Services: UNS => 3
MSCONFIG\Services: WSWNA3100 => 3
MSCONFIG\startupreg: ApnTBMon =>
MSCONFIG\startupreg: AvgUi => "c:\program files (x86)\avg\framework\common\avguix.exe" /fmw.trayonly
MSCONFIG\startupreg: BaiduAnTray =>
MSCONFIG\startupreg: EADM =>
MSCONFIG\startupreg: EaseUS EPM Tray Agent =>
MSCONFIG\startupreg: Logitech Download Assistant => c:\windows\system32\rundll32.exe c:\windows\system32\logilda.dll,logifetch
MSCONFIG\startupreg: QQPCTray =>
MSCONFIG\startupreg: ShadowPlay =>
HKLM\...\StartupApproved\Run: => "ShadowPlay "
HKLM\...\StartupApproved\Run: => "KiesTrayAgent "
HKLM\...\StartupApproved\Run32: => "AVG_UI "
HKLM\...\StartupApproved\Run32: => "ApnTBMon "
HKLM\...\StartupApproved\Run32: => "AvgUi "
HKLM\...\StartupApproved\Run32: => "Dodo_Australia Flame ModemListener "
HKLM\...\StartupApproved\Run32: => "mbot_au_014010179 "
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray "
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent "
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter "
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent "
HKLM\...\StartupApproved\Run32: => "BaiduAnTray "
HKLM\...\StartupApproved\Run32: => " QQPCTray "
HKLM\...\StartupApproved\Run32: => "NielsenOnline "
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk "
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\StartupApproved\Run: => "Advanced SystemCare 9 "
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\StartupApproved\Run: => "Steam "
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\StartupApproved\Run: => "IDMan "
HKU\S-1-5-21-1967804330-1418288720-2008775586-1001\...\StartupApproved\Run: => "KiesPDLR.exe "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{440D7E3C-8246-4475-9710-B0540A75BE3C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4FB44B9D-9E90-4768-9108-804A445D9FE9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{11E2685A-D515-4D17-AB6A-78797E5B70BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DC064D7A-C6A1-406F-B0F9-74FB8D50CB60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7B519CA9-0759-48B4-8B73-B1F1097441AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{03664B3E-A921-43AC-AF03-A14D918A215D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E4F92583-1ED8-486D-B2EE-CA3019DFF483}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B0D3E1FD-9D37-4CA4-9E5A-77A842ADD119}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CD9D0167-FAC1-4882-BE27-1843FAFFA09A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9AF5C537-C077-4BE0-B192-59E68C46BB54}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{97C0514E-31CE-4640-A185-47760E904D7E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4E592919-52DA-47CF-9E12-8FCFFF71888B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{451D2F96-7C9E-4C86-979D-538A01F00FEB}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{519E254B-D408-475D-A2BD-5DC8945A2760}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5B039FD8-BA5F-4786-9F41-87390A75E65D}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{76F7834E-A1B6-4C15-B6D2-1047FE67430E}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{451C95DC-8EF6-4C21-AB55-1E0969057B83}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9C6839A5-59A9-4671-AE7E-74F82B5C5862}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{7A452009-9210-4E82-B525-B1B5163A7E67}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{CBBB4A12-B3E5-429F-8632-1A1467FD5B5F}] => (Allow) C:\Users\Mango\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{8DAF2FFC-5CB9-421C-9F9A-B19B48E17879}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{BA6C1CA0-8B72-47C3-8444-B31E9244E276}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{157B1440-BFBA-43C1-9BB2-5A93B07290C9}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{B29BA887-EB8C-45E6-9FCC-2105AE9A4B25}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{7869DAAE-2A62-4A3B-881A-AEBD089D180F}] => (Allow) C:\Program Files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe
FirewallRules: [{E2D94DD7-12D0-4759-8DD8-FF3FC819626D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{90E8318D-CDAA-42EB-A162-59332CE54973}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{DED80886-F7DE-438D-A125-4850E8448808}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{3E8915B0-655B-4993-98CE-EC04217030EE}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{11D46D81-E0A7-42AF-8049-CCD4D1E3B7E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{4A3B5D52-0AB1-4B54-A257-ED93B552CF56}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{38E41837-7563-4194-8298-8A5C671E9F84}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{37BB1008-9D83-446D-9CA8-D9B84D67BAA0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8D799D23-4CE9-40A8-B965-E0408D90009C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E5600683-618C-42B1-B756-B9F154C8346A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0025704D-EBBC-41B6-9B3E-FCCA4279AF37}] => (Block) %ProgramFiles% (x86)\IObit\Advanced SystemCare\Register.exe
FirewallRules: [{608035ED-A4F2-4C07-9F50-055328BAF3CB}] => (Allow) %ProgramFiles% (x86)\IObit\Advanced SystemCare\Register.exe
FirewallRules: [{5618C660-FDAE-484B-B803-3C63026DD1AD}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{058BB7A0-2CF8-4056-A33E-67B4B326CE15}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2016 11:12:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7b4
Faulting module name: SettingsHandlers_Notifications.dll, version: 10.0.10586.0, time stamp: 0x5632d70b
Exception code: 0xc0000005
Fault offset: 0x000000000002b7d1
Faulting process id: 0x4f8c
Faulting application start time: 0xSystemSettingsBroker.exe0
Faulting application path: SystemSettingsBroker.exe1
Faulting module path: SystemSettingsBroker.exe2
Report Id: SystemSettingsBroker.exe3
Faulting package full name: SystemSettingsBroker.exe4
Faulting package-relative application ID: SystemSettingsBroker.exe5

Error: (04/02/2016 10:29:19 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=Y4DHT
ACID=?
Detailed Error[?]

Error: (04/02/2016 08:59:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.104, time stamp: 0x56aaffa0
Faulting module name: IMFShellExt.dll, version: 1.0.0.8, time stamp: 0x566fb978
Exception code: 0xc0000005
Fault offset: 0x0000000000001a55
Faulting process id: 0x940
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (04/02/2016 07:38:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: USR.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: mshtml.dll, version: 11.0.10586.162, time stamp: 0x56cd3bba
Exception code: 0xc000041d
Fault offset: 0x0045cff1
Faulting process id: 0x47fc
Faulting application start time: 0xUSR.exe0
Faulting application path: USR.exe1
Faulting module path: USR.exe2
Report Id: USR.exe3
Faulting package full name: USR.exe4
Faulting package-relative application ID: USR.exe5

Error: (04/02/2016 07:38:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: USR.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: mshtml.dll, version: 11.0.10586.162, time stamp: 0x56cd3bba
Exception code: 0xc0000005
Fault offset: 0x0045cff1
Faulting process id: 0x47fc
Faulting application start time: 0xUSR.exe0
Faulting application path: USR.exe1
Faulting module path: USR.exe2
Report Id: USR.exe3
Faulting package full name: USR.exe4
Faulting package-relative application ID: USR.exe5

Error: (04/02/2016 06:05:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MATTS-ACER)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/02/2016 06:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10586.122 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4d10

Start Time: 01d18cba37a9a3da

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: bddad2f5-f8ad-11e5-9c7f-d4456f12ef25

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (04/02/2016 05:11:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MATTS-ACER)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/02/2016 05:11:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10586.122 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 40a0

Start Time: 01d18cb29c2f3156

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: 233a69ed-f8a6-11e5-9c7f-d4456f12ef25

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (04/02/2016 12:23:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MATTS-ACER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (04/03/2016 06:16:57 AM) (Source: volsnap) (EventID: 10) (User: )
Description: The shadow copy of volume C: took too long to install.

Error: (04/03/2016 05:59:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (04/03/2016 05:57:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ISOMount service failed to start due to the following error:
%%2

Error: (04/03/2016 05:57:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDArKit service failed to start due to the following error:
%%31

Error: (04/03/2016 05:56:57 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (04/03/2016 05:56:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%997

Error: (04/03/2016 05:56:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Sync Host_411050 service to connect.

Error: (04/03/2016 05:56:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_411050 service, but this action failed with the following error:
%%1056

Error: (04/03/2016 05:56:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the User Data Storage_411050 service to connect.

Error: (04/03/2016 05:56:01 AM) (Source: DCOM) (EventID: 10010) (User: MATTS-ACER)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

CodeIntegrity:
===================================
Date: 2016-03-30 21:59:51.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-30 20:31:04.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-30 18:14:48.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-30 08:42:06.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-30 06:45:36.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-19 03:56:33.722
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-17 03:53:16.923
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-13 17:06:22.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 03:05:19.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 01:33:04.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 6098.81 MB
Available physical RAM: 3887.26 MB
Total Virtual: 7698.81 MB
Available Virtual: 5252.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:452.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B4EDA9BC)

Partition: GPT.

==================== End of Addition.txt ============================

broni · 2016/04/03

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

Please don't create multiplr topics. I deleted your other topic.

Addition.txt log is incomplete. Post entire log.

mathewboan · 2016/04/08

Hi Broni,
I was just wondering if i could please get more time & try to get the screen up & running again so i am able to do this thank you.

broni · 2016/04/08

No problem. Take your time

broni · 2016/04/13

Still with me?

Log in or Sign up

Inactive Results after a clean boot Windows 10

mathewboan New Member Thread Starter

mathewboan New Member Thread Starter

mathewboan New Member Thread Starter

broni Moderator Malware Analyst

mathewboan New Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Results after a clean boot Windows 10

mathewboan New Member Thread Starter

mathewboan New Member Thread Starter

mathewboan New Member Thread Starter

broni Moderator Malware Analyst

mathewboan New Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches