Solved Trojan Horse Generic

kiasuteo · 2016/07/04

Sorry , for 2 days already , my AVG pick up this Trojan Horse and although it requested to *PROTECT ME* then restart the computer . Every times after restart , it will pick up this T.H again and the method continue again and again....... Went to the location to find but can't find it there . Please help . Thanks

Win 10 Pro
Trojan Horse Generic_r.KGN
c:\Windows\system32\drivers\fb53d2b4d60efab0ec1dfd5f1372f31d.sys

PeteC · 2016/07/04

You should know the drill by now .......

Read This Before Posting In This Forum

kiasuteo · 2016/07/04

so sorry......hope i'm doing this right
*******************************************************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Owner (administrator) on KHAIRCOMPUTER (04-07-2016 20:33:56)
Running from D:\TORRENTS N OTHERS
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Lavasoft) C:\Program Files (x86)\AdAware\hms\healthmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(GoldSolution Software, Inc.) C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(GoldSolution Software, Inc.) C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PC Auto Shutdown] => C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe [1442472 2014-05-23] (GoldSolution Software, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-16] ()
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1282008 2015-02-28] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5969184 2016-06-20] (IObit)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-06-28] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1732368 2016-07-04] (Lavasoft)
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [2430240 2016-06-07] (IObit)
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellExecuteHooks: - {6710C780-E20E-4C49-A87D-321850ED3D7C} - C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCookies\walather.dll No File [ ]
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-06-24]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 02 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 03 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 04 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 16 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-10] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-10] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-10] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-10] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-10] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0f4c9411-2d1b-4e34-b433-035db86cd6a2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6C0BE51C-93AB-413A-8F85-5BC13D3A301A}&mid=fa99a8b80b2647cc9e7d81ac0fdfe610-8427284f4f69678b8104bad94e0772cdc242512c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-05-10 23:44:00&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1328552388-464898415-372894888-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6C0BE51C-93AB-413A-8F85-5BC13D3A301A}&mid=fa99a8b80b2647cc9e7d81ac0fdfe610-8427284f4f69678b8104bad94e0772cdc242512c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-05-10 23:44:00&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1328552388-464898415-372894888-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://sg.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10181_1210_160510__yaie&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-16] (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-06-28] (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-16] (AVG)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1328552388-464898415-372894888-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default
FF NewTab: hxxps://sg.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1210_160510__yaff
FF DefaultSearchEngine: Google
FF Homepage: hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=67ealru8eq7hd
hxxp://insane-speeds.net/messages.php
hxxps://iptorrents.eu/t?
hxxp://forum-andr.net/forum/7-mobile-os/
hxxp://forum-andr.net/forum/71-full-software/
hxxps://avistaz.to/torrents
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\searchplugins\yahoo-lavasoft.xml [2016-07-04]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-05]
FF Extension: Video AdBlock - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1} [2016-05-10]
FF Extension: AVG Web TuneUp - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\extensions\avg@toolbar.xpi [2016-05-16]
FF Extension: MEGA - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\Extensions\firefox@mega.co.nz.xpi [2016-07-03]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-05]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-06-30]
FF HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Firefox\Extensions: [{31C8B8A4-6712-4A47-B378-2BE78B8EE9E1}] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.11.5.5983\BVDFirefoxExt
FF Extension: Bigasoft Video Downloader Firefox Extension - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.11.5.5983\BVDFirefoxExt [2016-06-13] [not signed]

Chrome:
=======
CHR HomePage: ferhghtatupisecoahick -> mysearch.avg.com/?rvt=1
CHR StartupUrls: ferhghtatupisecoahick -> "hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=fnk3ffn8vi8s5 ", "hxxp://www.stomp.com.sg/category/singapore-seen ", "hxxp://extratorrent.cc/ ", "hxxps://www.facebook.com/ "
CHR HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.11.5.5983\BVDChromeExt.crx [2016-06-13]

Opera:
=======
OPR StartupUrls: "hxxp://sugoideas.com/search/varietyshow/ ", "hxxp://www.hardwarezone.com.sg/home "

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe [456480 2016-05-30] (IObit)
S3 anlcchNlz.exe; C:\Program Files (x86)\Pedasatugle\anlcchNlz.exe [713952 2016-07-02] ()
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [1822496 2016-06-01] (IObit)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-01] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-27] (NVIDIA Corporation)
R2 healthmon; C:\Program Files (x86)\AdAware\hms\healthmon.exe [137560 2016-07-04] (Lavasoft)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1597728 2016-06-13] (IObit)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-07-04] (Lavasoft Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-06-14] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-27] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-27] (NVIDIA Corporation)
R2 PCAutoShutdown_Service; C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe [442136 2011-11-14] (GoldSolution Software, Inc.)
S3 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-06-30] ()
S3 tepsrv; C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe [38184 2012-12-18] (Acesoft) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-07-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.3.2\WsAppService.exe [416768 2016-06-24] (Wondershare) [File not signed]
S3 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-16] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [39048 2015-11-15] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-27] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-01-11] (IObit.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [25608 2016-07-03] (SlimWare Utilities, Inc.)
R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 fb53d2b4d60efab0ec1dfd5f1372f31d; system32\DRIVERS\fb53d2b4d60efab0ec1dfd5f1372f31d.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

kiasuteo · 2016/07/04

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 20:33 - 2016-07-04 20:33 - 00000000 ____D C:\FRST
2016-07-04 19:43 - 2016-07-04 19:43 - 00001188 _____ C:\Users\Owner\Desktop\COMPLICATIONS S1.lnk
2016-07-04 15:39 - 2016-07-04 15:39 - 00002492 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Owner
2016-07-04 15:39 - 2016-07-04 15:39 - 00000306 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Owner.job
2016-07-04 15:36 - 2016-07-04 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-04 15:33 - 2016-07-04 15:33 - 00000000 ___HD C:\$AVG
2016-07-04 08:58 - 2016-07-04 08:58 - 00000369 _____ C:\Prefs.js
2016-07-04 08:58 - 2016-07-04 08:58 - 00000000 ____D C:\searchplugins
2016-07-04 08:56 - 2016-07-04 08:56 - 00000000 ____D C:\Program Files (x86)\AdAware
2016-07-04 08:52 - 2016-07-04 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-07-04 08:50 - 2016-07-04 08:50 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-07-04 08:49 - 2016-07-04 14:40 - 00000000 ____D C:\ProgramData\Norton
2016-07-04 08:49 - 2016-07-04 08:49 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-07-03 19:22 - 2016-07-03 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear
2016-07-03 19:21 - 2016-07-03 20:22 - 00000000 ____D C:\Program Files (x86)\Pedasatugle
2016-07-03 19:21 - 2016-07-03 19:21 - 00009070 _____ C:\WINDOWS\System32\Tasks\Anulient Cache
2016-07-03 19:21 - 2016-07-03 19:21 - 00000000 ____D C:\Users\Owner\AppData\Local\pruputiongriqeringanererpy
2016-07-03 16:36 - 2016-07-03 16:36 - 00003646 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Defrag
2016-07-03 16:34 - 2016-07-03 16:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-07-03 15:53 - 2016-07-03 15:57 - 1636855808 _____ C:\Users\Owner\Desktop\The.Angry.Birds.Movie.2016.TC.Unmarked.XVID.AC3.HQ.Hive-CM8.avi
2016-07-03 11:56 - 2016-07-03 11:56 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Adobe
2016-07-01 18:52 - 2016-07-01 18:52 - 00002278 _____ C:\Users\Public\Desktop\Chuzzle Deluxe.lnk
2016-07-01 09:52 - 2016-07-04 19:08 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-07-01 09:36 - 2016-07-01 09:50 - 00000000 ___RD C:\Users\Owner\Dropbox (Old)
2016-07-01 09:35 - 2016-07-04 19:40 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-01 09:35 - 2016-07-04 19:07 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-01 09:35 - 2016-07-01 09:35 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-07-01 09:35 - 2016-07-01 09:35 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-07-01 09:35 - 2016-07-01 09:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2016-07-01 09:35 - 2016-07-01 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-01 09:35 - 2016-07-01 09:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-01 09:34 - 2016-07-01 14:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Dropbox
2016-07-01 09:34 - 2016-07-01 09:34 - 00000000 ____D C:\ProgramData\Dropbox
2016-06-30 20:51 - 2016-06-30 20:51 - 00000000 ____D C:\ProgramData\ByteFence
2016-06-30 20:41 - 2016-07-03 16:38 - 00000000 ____D C:\Program Files\ByteFence
2016-06-30 20:41 - 2016-06-30 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2016-06-30 19:14 - 2016-06-30 19:14 - 00001234 _____ C:\Users\Owner\Desktop\SUPERNATURAL SEASON 11.lnk
2016-06-30 19:08 - 2016-06-30 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2016-06-30 19:07 - 2016-06-30 19:08 - 00000000 ____D C:\Program Files (x86)\PopCap Games
2016-06-30 10:31 - 2016-06-30 10:31 - 00000000 ____D C:\Users\Owner\Documents\Wondershare MediaServer
2016-06-30 10:31 - 2016-06-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-06-30 10:31 - 2016-06-30 10:31 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-30 10:31 - 2016-05-27 09:41 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2016-06-30 10:31 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-06-30 10:31 - 2015-02-27 14:38 - 00214528 _____ () C:\WINDOWS\SysWOW64\WSCM32.dll
2016-06-30 10:30 - 2016-06-30 10:30 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-06-25 09:33 - 2016-06-25 09:33 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2016-06-25 09:31 - 2016-07-03 19:14 - 00025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-06-25 09:31 - 2016-06-25 09:31 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-06-25 09:31 - 2016-06-25 09:31 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG Netherlands BV
2016-06-23 12:19 - 2016-06-23 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-06-23 12:18 - 2016-06-23 12:18 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-06-23 11:28 - 2016-06-23 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2016-06-23 11:28 - 2016-06-23 11:28 - 00000000 ____D C:\Program Files (x86)\DFX
2016-06-23 11:21 - 2016-06-23 11:21 - 00000000 ____D C:\Users\Owner\AppData\Local\DFX
2016-06-23 11:21 - 2016-06-23 11:21 - 00000000 ____D C:\ProgramData\DFX
2016-06-23 11:05 - 2016-06-23 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Recorder
2016-06-23 11:05 - 2016-06-23 11:05 - 00000000 ____D C:\Program Files (x86)\Max Recorder
2016-06-22 15:33 - 2016-06-22 15:33 - 00001295 _____ C:\Users\Owner\Desktop\Criminal.Minds.Beyond.Borders.lnk
2016-06-21 18:16 - 2016-06-21 18:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2016-06-21 18:15 - 2016-06-23 11:18 - 00000284 _____ C:\WINDOWS\Tasks\ASCU9_SkipUac_Owner.job
2016-06-21 18:15 - 2016-06-21 18:15 - 00003334 _____ C:\WINDOWS\System32\Tasks\ASCU9_PerformanceMonitor
2016-06-21 18:15 - 2016-06-21 18:15 - 00002458 _____ C:\WINDOWS\System32\Tasks\ASCU9_SkipUac_Owner
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2016-06-21 18:15 - 2014-10-15 22:14 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-21 17:28 - 2016-06-21 17:28 - 83345408 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 05517312 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 00344064 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-06-21 17:26 - 2016-06-21 17:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProductData
2016-06-21 17:26 - 2016-06-21 17:26 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-06-21 17:26 - 2016-06-21 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-06-21 17:26 - 2016-06-21 17:26 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-06-21 08:08 - 2016-06-21 08:08 - 00003260 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2016-06-21 08:08 - 2016-06-21 08:08 - 00003096 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-06-21 08:08 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2016-06-17 13:49 - 2016-06-17 13:49 - 621351983 _____ C:\WINDOWS\MEMORY.DMP
2016-06-17 13:49 - 2016-06-17 13:49 - 00291228 _____ C:\WINDOWS\Minidump\061716-8609-01.dmp
2016-06-17 13:49 - 2016-06-17 13:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-15 03:25 - 2016-05-28 14:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 03:25 - 2016-05-28 13:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 03:25 - 2016-05-28 13:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 03:25 - 2016-05-28 13:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 03:25 - 2016-05-28 13:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 03:25 - 2016-05-28 13:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 03:25 - 2016-05-28 13:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 03:25 - 2016-05-28 13:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 03:25 - 2016-05-28 13:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 03:25 - 2016-05-28 13:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 03:25 - 2016-05-28 13:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 03:25 - 2016-05-28 13:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 03:25 - 2016-05-28 13:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 03:25 - 2016-05-28 13:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 03:25 - 2016-05-28 13:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 03:25 - 2016-05-28 13:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 03:25 - 2016-05-28 13:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 03:25 - 2016-05-28 13:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 03:25 - 2016-05-28 13:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 03:25 - 2016-05-28 13:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 03:25 - 2016-05-28 13:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 03:25 - 2016-05-28 13:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 03:25 - 2016-05-28 13:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 03:25 - 2016-05-28 13:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 03:25 - 2016-05-28 13:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 03:25 - 2016-05-28 13:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 03:25 - 2016-05-28 13:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 03:25 - 2016-05-28 13:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 03:25 - 2016-05-28 13:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 03:25 - 2016-05-28 13:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 03:25 - 2016-05-28 13:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 03:25 - 2016-05-28 13:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 03:25 - 2016-05-28 13:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 03:25 - 2016-05-28 12:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 03:25 - 2016-05-28 12:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 03:25 - 2016-05-28 12:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 03:25 - 2016-05-28 12:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 03:25 - 2016-05-28 12:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 03:25 - 2016-05-28 12:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 03:25 - 2016-05-28 12:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 03:25 - 2016-05-28 12:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 03:25 - 2016-05-28 12:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 03:25 - 2016-05-28 12:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 03:25 - 2016-05-28 12:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 03:25 - 2016-05-28 12:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 03:25 - 2016-05-28 12:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 03:25 - 2016-05-28 12:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 03:25 - 2016-05-28 12:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 03:25 - 2016-05-28 12:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 03:25 - 2016-05-28 12:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 03:25 - 2016-05-28 12:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 03:25 - 2016-05-28 12:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 03:25 - 2016-05-28 12:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 03:25 - 2016-05-28 12:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 03:25 - 2016-05-28 12:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 03:25 - 2016-05-28 12:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 03:25 - 2016-05-28 12:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 03:25 - 2016-05-28 12:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 03:25 - 2016-05-28 12:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 03:25 - 2016-05-28 12:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 03:25 - 2016-05-28 12:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 03:25 - 2016-05-28 12:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 03:25 - 2016-05-28 12:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 03:25 - 2016-05-28 12:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 03:25 - 2016-05-28 12:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 03:25 - 2016-05-28 12:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 03:25 - 2016-05-28 12:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 03:25 - 2016-05-28 12:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 03:25 - 2016-05-28 12:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 03:25 - 2016-05-28 12:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 03:25 - 2016-05-28 12:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 03:25 - 2016-05-28 12:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 03:25 - 2016-05-28 12:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 03:25 - 2016-05-28 12:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 03:25 - 2016-05-28 12:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 03:25 - 2016-05-28 12:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 03:25 - 2016-05-28 12:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 03:25 - 2016-05-28 12:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 03:25 - 2016-05-28 12:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 03:25 - 2016-05-28 12:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 03:25 - 2016-05-28 12:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 03:25 - 2016-05-28 12:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 03:25 - 2016-05-28 12:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 03:25 - 2016-05-28 11:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 03:25 - 2016-05-28 11:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 03:25 - 2016-05-28 11:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 03:25 - 2016-05-28 11:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-13 20:52 - 2016-06-13 20:52 - 00000833 _____ C:\Users\Owner\Desktop\( WAITING FOR SUB ) - Shortcut.lnk
2016-06-13 20:16 - 2016-06-18 21:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bigasoft Video Downloader Pro
2016-06-13 20:16 - 2016-06-13 20:16 - 00000000 ____D C:\Users\Owner\Documents\Bigasoft Video Downloader Pro
2016-06-13 20:16 - 2016-06-13 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\youtubejs
2016-06-13 20:15 - 2016-06-13 20:15 - 00001330 _____ C:\Users\Public\Desktop\Bigasoft Video Downloader Pro.lnk
2016-06-13 10:32 - 2016-06-14 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-12 19:16 - 2016-06-12 19:16 - 00001731 _____ C:\Users\Owner\Desktop\Top Funny Babies Laughing Hysterically compilation 2015 ♥ [NEW] - Shortcut.lnk
2016-06-12 19:16 - 2016-06-12 19:16 - 00001381 _____ C:\Users\Owner\Desktop\11 month old Baby argues with mom _Funny_ - Shortcut.lnk
2016-06-12 19:12 - 2016-06-14 22:01 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-06-12 19:12 - 2016-06-12 19:12 - 00001362 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2016-06-12 19:12 - 2016-06-12 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-06-12 19:12 - 2016-06-12 19:12 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2016-06-12 19:02 - 2016-06-12 19:02 - 00000812 _____ C:\Users\Owner\Desktop\U-TUBE DOWNLOAD HERE - Shortcut.lnk
2016-06-11 18:29 - 2016-06-11 18:29 - 00001177 _____ C:\Users\Owner\Desktop\My.Dangerous.Mafia.Retirement.Plan (720p) - Shortcut.lnk
2016-06-10 19:27 - 2016-06-10 19:27 - 00003264 _____ C:\WINDOWS\System32\Tasks\{EB73A86B-F65E-4D00-BFD9-1C5D3BE02033}
2016-06-08 16:02 - 2016-06-08 16:02 - 00000554 _____ C:\Users\Owner\Desktop\NEW DOWNLOAD HERE (D) - Shortcut.lnk
2016-06-05 20:34 - 2015-06-01 08:46 - 39869396 _____ C:\nda here LOCKED.rar
2016-06-05 19:41 - 2016-06-05 19:41 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-06-05 19:41 - 2016-06-05 19:41 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-06-05 19:41 - 2016-06-05 19:41 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-06-05 19:41 - 2016-06-05 19:41 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-06-05 19:41 - 2016-06-05 19:41 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-06-05 19:41 - 2016-06-05 19:41 - 00000000 ____D C:\Users\DefaultAppPool
2016-06-05 19:41 - 2016-05-08 20:44 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2016-06-05 19:41 - 2016-05-08 20:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-06-05 19:41 - 2016-05-08 20:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-06-05 19:41 - 2016-05-05 22:42 - 00002100 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

kiasuteo · 2016/07/04

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 20:31 - 2016-05-06 10:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-04 20:22 - 2016-05-07 09:25 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9C19860-11CB-44F6-A090-3DDD8C096C4A}
2016-07-04 20:03 - 2016-05-04 23:47 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 19:29 - 2016-05-10 20:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MPC-HC
2016-07-04 19:13 - 2016-05-08 20:40 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-04 19:13 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-04 19:07 - 2016-05-08 20:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-04 19:07 - 2016-05-04 23:47 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-04 19:07 - 2016-02-13 21:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-04 19:07 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-04 19:06 - 2016-05-05 09:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-07-04 18:42 - 2016-05-05 09:37 - 00000000 ____D C:\ProgramData\MFAData
2016-07-04 15:46 - 2016-05-05 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\AvgSetupLog
2016-07-04 15:34 - 2016-05-05 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2016-07-04 15:34 - 2015-10-30 15:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-07-04 15:33 - 2016-05-05 09:37 - 00000000 ____D C:\ProgramData\Avg
2016-07-04 15:31 - 2016-05-05 09:37 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-04 14:39 - 2015-10-30 14:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-04 14:36 - 2016-05-05 20:25 - 00000000 ____D C:\Program Files (x86)\PC Auto Shutdown
2016-07-04 14:28 - 2016-05-07 07:33 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-04 06:08 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-03 19:32 - 2016-05-04 23:47 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-03 11:57 - 2016-05-04 23:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-07-03 11:56 - 2016-05-07 09:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-07-03 08:21 - 2016-05-06 10:25 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-02 08:18 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-01 18:52 - 2016-05-05 20:21 - 00002389 _____ C:\Users\Public\Desktop\Mahjong Escape Ancient Japan.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002389 _____ C:\Users\Public\Desktop\Mahjong Escape Ancient China.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002383 _____ C:\Users\Public\Desktop\Peggle World of Warcraft Edition.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002296 _____ C:\Users\Public\Desktop\Peggle Nights Deluxe.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002261 _____ C:\Users\Public\Desktop\NingPo MahJong Deluxe.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002189 _____ C:\Users\Public\Desktop\Peggle Deluxe.lnk
2016-07-01 09:52 - 2016-05-08 20:41 - 00000000 ____D C:\Users\Owner
2016-06-30 20:31 - 2016-05-05 22:37 - 00000000 ____D C:\ProgramData\PopCap Games
2016-06-30 10:31 - 2016-05-06 20:06 - 00000000 ____D C:\ProgramData\Wondershare
2016-06-29 17:48 - 2016-05-08 15:33 - 00369572 _____ C:\MONTHLY EXPENSES ACCOUNT - YEAR 2016.amj
2016-06-29 14:45 - 2016-05-06 20:06 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-06-28 16:43 - 2016-05-09 08:47 - 00000000 ____D C:\ProgramData\ProductData
2016-06-25 14:43 - 2016-05-21 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WhatsApp
2016-06-23 12:24 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-23 12:19 - 2016-05-09 08:47 - 00000000 ____D C:\ProgramData\IObit
2016-06-23 12:18 - 2016-05-09 08:47 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-23 11:25 - 2016-05-07 10:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 11:25 - 2016-05-07 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 08:39 - 2016-05-07 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 18:20 - 2016-05-04 23:47 - 00003974 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-06-21 17:32 - 2016-05-09 08:47 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2016-06-21 17:30 - 2016-05-09 12:39 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-21 17:26 - 2016-05-09 08:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2016-06-21 08:08 - 2016-05-09 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-06-18 15:22 - 2016-05-21 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-06-18 15:22 - 2016-05-21 10:59 - 00000000 ____D C:\Users\Owner\AppData\Local\WhatsApp
2016-06-18 15:22 - 2016-05-21 10:59 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2016-06-17 23:31 - 2016-05-13 17:31 - 20461248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-06-17 23:31 - 2016-05-06 10:25 - 00003966 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-06-17 09:52 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 21:19 - 2016-05-05 09:58 - 00003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1462413494
2016-06-16 21:19 - 2016-05-05 09:58 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-16 21:19 - 2016-05-05 09:58 - 00000000 ____D C:\Program Files (x86)\Opera
2016-06-16 13:42 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-16 13:21 - 2016-05-05 20:30 - 00000000 ____D C:\ProgramData\MEGAsync
2016-06-15 10:13 - 2016-02-13 21:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 10:12 - 2016-02-13 21:12 - 00340696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-15 06:41 - 2015-10-30 15:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-15 06:41 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-15 06:41 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 04:23 - 2016-05-05 07:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 04:20 - 2016-05-05 07:11 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 02:33 - 2015-10-30 15:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-15 02:33 - 2015-10-30 15:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-14 11:07 - 2016-05-06 08:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-13 20:15 - 2016-05-06 20:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2016-06-13 20:15 - 2016-05-06 20:01 - 00000000 ____D C:\Program Files (x86)\Bigasoft
2016-06-05 14:49 - 2016-05-04 23:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-05-05 21:10 - 2016-05-05 21:10 - 0000037 ___SH () C:\Users\Owner\AppData\Local\20986331705021ca58edc424.96250074

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-27 13:16

==================== End of FRST.txt ============================

kiasuteo · 2016/07/04

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Owner (2016-07-04 20:34:20)
Running from D:\TORRENTS N OTHERS
Windows 10 Pro Version 1511 (X64) (2016-05-08 12:47:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1328552388-464898415-372894888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1328552388-464898415-372894888-503 - Limited - Disabled)
Guest (S-1-5-21-1328552388-464898415-372894888-501 - Limited - Disabled)
Owner (S-1-5-21-1328552388-464898415-372894888-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {91A1210C-78DD-A71C-E865-63DB27C767EE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\uTorrent) (Version: 1.8.1 - )
AceMoney (HKLM-x32\...\AceMoney_is1) (Version: - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 9 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 9.1.0 - IObit)
AVG (Version: 16.81.7639 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7639 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
Bigasoft Total Video Converter 4.4.1.5384 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version: - Bigasoft Corporation)
Bigasoft Video Downloader Pro 3.11.5.5983 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.1.8.0 - Byte Technologies LLC) <==== ATTENTION
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version: - PopCap Games)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.400.0.0 - Power Technology)
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.142 - IObit)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 12.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.0 - KLCP)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 38.0.2220.31 (HKLM-x32\...\Opera 38.0.2220.31) (Version: 38.0.2220.31 - Opera Software)
PC Auto Shutdown 5.81 (HKLM-x32\...\PC Auto Shutdown_is1) (Version: 5.81 - GoldSolution Software, Inc.)
Popcap Game Collection (HKLM-x32\...\{69EA986B-B172-4FAA-B54D-853BD3A2B264}) (Version: 1.00.0000 - Popcap)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.1.0 - IObit)
Social2Search (HKLM-x32\...\5bf13afd0f48ed1c9e85344d257fab6c) (Version: 9.70.1.7 (i1.0) - Social2Search) <==== ATTENTION
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Tracks Eraser Pro v8.9 build 1000 (HKLM-x32\...\Tracks Eraser Pro_is1) (Version: - Acesoft, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Web Companion (HKLM-x32\...\{693c2d88-4418-42ec-8879-b0b7faab502d}) (Version: 2.3.1439.2793 - Lavasoft)
WhatsApp (HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\WhatsApp) (Version: 0.2.936 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.7.1.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.1.2 - Wondershare Software)
youndoo - Uninstall (HKLM-x32\...\{24DE052E-FDAD-4C60-A6BE-ED195281F92C}) (Version: - ) <==== ATTENTION
YTD Video Downloader 4.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1328552388-464898415-372894888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F77837-A1FA-4D84-B1E1-A43FEEF68BDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {061B2E18-DD7F-4DD6-8E33-55770AAF7BE7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0847FCE1-4DCF-4090-A42B-6FD55FA135A8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {09FA567B-BE89-4C5C-ACF0-B1116681FAA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0BE1F955-3FFC-44A8-8004-657AC403354A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0D2A6673-4D6A-43C3-B6E5-99AF37647AAB} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {17C56458-6D47-40F1-88A9-479B2097F9DD} - System32\Tasks\Opera scheduled Autoupdate 1462413494 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-13] (Opera Software)
Task: {183B2D1F-ECAE-4D57-9E0E-82A9C5C1B82B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {1BE15885-542A-4AD4-A90C-002E63BD3B49} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {219663C3-EBE3-4F8C-B22C-9EC96A1AA1F2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {255DE829-09BD-434D-AA3B-B0B2935550A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {282F49EA-1A06-4165-9DB5-FAAE2C753D86} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {2A432E22-B561-494A-A63D-D42D4798774E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2AF3980D-767E-4588-BA23-304AF53B65A6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {2D607D31-97E0-463A-865F-0657E1954F72} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {3560D7EA-7F88-4F8A-8B11-E655F5276419} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {36F93415-12D6-48D2-87B4-FFE1057FFCC8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {47C33F6C-8A9B-4B6E-B2B7-D3B59D33A14C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4DCAC067-95EE-48DD-874B-122279CD9B8C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5068F8F2-C745-4735-A5E5-1397EF37E602} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {547BB05F-76D5-4C36-8FC4-576CC66951E4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5AA2F4C4-4D4D-484C-AAC3-077074904256} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {5FE7376C-C593-4B30-A8F1-6672F63F913C} - System32\Tasks\{EB73A86B-F65E-4D00-BFD9-1C5D3BE02033} => pcalua.exe -a "C:\Program Files (x86)\PC Auto Shutdown\unins000.exe "
Task: {65B323BE-9363-49FF-A60A-7080D2CB15B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {6D03A446-7B6D-4B43-B91F-02E0F5BC7823} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {6D7FAE5A-9670-45B4-8E26-F44E12301298} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {88CBCBA5-A74A-4564-A8E8-ED3A66DE1EDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {8BAD6AE5-CE4E-4844-8EC8-0F6D7C8E2148} - System32\Tasks\ASCU9_SkipUac_Owner => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe [2016-06-07] (IObit)
Task: {97B7B6E5-9A7F-4994-9AD0-0C9D32C9BF23} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {9FC63781-BC0F-4980-A4CF-805E9BD4992E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {A01AC667-E945-4BED-93E3-22AF3CC4B497} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A1BBBAB0-ADFF-4791-903A-B0CD63E17E1C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A2EC6359-2BE2-4491-A376-3787CA883303} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A47923B4-B7F4-458D-BDC9-99B0D196182D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AEFBCE78-5A37-4259-BBDE-14CB3ACB0623} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {AFBBEED9-51A8-4282-85BE-C0851F122089} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C10F043E-7050-4CC7-A099-F6CED885679A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C1464B64-C622-4A34-9193-CB7661B2F4DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C1772A9C-C2E7-43E1-9E88-5607DDE4A8E9} - System32\Tasks\Anulient Cache => C:\Program Files (x86)\Pedasatugle\anlcchIdd.exe [2016-07-02] ()
Task: {C463D29A-519C-4F47-893A-B82E9A207872} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C59A9D57-8DFA-4768-8D1B-AB759E29BB1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C8E4E0F3-7E12-4A17-965E-F8CB97A7212D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-01] (Dropbox, Inc.)
Task: {CE51BE31-F7F7-43F9-896F-B826475D6DD3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-01] (Dropbox, Inc.)
Task: {CEDFC200-038D-429C-88F2-DABF3DF7F18B} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {CF3A4CF3-BE59-468E-A546-3BF27304663D} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
Task: {D5AC9236-9040-4C15-8277-9C4A2C6F20DA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D88356D3-A9F7-401F-AFF1-6DAE9E57C8E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E02B32E4-8081-496A-8873-94ADE5E6FC90} - System32\Tasks\ASCU9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2016-05-31] (IObit)
Task: {E28DDEB2-9B25-4B8B-8EAD-4155261F23FB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E54BC8C4-414A-4BE0-9A0F-CF7B36FC69EF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E65AE528-3686-4231-A782-A42C3E22505B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1179C43-2504-48BD-9238-A07B6066C7C4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC3DE631-1027-4A2B-8631-83DD8954004A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASCU9_SkipUac_Owner.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Owner.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-08 20:40 - 2015-08-07 08:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-07-04 08:56 - 2016-07-04 08:56 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-09 12:36 - 2016-05-09 12:36 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-09 12:36 - 2016-05-09 12:36 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 22:13 - 2014-05-01 22:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2016-05-08 21:16 - 2016-05-08 21:16 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 20:54 - 2016-02-13 20:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 02:26 - 2016-04-23 12:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-06-15 03:25 - 2016-05-28 11:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 03:25 - 2016-05-28 11:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 03:25 - 2016-05-28 11:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 03:25 - 2016-05-28 11:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-10 23:43 - 2016-05-16 13:31 - 01941064 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-02-28 10:21 - 2015-02-28 10:21 - 01282008 _____ () C:\Program Files (x86)\DFX\DFX.exe
2015-02-28 10:14 - 2015-02-28 10:14 - 00130520 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 10:18 - 2015-02-28 10:18 - 00131544 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 10:48 - 2015-02-28 10:48 - 00048088 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-06-21 18:15 - 2015-12-23 18:31 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-06-21 18:15 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2016-06-21 18:15 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2016-06-21 18:15 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2016-05-08 21:16 - 2016-05-08 21:16 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-08 21:16 - 2016-05-08 21:16 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00292112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00050960 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-07-04 08:56 - 2016-07-04 08:56 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-06-21 18:15 - 2015-12-23 18:32 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
2016-06-21 18:15 - 2015-12-23 18:31 - 00625440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ProductStatistics.dll
2015-02-28 10:43 - 2015-02-28 10:43 - 00049112 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2016-07-01 09:35 - 2016-05-26 01:03 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-07-01 09:35 - 2016-05-26 01:03 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-07-01 09:35 - 2016-06-14 04:13 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-07-01 09:35 - 2016-06-14 04:13 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-07-01 09:35 - 2016-03-12 08:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-07-01 09:35 - 2016-06-14 04:13 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-01 09:35 - 2016-06-14 04:13 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-07-04 15:31 - 2015-04-07 21:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-23 12:19 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2016-06-23 12:18 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2016-06-23 12:18 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-06-23 12:19 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-06-21 17:26 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-06-21 17:26 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-06-23 12:18 - 2016-03-31 17:57 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2016-06-23 12:18 - 2016-03-31 17:57 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2016-06-23 12:18 - 2016-03-31 17:57 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => " "= "Service "

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-07-03 07:29 - 00002574 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 idb.iobit.com
127.0.0.1 asc55.iobit.com
127.0.0.1 is360.iobit.com
127.0.0.1 asc.iobit.com
127.0.0.1 pf.iobit.com
127.0.0.1 98.129.229.186
127.0.0.1 www.iana.org
127.0.0.1 iana.org
127.0.0.1 idb.iobit.com
127.0.0.1 asc55.iobit.com
127.0.0.1 is360.iobit.com
127.0.0.1 asc.iobit.com
127.0.0.1 pf.iobit.com
127.0.0.1 98.129.229.186
127.0.0.1 www.iana.org
127.0.0.1 iana.org# ::1 localhost
127.0.0.1 www.iobit.com
127.0.0.1 www.asc55.iobit.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com

There are 21 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1328552388-464898415-372894888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "NvBackend "
HKLM\...\StartupApproved\Run: => "ShadowPlay "
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{E1DDC13D-DA36-4F57-A02E-044B1DA5E371}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{87304CCF-ACD5-494A-BAF6-57AF18062DC2}] => (Allow) LPort=1900
FirewallRules: [{BBBB7B6E-3233-48E8-A306-9A1396C9AEB4}] => (Allow) LPort=2869
FirewallRules: [{CA0AA814-12AB-439A-A82C-3954B4203BB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6844CB93-8679-40B8-9928-BEB565A04025}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{8A36FD51-D77C-4AC7-A44D-4803925562AD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{0B425C80-42C1-4FE0-B7DC-CE20D74E2E58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69A1CDD9-57CB-47B9-A6A5-FDD88396C147}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{18C9CC54-B88B-42CF-979D-4B18F997C215}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2CB5B8C1-D7A4-49B0-8A9D-6A21ACB4B3D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{943CECBE-5F42-42C0-8C3C-55A0E012A867}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BF9B7C50-682D-43FF-83CA-C45621834969}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3BE03CD2-2A05-4838-9250-9344BA9B64ED}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C9D4A95-3C2A-444A-9DC7-17FA148B37E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{56FEBBA6-421E-4377-AE19-919FB8656EAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0371F4F-7CAE-41B5-9750-D0E4AA8131DA}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{E8DF9CC7-C21B-4DAE-A0E0-848D04B54AC1}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{120CB836-7002-41D9-B042-414FAADB5BD1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

15-06-2016 04:20:43 Windows Update
22-06-2016 13:38:46 Scheduled Checkpoint
25-06-2016 09:33:10 Removed AVG Driver Updater
25-06-2016 10:24:38 Installed AVG Driver Updater
01-07-2016 13:19:50 Windows Update
04-07-2016 08:46:30 Removed AVG Driver Updater
04-07-2016 08:50:35 Removed AVG
04-07-2016 08:51:07 Removed AVG 2016
04-07-2016 15:08:51 Installed AVG 2016
04-07-2016 15:08:59 Installed AVG
04-07-2016 15:19:37 Removed AVG
04-07-2016 15:20:06 Removed AVG 2016
04-07-2016 15:28:31 Installed AVG 2016
04-07-2016 15:28:39 Installed AVG
04-07-2016 15:29:44 Removed AVG 2016
04-07-2016 15:31:34 Installed AVG 2016
04-07-2016 15:31:41 Installed AVG
04-07-2016 15:33:16 Installed AVG
04-07-2016 15:36:22 Installed AVG

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2016 08:22:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 08:07:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:52:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:43:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:37:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:22:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:22:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:22:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 07:22:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (07/04/2016 07:07:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/04/2016 07:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (07/04/2016 07:06:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3e8c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 03:38:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/04/2016 03:38:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (07/04/2016 03:37:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2e9fc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 03:32:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/04/2016 03:32:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (07/04/2016 03:31:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2f26c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 03:29:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Firewall Driver service failed to start due to the following error:
%%2 = The system cannot find the file specified.

CodeIntegrity:
===================================
Date: 2016-07-04 20:33:49.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:49.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:49.547
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:49.536
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:49.522
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:42.331
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:42.320
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:42.309
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:42.298
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 20:33:42.287
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8175.11 MB
Available physical RAM: 5854.48 MB
Total Virtual: 16367.11 MB
Available Virtual: 13486.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:180.23 GB) NTFS
Drive d: (NEW DOWNLOAD HERE) (Fixed) (Total:465.32 GB) (Free:389.09 GB) NTFS
Drive e: (ALL OTHERS HERE) (Fixed) (Total:1863.01 GB) (Free:502.06 GB) NTFS
Drive f: (ALL SHOWS HERE) (Fixed) (Total:1863.01 GB) (Free:676.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3838619F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 88028802)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A3E8C8DF)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 03BB3892)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

PeteC · 2016/07/04

Thanks - Broni will advise what action to take in due course.

broni · 2016/07/04

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Uninstall following unwanted programs:

ByteFence Anti-Malware
Social2Search
youndoo
YTD Video Downloader

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

kiasuteo · 2016/07/04

after uninstalled ByteFence Anti-Malware , Social2Search , youndoo and YTD Video Downloader and while doing the RogueKiller scan , AVG pop up stating the T.H. has been cleared .
do i still continue the scan or can I stop here ?
Please advise . Thanks

broni · 2016/07/04

Keep going.

kiasuteo · 2016/07/04

RogueKiller V12.3.7.0 [Jul 4 2016] (Free) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Adlice Software

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : D:\TORRENTS N OTHERS\RogueKiller.exe
Mode : Delete -- Date : 07/05/2016 11:52:35

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll) -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll) -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Internet Explorer\Main | Start Page : Search 23:44:00&v=4.2.9.726&pid=wtu&sg=&sap=hp -> Replaced (MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Internet Explorer\Main | Start Page : Search 23:44:00&v=4.2.9.726&pid=wtu&sg=&sap=hp -> Replaced (MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] 66w3u03n.default : AVG Web TuneUp [avg@toolbar] -> Deleted
[PUM.HomePage][FIREFX:Config] 66w3u03n.default : user_pref( "browser.startup.homepage ", "Yahoo - login "); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TS256GSSD370S ATA Device +++++
--- User ---
[MBR] eecaba3aff4e4f05ed425d9dcb53b26f
[BSP] 1689c48d940e8ee9b23eef589e6556a3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 243646 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499193856 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 1b827228e38c8be0d096a35ac0007cbd
[BSP] 2091f3c58573bdafe90e805d9a5e2b3e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476486 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975845376 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] 5a01f47b1521b7528f45736f36653616
[BSP] 3efd40054415bf131e83e1124b65e0d0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] 98d66ba812488a160440fa19d402a13c
[BSP] 879e20e5733a1046eaf9585b723eb4c0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

kiasuteo · 2016/07/04

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05/07/2016
Scan Time: 12:01 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.05.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392301
Time Elapsed: 2 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Youndoo, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Quarantined, [e67f68b8009a7eb80196610fb9499070],
PUP.Optional.SocialSearch, HKLM\SOFTWARE\Social2Sear, Quarantined, [04611e021c7e83b3254ed82333d009f7],
PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\youndooSoftware, Quarantined, [33327aa65941b38387ab03c758aa43bd],
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\5BF13AFD0F48ED1C9E85344D257FAB6C, Quarantined, [ca9b9e82940696a055387e7f8c779e62],
PUP.Optional.InstallCore, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\csastats, Quarantined, [f66f46daa7f38babb492807ba85bfc04],
PUP.Optional.YahooVNM, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Quarantined, [5213a47c257559ddd3a2813cd42fc53b],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [eb7a021e8c0ec86e1349cde4ff04b749],

Registry Values: 5
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\5bf13afd0f48ed1c9e85344d257fab6c|DisplayName, Social2Search, Quarantined, [ca9b9e82940696a055387e7f8c779e62]
PUP.Optional.YahooVNM, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, {searchTerms} - Yahoo Search Results, Quarantined, [5213a47c257559ddd3a2813cd42fc53b]
PUP.Optional.YahooVNM, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|TopResultURL, {searchTerms} - Yahoo Search Results, Quarantined, [263f958bafeb88ae373e912c1ae99070]
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, Quarantined, [ef768b95ecae93a3b6eb5c7ab84b817f]
PUP.Optional.ProductSetup, HKU\S-1-5-21-1328552388-464898415-372894888-1000\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, Quarantined, [eb7a021e8c0ec86e1349cde4ff04b749]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear, Quarantined, [d78eac74cad06acc98a5bf0cd62c42be],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\c58a250318035d294ffb509ec01beb59, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\701c8113d35b0ea417409acb8c64f5c2, Quarantined, [085d819f72282a0cf2700fe6f01359a7],

Files: 20
Trojan.MalPack, C:\Users\Owner\Dropbox (Old)\AimOne Video Converter 3.22.rar, Quarantined, [b0b533edc4d6ea4c501695b232cf29d7],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear\SOCIAL2SEARCH WEBSITE.LNK, Quarantined, [d78eac74cad06acc98a5bf0cd62c42be],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear\Settings.lnk, Quarantined, [d78eac74cad06acc98a5bf0cd62c42be],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear\SignIn with Twitter.lnk, Quarantined, [d78eac74cad06acc98a5bf0cd62c42be],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear\uninstall.lnk, Quarantined, [d78eac74cad06acc98a5bf0cd62c42be],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\c58a250318035d294ffb509ec01beb59\8E4BFD81760D32CFF060129E714C54A5.ICO, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\c58a250318035d294ffb509ec01beb59\9069ad9dbb86f5d934597789f18b73f9.ico, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\c58a250318035d294ffb509ec01beb59\9b5d035bb6e2c1f8e74a47f6a4a5ec13.ico, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\0fda646edddd166270a71123ad2b9141.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\20978111513fed58a0a98f90745eda59.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\4fb658dae5302ee7566359e4a6f72d04.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\67928ca782ff3b072aead59d5036309e, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\95f997c1b654da35b47fd3d8a9478501.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\97e3b99caf1afbe3355fa83705bfb56e.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\9b5d035bb6e2c1f8e74a47f6a4a5ec13.ico, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\a94083ac7f96edb7db04b134c5c3fbd8.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\c51555f3a7f3a6f3f596f6626b09b8da.exe, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\fb53d2b4d60efab0ec1dfd5f1372f31d.cfg, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\fb53d2b4d60efab0ec1dfd5f1372f31d.inf, Quarantined, [085d819f72282a0cf2700fe6f01359a7],
PUP.Optional.Wajam.Gen, C:\Program Files\5bf13afd0f48ed1c9e85344d257fab6c\701c8113d35b0ea417409acb8c64f5c2\sctrza.dll, Quarantined, [085d819f72282a0cf2700fe6f01359a7],

Physical Sectors: 0
(No malicious items detected)

(end)

kiasuteo · 2016/07/04

# AdwCleaner v5.201 - Logfile created 05/07/2016 at 12:19:21
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : Owner - KHAIRCOMPUTER
# Running from : D:\TORRENTS N OTHERS\adwcleaner_5.201.exe
# Option : Clean
# Support : ToolsLib

***** [ Services ] *****

[-] Service Deleted : swdumon
[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : LavasoftTcpService
[-] Service Deleted : WCAssistantService

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\ProgramData\lavasoft\web companion
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\lavasoft\web companion
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Owner\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Owner\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\lavasoft\web companion
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1}
[-] Folder Deleted : C:\Program Files\avg web tuneup
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [ Files ] *****

[-] File Deleted : C:\searchplugins\yahoo-lavasoft.xml
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\searchplugins\yahoo-lavasoft.xml
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\f
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key Deleted : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value Deleted : HKU\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Value Deleted : HKU\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js] Deleted : user_pref( "avg.wtu.ext.Revert_HP ", "hxxps://sg.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1210_160510__yaff ");
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js] Deleted : user_pref( "avg.wtu.ext.extParams ", "{\ "action\ ":\ "extParams\ ",\ "data\ ":{\ "searchParams\ ":{\ "pid\ ":\ "wtu\ ",\ "cid\ ":\ "{166a300a-07a1-4e4b-88bf-e9ed2df54c55}\ ",\ "mid\ ":\ "fa99a8b80b2647cc9e7d81ac0fdfe610-[...]
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js] Deleted : user_pref( "avg.wtu.ext.userHPSettings ", "hxxps://sg.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1210_160510__yaff ");
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js] Deleted : user_pref( "browser.newtab.url ", "hxxps://sg.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1210_160510__yaff ");
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js] Deleted : user_pref( "browser.newtabpage.url ", "hxxps://sg.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10181_1210_160510__yaff ");
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js] Deleted : user_pref( "network.hxxp.request.max-start-delay ", 0);

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9967 bytes] - [05/07/2016 12:19:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [10309 bytes] - [05/07/2016 12:14:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10114 bytes] ##########

kiasuteo · 2016/07/04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64
Ran by Owner (Administrator) on 05/07/2016 at 12:22:32.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 4

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Owner\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Owner (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Owner.job (Task)

Deleted the following from C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/07/2016 at 12:23:22.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

broni · 2016/07/05

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

kiasuteo · 2016/07/05

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Owner (administrator) on KHAIRCOMPUTER (06-07-2016 08:32:58)
Running from D:\TORRENTS N OTHERS
Loaded Profiles: Owner & DefaultAppPool (Available Profiles: Owner & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(GoldSolution Software, Inc.) C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(GoldSolution Software, Inc.) C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PC Auto Shutdown] => C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe [1442472 2014-05-23] (GoldSolution Software, Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1282008 2015-02-28] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5969184 2016-06-20] (IObit)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [2430240 2016-06-07] (IObit)
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [270128 2016-05-05] (BitTorrent, Inc.)
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-06-24]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0f4c9411-2d1b-4e34-b433-035db86cd6a2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1328552388-464898415-372894888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6C0BE51C-93AB-413A-8F85-5BC13D3A301A}&mid=fa99a8b80b2647cc9e7d81ac0fdfe610-8427284f4f69678b8104bad94e0772cdc242512c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-05-10 23:44:00&v=4.2.9.726&pid=wtu&sg=&sap=hp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-06-28] (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1328552388-464898415-372894888-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default
FF DefaultSearchEngine: Google
FF Homepage: hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=67ealru8eq7hd
hxxp://insane-speeds.net/messages.php
hxxps://iptorrents.eu/t?
hxxp://forum-andr.net/forum/7-mobile-os/
hxxp://forum-andr.net/forum/71-full-software/
hxxps://avistaz.to/torrents
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-05]
FF Extension: MEGA - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\Extensions\firefox@mega.co.nz.xpi [2016-07-03]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\66w3u03n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-05]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-06-30]
FF HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\Firefox\Extensions: [{31C8B8A4-6712-4A47-B378-2BE78B8EE9E1}] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.11.5.5983\BVDFirefoxExt
FF Extension: Bigasoft Video Downloader Firefox Extension - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.11.5.5983\BVDFirefoxExt [2016-06-13] [not signed]

Chrome:
=======
CHR HomePage: ferhghtatupisecoahick -> mysearch.avg.com/?rvt=1
CHR StartupUrls: ferhghtatupisecoahick -> "hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=aei76vhca0m5v ", "hxxp://www.stomp.com.sg/category/singapore-seen ", "hxxp://extratorrent.cc/ ", "hxxps://www.facebook.com/ "
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.11.5.5983\BVDChromeExt.crx [2016-06-13]

Opera:
=======
OPR StartupUrls: "hxxp://sugoideas.com/search/varietyshow/ ", "hxxp://www.hardwarezone.com.sg/home "

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe [456480 2016-05-30] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [1822496 2016-06-01] (IObit)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-06-29] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-06-29] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-01] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-27] (NVIDIA Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1597728 2016-06-13] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-06-14] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-27] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-27] (NVIDIA Corporation)
R2 PCAutoShutdown_Service; C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe [442136 2011-11-14] (GoldSolution Software, Inc.)
S3 tepsrv; C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe [38184 2012-12-18] (Acesoft) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.3.2\WsAppService.exe [416768 2016-06-24] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [294664 2016-06-07] (AVG Technologies CZ, s.r.o.)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [39048 2015-11-15] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-27] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-01-11] (IObit.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-05] ()
R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-05 19:18 - 2016-07-06 08:27 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-05 12:26 - 2016-07-05 22:00 - 00000000 ____D C:\ProgramData\ProductData
2016-07-05 12:26 - 2016-07-05 12:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProductData
2016-07-05 12:23 - 2016-07-05 12:23 - 00001217 _____ C:\Users\Owner\Desktop\JRT.txt
2016-07-05 12:14 - 2016-07-05 12:19 - 00000000 ____D C:\AdwCleaner
2016-07-05 12:10 - 2016-07-05 12:10 - 00007227 _____ C:\Users\Owner\Desktop\MBAM.txt
2016-07-05 11:57 - 2016-07-05 12:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-05 11:57 - 2016-07-05 11:57 - 00001187 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-05 11:57 - 2016-07-05 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-05 11:57 - 2016-07-05 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-05 11:57 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-05 11:57 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-05 11:57 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-05 11:44 - 2016-07-05 11:44 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-05 09:02 - 2016-07-05 09:02 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-04 20:33 - 2016-07-06 08:32 - 00000000 ____D C:\FRST
2016-07-04 19:43 - 2016-07-04 19:43 - 00001188 _____ C:\Users\Owner\Desktop\COMPLICATIONS S1.lnk
2016-07-04 15:36 - 2016-07-06 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-04 15:33 - 2016-07-04 15:33 - 00000000 ___HD C:\$AVG
2016-07-04 08:58 - 2016-07-05 12:19 - 00000000 ____D C:\searchplugins
2016-07-04 08:58 - 2016-07-04 08:58 - 00000369 _____ C:\Prefs.js
2016-07-04 08:56 - 2016-07-05 12:49 - 00000000 ____D C:\Program Files (x86)\AdAware
2016-07-04 08:52 - 2016-07-04 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-07-04 08:50 - 2016-07-04 08:50 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-07-04 08:49 - 2016-07-04 14:40 - 00000000 ____D C:\ProgramData\Norton
2016-07-04 08:49 - 2016-07-04 08:49 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-07-03 19:21 - 2016-07-03 19:21 - 00000000 ____D C:\Users\Owner\AppData\Local\pruputiongriqeringanererpy
2016-07-03 16:36 - 2016-07-03 16:36 - 00003646 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Defrag
2016-07-03 15:53 - 2016-07-03 15:57 - 1636855808 _____ C:\Users\Owner\Desktop\The.Angry.Birds.Movie.2016.TC.Unmarked.XVID.AC3.HQ.Hive-CM8.avi
2016-07-03 11:56 - 2016-07-03 11:56 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Adobe
2016-07-01 18:52 - 2016-07-01 18:52 - 00002278 _____ C:\Users\Public\Desktop\Chuzzle Deluxe.lnk
2016-07-01 09:52 - 2016-07-06 08:28 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-07-01 09:36 - 2016-07-05 12:04 - 00000000 ___RD C:\Users\Owner\Dropbox (Old)
2016-07-01 09:35 - 2016-07-06 08:27 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-01 09:35 - 2016-07-05 22:40 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-01 09:35 - 2016-07-01 09:35 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-07-01 09:35 - 2016-07-01 09:35 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-07-01 09:35 - 2016-07-01 09:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2016-07-01 09:35 - 2016-07-01 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-01 09:35 - 2016-07-01 09:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-01 09:34 - 2016-07-01 14:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Dropbox
2016-07-01 09:34 - 2016-07-01 09:34 - 00000000 ____D C:\ProgramData\Dropbox
2016-06-30 19:14 - 2016-06-30 19:14 - 00001234 _____ C:\Users\Owner\Desktop\SUPERNATURAL SEASON 11.lnk
2016-06-30 19:08 - 2016-06-30 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2016-06-30 19:07 - 2016-06-30 19:08 - 00000000 ____D C:\Program Files (x86)\PopCap Games
2016-06-30 10:31 - 2016-06-30 10:31 - 00000000 ____D C:\Users\Owner\Documents\Wondershare MediaServer
2016-06-30 10:31 - 2016-06-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-06-30 10:31 - 2016-06-30 10:31 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-30 10:31 - 2016-05-27 09:41 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2016-06-30 10:31 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-06-30 10:31 - 2015-02-27 14:38 - 00214528 _____ () C:\WINDOWS\SysWOW64\WSCM32.dll
2016-06-30 10:30 - 2016-06-30 10:30 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-06-28 00:53 - 2016-06-28 00:53 - 00142495 _____ C:\WINDOWS\a94083ac7f96edb7db04b134c5c3fbd8.exe
2016-06-25 09:31 - 2016-06-25 09:31 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG Netherlands BV
2016-06-23 12:19 - 2016-06-23 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-06-23 12:18 - 2016-06-23 12:18 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-06-23 11:28 - 2016-06-23 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2016-06-23 11:28 - 2016-06-23 11:28 - 00000000 ____D C:\Program Files (x86)\DFX
2016-06-23 11:21 - 2016-06-23 11:21 - 00000000 ____D C:\Users\Owner\AppData\Local\DFX
2016-06-23 11:21 - 2016-06-23 11:21 - 00000000 ____D C:\ProgramData\DFX
2016-06-23 11:05 - 2016-06-23 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Recorder
2016-06-23 11:05 - 2016-06-23 11:05 - 00000000 ____D C:\Program Files (x86)\Max Recorder
2016-06-22 15:33 - 2016-06-22 15:33 - 00001295 _____ C:\Users\Owner\Desktop\Criminal.Minds.Beyond.Borders.lnk
2016-06-21 18:16 - 2016-06-21 18:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2016-06-21 18:15 - 2016-06-23 11:18 - 00000284 _____ C:\WINDOWS\Tasks\ASCU9_SkipUac_Owner.job
2016-06-21 18:15 - 2016-06-21 18:15 - 00003334 _____ C:\WINDOWS\System32\Tasks\ASCU9_PerformanceMonitor
2016-06-21 18:15 - 2016-06-21 18:15 - 00002458 _____ C:\WINDOWS\System32\Tasks\ASCU9_SkipUac_Owner
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2016-06-21 18:15 - 2016-06-21 18:15 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2016-06-21 18:15 - 2014-10-15 22:14 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-21 17:28 - 2016-06-21 17:28 - 83345408 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 05517312 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 00344064 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-06-21 17:28 - 2016-06-21 17:28 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-06-21 17:26 - 2016-06-21 17:26 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-06-21 17:26 - 2016-06-21 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-06-21 17:26 - 2016-06-21 17:26 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-06-21 08:08 - 2016-06-21 08:08 - 00003260 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2016-06-21 08:08 - 2016-06-21 08:08 - 00003096 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-06-21 08:08 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2016-06-17 13:49 - 2016-06-17 13:49 - 621351983 _____ C:\WINDOWS\MEMORY.DMP
2016-06-17 13:49 - 2016-06-17 13:49 - 00291228 _____ C:\WINDOWS\Minidump\061716-8609-01.dmp
2016-06-17 13:49 - 2016-06-17 13:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-15 03:25 - 2016-05-28 14:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 03:25 - 2016-05-28 14:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 03:25 - 2016-05-28 13:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 03:25 - 2016-05-28 13:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 03:25 - 2016-05-28 13:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 03:25 - 2016-05-28 13:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 03:25 - 2016-05-28 13:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 03:25 - 2016-05-28 13:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 03:25 - 2016-05-28 13:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 03:25 - 2016-05-28 13:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 03:25 - 2016-05-28 13:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 03:25 - 2016-05-28 13:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 03:25 - 2016-05-28 13:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 03:25 - 2016-05-28 13:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 03:25 - 2016-05-28 13:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 03:25 - 2016-05-28 13:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 03:25 - 2016-05-28 13:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 03:25 - 2016-05-28 13:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 03:25 - 2016-05-28 13:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 03:25 - 2016-05-28 13:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 03:25 - 2016-05-28 13:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 03:25 - 2016-05-28 13:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 03:25 - 2016-05-28 13:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 03:25 - 2016-05-28 13:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

kiasuteo · 2016/07/05

2016-06-15 03:25 - 2016-05-28 13:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 03:25 - 2016-05-28 13:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 03:25 - 2016-05-28 13:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 03:25 - 2016-05-28 13:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 03:25 - 2016-05-28 13:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 03:25 - 2016-05-28 13:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 03:25 - 2016-05-28 13:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 03:25 - 2016-05-28 13:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 03:25 - 2016-05-28 13:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 03:25 - 2016-05-28 13:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 03:25 - 2016-05-28 13:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 03:25 - 2016-05-28 12:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 03:25 - 2016-05-28 12:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 03:25 - 2016-05-28 12:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 03:25 - 2016-05-28 12:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 03:25 - 2016-05-28 12:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 03:25 - 2016-05-28 12:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 03:25 - 2016-05-28 12:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 03:25 - 2016-05-28 12:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 03:25 - 2016-05-28 12:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 03:25 - 2016-05-28 12:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 03:25 - 2016-05-28 12:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 03:25 - 2016-05-28 12:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 03:25 - 2016-05-28 12:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 03:25 - 2016-05-28 12:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 03:25 - 2016-05-28 12:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 03:25 - 2016-05-28 12:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 03:25 - 2016-05-28 12:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 03:25 - 2016-05-28 12:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 03:25 - 2016-05-28 12:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 03:25 - 2016-05-28 12:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 03:25 - 2016-05-28 12:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 03:25 - 2016-05-28 12:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 03:25 - 2016-05-28 12:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 03:25 - 2016-05-28 12:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 03:25 - 2016-05-28 12:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 03:25 - 2016-05-28 12:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 03:25 - 2016-05-28 12:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 03:25 - 2016-05-28 12:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 03:25 - 2016-05-28 12:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 03:25 - 2016-05-28 12:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 03:25 - 2016-05-28 12:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 03:25 - 2016-05-28 12:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 03:25 - 2016-05-28 12:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 03:25 - 2016-05-28 12:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 03:25 - 2016-05-28 12:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 03:25 - 2016-05-28 12:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 03:25 - 2016-05-28 12:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 03:25 - 2016-05-28 12:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 03:25 - 2016-05-28 12:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 03:25 - 2016-05-28 12:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 03:25 - 2016-05-28 12:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 03:25 - 2016-05-28 12:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 03:25 - 2016-05-28 12:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 03:25 - 2016-05-28 12:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 03:25 - 2016-05-28 12:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 03:25 - 2016-05-28 12:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 03:25 - 2016-05-28 12:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 03:25 - 2016-05-28 12:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 03:25 - 2016-05-28 12:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 03:25 - 2016-05-28 12:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 03:25 - 2016-05-28 12:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 03:25 - 2016-05-28 12:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 03:25 - 2016-05-28 12:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 03:25 - 2016-05-28 12:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 03:25 - 2016-05-28 12:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 03:25 - 2016-05-28 12:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 03:25 - 2016-05-28 12:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 03:25 - 2016-05-28 12:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 03:25 - 2016-05-28 12:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 03:25 - 2016-05-28 12:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 03:25 - 2016-05-28 12:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 03:25 - 2016-05-28 12:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 03:25 - 2016-05-28 12:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 03:25 - 2016-05-28 12:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 03:25 - 2016-05-28 12:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 03:25 - 2016-05-28 12:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 03:25 - 2016-05-28 12:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 03:25 - 2016-05-28 12:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 03:25 - 2016-05-28 11:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 03:25 - 2016-05-28 11:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 03:25 - 2016-05-28 11:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 03:25 - 2016-05-28 11:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 03:25 - 2016-05-28 11:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-13 20:52 - 2016-06-13 20:52 - 00000833 _____ C:\Users\Owner\Desktop\( WAITING FOR SUB ) - Shortcut.lnk
2016-06-13 20:16 - 2016-06-18 21:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bigasoft Video Downloader Pro
2016-06-13 20:16 - 2016-06-13 20:16 - 00000000 ____D C:\Users\Owner\Documents\Bigasoft Video Downloader Pro
2016-06-13 20:16 - 2016-06-13 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\youtubejs
2016-06-13 20:15 - 2016-06-13 20:15 - 00001330 _____ C:\Users\Public\Desktop\Bigasoft Video Downloader Pro.lnk
2016-06-13 10:32 - 2016-06-14 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-12 19:16 - 2016-06-12 19:16 - 00001731 _____ C:\Users\Owner\Desktop\Top Funny Babies Laughing Hysterically compilation 2015 ♥ [NEW] - Shortcut.lnk
2016-06-12 19:16 - 2016-06-12 19:16 - 00001381 _____ C:\Users\Owner\Desktop\11 month old Baby argues with mom _Funny_ - Shortcut.lnk
2016-06-12 19:02 - 2016-06-12 19:02 - 00000812 _____ C:\Users\Owner\Desktop\U-TUBE DOWNLOAD HERE - Shortcut.lnk
2016-06-11 18:29 - 2016-06-11 18:29 - 00001177 _____ C:\Users\Owner\Desktop\My.Dangerous.Mafia.Retirement.Plan (720p) - Shortcut.lnk
2016-06-10 19:27 - 2016-06-10 19:27 - 00003264 _____ C:\WINDOWS\System32\Tasks\{EB73A86B-F65E-4D00-BFD9-1C5D3BE02033}
2016-06-09 08:15 - 2016-06-09 08:15 - 00310016 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2016-06-08 16:02 - 2016-06-08 16:02 - 00000554 _____ C:\Users\Owner\Desktop\NEW DOWNLOAD HERE (D) - Shortcut.lnk
2016-06-07 05:44 - 2016-06-07 05:44 - 00294664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 08:31 - 2016-05-06 10:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-06 08:28 - 2016-05-05 09:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-07-06 08:28 - 2016-05-05 09:37 - 00000000 ____D C:\ProgramData\MFAData
2016-07-06 08:28 - 2015-10-30 15:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-07-06 08:27 - 2016-05-08 20:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-06 08:27 - 2016-05-04 23:47 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-06 08:27 - 2016-02-13 21:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-06 08:27 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-06 08:27 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-06 08:25 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-06 08:24 - 2016-05-07 09:25 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9C19860-11CB-44F6-A090-3DDD8C096C4A}
2016-07-05 22:03 - 2016-05-04 23:47 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-05 20:27 - 2016-05-10 20:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MPC-HC
2016-07-05 19:26 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-05 18:57 - 2016-05-08 20:40 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-05 12:19 - 2016-05-10 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Lavasoft
2016-07-05 12:19 - 2016-05-10 20:16 - 00000000 ____D C:\ProgramData\Lavasoft
2016-07-05 12:19 - 2016-05-10 20:16 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-07-05 12:06 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-05 09:15 - 2016-05-08 20:41 - 00000000 ____D C:\Users\Owner
2016-07-05 08:35 - 2015-10-30 14:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-04 15:46 - 2016-05-05 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\AvgSetupLog
2016-07-04 15:34 - 2016-05-05 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2016-07-04 15:33 - 2016-05-05 09:37 - 00000000 ____D C:\ProgramData\Avg
2016-07-04 15:31 - 2016-05-05 09:37 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-04 14:36 - 2016-05-05 20:25 - 00000000 ____D C:\Program Files (x86)\PC Auto Shutdown
2016-07-04 14:28 - 2016-05-07 07:33 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-03 19:32 - 2016-05-04 23:47 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-03 11:57 - 2016-05-04 23:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-07-03 11:56 - 2016-05-07 09:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-07-03 08:21 - 2016-05-06 10:25 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-01 18:52 - 2016-05-05 20:21 - 00002389 _____ C:\Users\Public\Desktop\Mahjong Escape Ancient Japan.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002389 _____ C:\Users\Public\Desktop\Mahjong Escape Ancient China.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002383 _____ C:\Users\Public\Desktop\Peggle World of Warcraft Edition.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002296 _____ C:\Users\Public\Desktop\Peggle Nights Deluxe.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002261 _____ C:\Users\Public\Desktop\NingPo MahJong Deluxe.lnk
2016-07-01 18:52 - 2016-05-05 20:21 - 00002189 _____ C:\Users\Public\Desktop\Peggle Deluxe.lnk
2016-06-30 20:31 - 2016-05-05 22:37 - 00000000 ____D C:\ProgramData\PopCap Games
2016-06-30 10:31 - 2016-05-06 20:06 - 00000000 ____D C:\ProgramData\Wondershare
2016-06-29 17:48 - 2016-05-08 15:33 - 00369572 _____ C:\MONTHLY EXPENSES ACCOUNT - YEAR 2016.amj
2016-06-29 14:45 - 2016-05-06 20:06 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-06-25 14:43 - 2016-05-21 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WhatsApp
2016-06-23 12:24 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-23 12:19 - 2016-05-09 08:47 - 00000000 ____D C:\ProgramData\IObit
2016-06-23 12:18 - 2016-05-09 08:47 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-23 11:25 - 2016-05-07 10:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 11:25 - 2016-05-07 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 08:39 - 2016-05-07 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 18:20 - 2016-05-04 23:47 - 00003974 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-06-21 17:32 - 2016-05-09 08:47 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2016-06-21 17:30 - 2016-05-09 12:39 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-21 17:26 - 2016-05-09 08:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2016-06-21 08:08 - 2016-05-09 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-06-18 15:22 - 2016-05-21 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-06-18 15:22 - 2016-05-21 10:59 - 00000000 ____D C:\Users\Owner\AppData\Local\WhatsApp
2016-06-18 15:22 - 2016-05-21 10:59 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2016-06-17 23:31 - 2016-05-13 17:31 - 20461248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-06-17 23:31 - 2016-05-06 10:25 - 00003966 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-06-17 09:52 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 21:19 - 2016-05-05 09:58 - 00003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1462413494
2016-06-16 21:19 - 2016-05-05 09:58 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-16 21:19 - 2016-05-05 09:58 - 00000000 ____D C:\Program Files (x86)\Opera
2016-06-16 13:42 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-16 13:21 - 2016-05-05 20:30 - 00000000 ____D C:\ProgramData\MEGAsync
2016-06-15 10:13 - 2016-02-13 21:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 10:12 - 2016-02-13 21:12 - 00340696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-15 06:41 - 2015-10-30 15:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-15 06:41 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-15 06:41 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 04:23 - 2016-05-05 07:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 04:20 - 2016-05-05 07:11 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 02:33 - 2015-10-30 15:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-15 02:33 - 2015-10-30 15:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-14 11:07 - 2016-05-06 08:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-13 20:15 - 2016-05-06 20:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2016-06-13 20:15 - 2016-05-06 20:01 - 00000000 ____D C:\Program Files (x86)\Bigasoft

==================== Files in the root of some directories =======

2016-05-05 21:10 - 2016-05-05 21:10 - 0000037 ___SH () C:\Users\Owner\AppData\Local\20986331705021ca58edc424.96250074

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-27 13:16

==================== End of FRST.txt ============================

kiasuteo · 2016/07/05

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Owner (2016-07-06 08:33:16)
Running from D:\TORRENTS N OTHERS
Windows 10 Pro Version 1511 (X64) (2016-05-08 12:47:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1328552388-464898415-372894888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1328552388-464898415-372894888-503 - Limited - Disabled)
Guest (S-1-5-21-1328552388-464898415-372894888-501 - Limited - Disabled)
Owner (S-1-5-21-1328552388-464898415-372894888-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {91A1210C-78DD-A71C-E865-63DB27C767EE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\uTorrent) (Version: 1.8.1 - )
AceMoney (HKLM-x32\...\AceMoney_is1) (Version: - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 9 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 9.1.0 - IObit)
AVG (Version: 16.91.7688 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7688 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
Bigasoft Total Video Converter 4.4.1.5384 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version: - Bigasoft Corporation)
Bigasoft Video Downloader Pro 3.11.5.5983 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version: - PopCap Games)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.400.0.0 - Power Technology)
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.142 - IObit)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 12.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.0 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 38.0.2220.31 (HKLM-x32\...\Opera 38.0.2220.31) (Version: 38.0.2220.31 - Opera Software)
PC Auto Shutdown 5.81 (HKLM-x32\...\PC Auto Shutdown_is1) (Version: 5.81 - GoldSolution Software, Inc.)
Popcap Game Collection (HKLM-x32\...\{69EA986B-B172-4FAA-B54D-853BD3A2B264}) (Version: 1.00.0000 - Popcap)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.1.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Tracks Eraser Pro v8.9 build 1000 (HKLM-x32\...\Tracks Eraser Pro_is1) (Version: - Acesoft, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Web Companion (HKLM-x32\...\{693c2d88-4418-42ec-8879-b0b7faab502d}) (Version: 2.3.1439.2793 - Lavasoft)
WhatsApp (HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\WhatsApp) (Version: 0.2.936 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.7.1.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.1.2 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1328552388-464898415-372894888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F77837-A1FA-4D84-B1E1-A43FEEF68BDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {061B2E18-DD7F-4DD6-8E33-55770AAF7BE7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0847FCE1-4DCF-4090-A42B-6FD55FA135A8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {09FA567B-BE89-4C5C-ACF0-B1116681FAA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0BE1F955-3FFC-44A8-8004-657AC403354A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0D2A6673-4D6A-43C3-B6E5-99AF37647AAB} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {17C56458-6D47-40F1-88A9-479B2097F9DD} - System32\Tasks\Opera scheduled Autoupdate 1462413494 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-13] (Opera Software)
Task: {183B2D1F-ECAE-4D57-9E0E-82A9C5C1B82B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {1BE15885-542A-4AD4-A90C-002E63BD3B49} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {219663C3-EBE3-4F8C-B22C-9EC96A1AA1F2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {255DE829-09BD-434D-AA3B-B0B2935550A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {282F49EA-1A06-4165-9DB5-FAAE2C753D86} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {2A432E22-B561-494A-A63D-D42D4798774E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2AF3980D-767E-4588-BA23-304AF53B65A6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {2D607D31-97E0-463A-865F-0657E1954F72} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {3560D7EA-7F88-4F8A-8B11-E655F5276419} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {36F93415-12D6-48D2-87B4-FFE1057FFCC8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {47C33F6C-8A9B-4B6E-B2B7-D3B59D33A14C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4DCAC067-95EE-48DD-874B-122279CD9B8C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5068F8F2-C745-4735-A5E5-1397EF37E602} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {547BB05F-76D5-4C36-8FC4-576CC66951E4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5AA2F4C4-4D4D-484C-AAC3-077074904256} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {5FE7376C-C593-4B30-A8F1-6672F63F913C} - System32\Tasks\{EB73A86B-F65E-4D00-BFD9-1C5D3BE02033} => pcalua.exe -a "C:\Program Files (x86)\PC Auto Shutdown\unins000.exe "
Task: {65B323BE-9363-49FF-A60A-7080D2CB15B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {6D03A446-7B6D-4B43-B91F-02E0F5BC7823} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {6D7FAE5A-9670-45B4-8E26-F44E12301298} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {88CBCBA5-A74A-4564-A8E8-ED3A66DE1EDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {8BAD6AE5-CE4E-4844-8EC8-0F6D7C8E2148} - System32\Tasks\ASCU9_SkipUac_Owner => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe [2016-06-07] (IObit)
Task: {97B7B6E5-9A7F-4994-9AD0-0C9D32C9BF23} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {9FC63781-BC0F-4980-A4CF-805E9BD4992E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {A01AC667-E945-4BED-93E3-22AF3CC4B497} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A1BBBAB0-ADFF-4791-903A-B0CD63E17E1C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A2EC6359-2BE2-4491-A376-3787CA883303} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A47923B4-B7F4-458D-BDC9-99B0D196182D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AEFBCE78-5A37-4259-BBDE-14CB3ACB0623} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {AFBBEED9-51A8-4282-85BE-C0851F122089} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C10F043E-7050-4CC7-A099-F6CED885679A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C1464B64-C622-4A34-9193-CB7661B2F4DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C463D29A-519C-4F47-893A-B82E9A207872} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C59A9D57-8DFA-4768-8D1B-AB759E29BB1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C8E4E0F3-7E12-4A17-965E-F8CB97A7212D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-01] (Dropbox, Inc.)
Task: {CE51BE31-F7F7-43F9-896F-B826475D6DD3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-01] (Dropbox, Inc.)
Task: {CEDFC200-038D-429C-88F2-DABF3DF7F18B} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {D5AC9236-9040-4C15-8277-9C4A2C6F20DA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D88356D3-A9F7-401F-AFF1-6DAE9E57C8E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E02B32E4-8081-496A-8873-94ADE5E6FC90} - System32\Tasks\ASCU9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2016-05-31] (IObit)
Task: {E28DDEB2-9B25-4B8B-8EAD-4155261F23FB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E54BC8C4-414A-4BE0-9A0F-CF7B36FC69EF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E65AE528-3686-4231-A782-A42C3E22505B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1179C43-2504-48BD-9238-A07B6066C7C4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC3DE631-1027-4A2B-8631-83DD8954004A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASCU9_SkipUac_Owner.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-08 20:40 - 2015-08-07 08:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-09 12:36 - 2016-05-09 12:36 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-09 12:36 - 2016-05-09 12:36 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 22:13 - 2014-05-01 22:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2016-05-08 21:16 - 2016-05-08 21:16 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 20:54 - 2016-02-13 20:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 02:26 - 2016-04-23 12:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 03:25 - 2016-05-28 11:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 03:25 - 2016-05-28 11:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 03:25 - 2016-05-28 11:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 03:25 - 2016-05-28 11:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-05 02:02 - 2016-04-27 22:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-02-28 10:21 - 2015-02-28 10:21 - 01282008 _____ () C:\Program Files (x86)\DFX\DFX.exe
2015-02-28 10:14 - 2015-02-28 10:14 - 00130520 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 10:18 - 2015-02-28 10:18 - 00131544 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 10:48 - 2015-02-28 10:48 - 00048088 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-06-21 18:15 - 2015-12-23 18:31 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-06-21 18:15 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2016-06-21 18:15 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2016-06-21 18:15 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2016-05-08 21:16 - 2016-05-08 21:16 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-08 21:16 - 2016-05-08 21:16 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-21 18:15 - 2015-12-23 18:32 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
2016-06-21 18:15 - 2015-12-23 18:31 - 00625440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ProductStatistics.dll
2015-02-28 10:43 - 2015-02-28 10:43 - 00049112 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2016-07-01 09:35 - 2016-05-26 01:03 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-07-01 09:35 - 2016-05-26 01:03 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-07-01 09:35 - 2016-06-14 04:13 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-07-01 09:35 - 2016-05-26 01:03 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-07-01 09:35 - 2016-06-14 04:13 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-07-01 09:35 - 2016-03-12 08:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-07-01 09:35 - 2016-06-14 04:13 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-01 09:35 - 2016-06-14 04:13 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-07-01 09:35 - 2016-05-26 01:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-07-01 09:35 - 2016-05-26 01:05 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-07-01 09:35 - 2016-06-14 04:13 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-07-04 15:31 - 2015-04-07 21:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-23 12:19 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2016-06-23 12:18 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2016-06-23 12:18 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-06-23 12:19 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-06-21 17:26 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-06-21 17:26 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => " "= "Service "

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-07-03 07:29 - 00002574 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 idb.iobit.com
127.0.0.1 asc55.iobit.com
127.0.0.1 is360.iobit.com
127.0.0.1 asc.iobit.com
127.0.0.1 pf.iobit.com
127.0.0.1 98.129.229.186
127.0.0.1 www.iana.org
127.0.0.1 iana.org
127.0.0.1 idb.iobit.com
127.0.0.1 asc55.iobit.com
127.0.0.1 is360.iobit.com
127.0.0.1 asc.iobit.com
127.0.0.1 pf.iobit.com
127.0.0.1 98.129.229.186
127.0.0.1 www.iana.org
127.0.0.1 iana.org# ::1 localhost
127.0.0.1 www.iobit.com
127.0.0.1 www.asc55.iobit.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com

There are 21 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1328552388-464898415-372894888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "NvBackend "
HKLM\...\StartupApproved\Run: => "ShadowPlay "
HKU\S-1-5-21-1328552388-464898415-372894888-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{E1DDC13D-DA36-4F57-A02E-044B1DA5E371}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{87304CCF-ACD5-494A-BAF6-57AF18062DC2}] => (Allow) LPort=1900
FirewallRules: [{BBBB7B6E-3233-48E8-A306-9A1396C9AEB4}] => (Allow) LPort=2869
FirewallRules: [{CA0AA814-12AB-439A-A82C-3954B4203BB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6844CB93-8679-40B8-9928-BEB565A04025}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{8A36FD51-D77C-4AC7-A44D-4803925562AD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{0B425C80-42C1-4FE0-B7DC-CE20D74E2E58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69A1CDD9-57CB-47B9-A6A5-FDD88396C147}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{18C9CC54-B88B-42CF-979D-4B18F997C215}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2CB5B8C1-D7A4-49B0-8A9D-6A21ACB4B3D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{943CECBE-5F42-42C0-8C3C-55A0E012A867}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BF9B7C50-682D-43FF-83CA-C45621834969}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3BE03CD2-2A05-4838-9250-9344BA9B64ED}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C9D4A95-3C2A-444A-9DC7-17FA148B37E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{56FEBBA6-421E-4377-AE19-919FB8656EAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0371F4F-7CAE-41B5-9750-D0E4AA8131DA}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{E8DF9CC7-C21B-4DAE-A0E0-848D04B54AC1}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{120CB836-7002-41D9-B042-414FAADB5BD1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{C80E1C58-3F78-4372-AF57-4AA9E29AF456}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{EBEFF202-3358-4B64-8F41-C127232C9FEB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{0F7C0747-A029-45F5-A763-5C2B336ABE84}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4E0F5F34-0AA6-4503-8AC5-B65B966EE65C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CCC8C44D-9BB8-4DFE-9B4C-475A756C00DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{DA0EBE0F-33B6-414F-BCFD-769B47773D53}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{F65924AC-C84A-4385-831B-E8331806E5C5}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9E4E42C5-41F8-4E5F-9810-B52D67C4022D}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe

==================== Restore Points =========================

15-06-2016 04:20:43 Windows Update
22-06-2016 13:38:46 Scheduled Checkpoint
25-06-2016 09:33:10 Removed AVG Driver Updater
25-06-2016 10:24:38 Installed AVG Driver Updater
01-07-2016 13:19:50 Windows Update
04-07-2016 08:46:30 Removed AVG Driver Updater
04-07-2016 08:50:35 Removed AVG
04-07-2016 08:51:07 Removed AVG 2016
04-07-2016 15:08:51 Installed AVG 2016
04-07-2016 15:08:59 Installed AVG
04-07-2016 15:19:37 Removed AVG
04-07-2016 15:20:06 Removed AVG 2016
04-07-2016 15:28:31 Installed AVG 2016
04-07-2016 15:28:39 Installed AVG
04-07-2016 15:29:44 Removed AVG 2016
04-07-2016 15:31:34 Installed AVG 2016
04-07-2016 15:31:41 Installed AVG
04-07-2016 15:33:16 Installed AVG
04-07-2016 15:36:22 Installed AVG
05-07-2016 12:22:33 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 08:29:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:29:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:28:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:28:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:28:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:27:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:27:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:27:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:27:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/06/2016 08:27:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KHAIRCOMPUTER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (07/06/2016 08:28:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (07/06/2016 08:27:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (07/06/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/06/2016 08:27:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (07/06/2016 08:26:58 AM) (Source: DCOM) (EventID: 10010) (User: KHAIRCOMPUTER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/06/2016 08:26:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1df8354 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/06/2016 08:24:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (07/05/2016 10:58:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_309a4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/05/2016 10:50:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (07/05/2016 08:50:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

CodeIntegrity:
===================================
Date: 2016-07-05 12:07:02.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 12:07:02.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 12:07:02.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 12:07:02.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 12:07:02.338
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 11:56:59.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 11:56:59.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 11:56:59.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 11:56:59.066
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-05 11:56:59.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8175.11 MB
Available physical RAM: 5841.05 MB
Total Virtual: 16367.11 MB
Available Virtual: 13979.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:177.7 GB) NTFS
Drive d: (NEW DOWNLOAD HERE) (Fixed) (Total:465.32 GB) (Free:376.71 GB) NTFS
Drive e: (ALL OTHERS HERE) (Fixed) (Total:1863.01 GB) (Free:505.13 GB) NTFS
Drive f: (ALL SHOWS HERE) (Fixed) (Total:1863.01 GB) (Free:677.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3838619F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 88028802)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A3E8C8DF)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 03BB3892)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

broni · 2016/07/05

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

kiasuteo · 2016/07/06

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Owner (2016-07-06 13:00:28) Run:1
Running from D:\SOFTWARE\CLEAN TROJAN HORSE\New folder
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2016-05-05 21:10 - 2016-05-05 21:10 - 0000037 ___SH () C:\Users\Owner\AppData\Local\20986331705021ca58edc424.96250074
Task: {0847FCE1-4DCF-4090-A42B-6FD55FA135A8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {09FA567B-BE89-4C5C-ACF0-B1116681FAA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0BE1F955-3FFC-44A8-8004-657AC403354A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0D2A6673-4D6A-43C3-B6E5-99AF37647AAB} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {255DE829-09BD-434D-AA3B-B0B2935550A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2AF3980D-767E-4588-BA23-304AF53B65A6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3560D7EA-7F88-4F8A-8B11-E655F5276419} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6D7FAE5A-9670-45B4-8E26-F44E12301298} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A1BBBAB0-ADFF-4791-903A-B0CD63E17E1C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A47923B4-B7F4-458D-BDC9-99B0D196182D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C59A9D57-8DFA-4768-8D1B-AB759E29BB1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E65AE528-3686-4231-A782-A42C3E22505B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1179C43-2504-48BD-9238-A07B6066C7C4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC3DE631-1027-4A2B-8631-83DD8954004A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Owner\AppData\Local\20986331705021ca58edc424.96250074 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0847FCE1-4DCF-4090-A42B-6FD55FA135A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0847FCE1-4DCF-4090-A42B-6FD55FA135A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09FA567B-BE89-4C5C-ACF0-B1116681FAA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09FA567B-BE89-4C5C-ACF0-B1116681FAA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BE1F955-3FFC-44A8-8004-657AC403354A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BE1F955-3FFC-44A8-8004-657AC403354A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D2A6673-4D6A-43C3-B6E5-99AF37647AAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D2A6673-4D6A-43C3-B6E5-99AF37647AAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{255DE829-09BD-434D-AA3B-B0B2935550A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{255DE829-09BD-434D-AA3B-B0B2935550A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AF3980D-767E-4588-BA23-304AF53B65A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AF3980D-767E-4588-BA23-304AF53B65A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3560D7EA-7F88-4F8A-8B11-E655F5276419}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3560D7EA-7F88-4F8A-8B11-E655F5276419}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D7FAE5A-9670-45B4-8E26-F44E12301298}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D7FAE5A-9670-45B4-8E26-F44E12301298}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1BBBAB0-ADFF-4791-903A-B0CD63E17E1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1BBBAB0-ADFF-4791-903A-B0CD63E17E1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A47923B4-B7F4-458D-BDC9-99B0D196182D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A47923B4-B7F4-458D-BDC9-99B0D196182D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59A9D57-8DFA-4768-8D1B-AB759E29BB1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59A9D57-8DFA-4768-8D1B-AB759E29BB1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E65AE528-3686-4231-A782-A42C3E22505B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E65AE528-3686-4231-A782-A42C3E22505B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1179C43-2504-48BD-9238-A07B6066C7C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1179C43-2504-48BD-9238-A07B6066C7C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC3DE631-1027-4A2B-8631-83DD8954004A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC3DE631-1027-4A2B-8631-83DD8954004A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully

==== End of Fixlog 13:00:29 ====

Log in or Sign up

Solved Trojan Horse Generic

kiasuteo Well-Known Member Thread Starter

PeteC SuperGeek Staff

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

kiasuteo Well-Known Member Thread Starter

broni Moderator Malware Analyst

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

broni Moderator Malware Analyst

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

kiasuteo Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Trojan Horse Generic

kiasuteo Well-Known Member Thread Starter

PeteC SuperGeek Staff

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

kiasuteo Well-Known Member Thread Starter

broni Moderator Malware Analyst

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

broni Moderator Malware Analyst

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

kiasuteo Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

kiasuteo Well-Known Member Thread Starter

Share This Page

Useful Searches