Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016 Ran by Axlykajill04 (administrator) on AXLYKAJILL (12-10-2016 15:39:55) Running from C:\Users\Axlykajill04\Downloads Loaded Profiles: Axlykajill04 (Available Profiles: Axlykajill04) Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe (© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe (Spotify Ltd) C:\Users\Axlykajill04\AppData\Roaming\Spotify\SpotifyWebHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIBZP.EXE (BitTorrent Inc.) C:\Users\Axlykajill04\AppData\Roaming\uTorrent\uTorrent.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (BitTorrent Inc.) C:\Users\Axlykajill04\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe (BitTorrent Inc.) C:\Users\Axlykajill04\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-12] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-12] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-05] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-05] (Intel Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2178120 2016-08-23] () HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\RunOnce: [Rodobeb] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\AXLYKA~1\AppData\Roaming\Bufebalusa" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-06-28] (Lavasoft) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3111456 2013-05-13] (Disc Soft Ltd) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Spotify Web Helper] => C:\Users\Axlykajill04\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-25] (Spotify Ltd) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Spotify] => C:\Users\Axlykajill04\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-25] (Spotify Ltd) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Evztion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Axlykajill04\AppData\Local\YjPack\gzxwabmm.dll HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Chromium] => c:\users\axlykajill04\appdata\local\chromium\application\chrome.exe [1068544 2016-03-19] (The Chromium Authors) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [EPSON Stylus C90 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBZP.EXE [213504 2007-10-05] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\MountPoints2: {a8ae69e8-5c70-11e6-82b5-48d224607bd8} - "F:\LGAutoRun.exe" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\MountPoints2: {d31c0236-45c5-11e5-bf61-48d224607bd8} - "E:\bootstrap.exe" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\MountPoints2: {f0f56292-8d85-11e5-8136-48d224607bd8} - "E:\setup.exe" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\MountPoints2: {f998e916-70d6-11e5-80b7-48d224607bd8} - "F:\bootstrap.exe" HKU\S-1-5-18\...\Run: [] => 0 AppInit_DLLs: acaptuser64.dll => C:\WINDOWS\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Axlykajill04\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Axlykajill04\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Axlykajill04\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Axlykajill04\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Axlykajill04\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Axlykajill04\AppData\Local\MEGAsync\ShellExtX32.dll No File Startup: C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaDownloader.lnk [2016-10-09] ShortcutTarget: MegaDownloader.lnk -> C:\Program Files\MegaDownloader\MegaDownloader.exe (No File) Startup: C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\µTorrent.lnk [2016-10-09] ShortcutTarget: µTorrent.lnk -> C:\Users\Axlykajill04\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) GroupPolicy: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 114.108.193.201 114.108.195.1 Tcpip\..\Interfaces\{2F62A543-03A9-47A0-9BF8-CD68B4BDCBAE}: [DhcpNameServer] 114.108.193.201 114.108.195.1 Tcpip\..\Interfaces\{9A3E06B4-9A06-4A94-B751-B29757F8EB7E}: [DhcpNameServer] 114.108.193.201 114.108.195.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtDtDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyByEyCyB0D0FtCyEtGtCyCyB0BtGtB0E0A0FtGtB0DyDyBtGtD0ByEtCtB0Azz0C0F0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1942080598%26a%3Dhdr_s_16_34_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtDtDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyByEyCyB0D0FtCyEtGtCyCyB0BtGtB0E0A0FtGtB0DyDyBtGtD0ByEtCtB0Azz0C0F0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1942080598%26a%3Dhdr_s_16_34_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtDtDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyByEyCyB0D0FtCyEtGtCyCyB0BtGtB0E0A0FtGtB0DyDyBtGtD0ByEtCtB0Azz0C0F0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1942080598%26a%3Dhdr_s_16_34_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_41_wncy_ir_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyByEyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0BzzyDzzyE0E0EtGyD0AyB0FtG0Ezyzy0DtGyD0ByD0BtGyCtCtDyCtB0BtD0C0CtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D502036834%26a%3Dhdr_s_16_41_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_41_wncy_ir_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyByEyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0BzzyDzzyE0E0EtGyD0AyB0FtG0Ezyzy0DtGyD0ByD0BtGyCtCtDyCtB0BtD0C0CtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D502036834%26a%3Dhdr_s_16_41_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://mysearch.avg.com/search?cid={3D4F94BF-8522-4280-8818-74A60A13F601}&mid=c19c7de75d6647cda339999b6284922b-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-11-02 20:34:24&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> {3A7FD686-1594-48D5-AA8E-9F444C56B911} URL = SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_41_wncy_ir_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyByEyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0BzzyDzzyE0E0EtGyD0AyB0FtG0Ezyzy0DtGyD0ByD0BtGyCtCtDyCtB0BtD0C0CtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D502036834%26a%3Dhdr_s_16_41_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-10] (Oracle Corporation) BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.4.122\AVG Web TuneUp.dll [2016-08-23] (AVG) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-10] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-05-04] (pdfforge GmbH) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-11] (Oracle Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.4.122\AVG Web TuneUp.dll [2016-08-23] (AVG) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-11] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-05-04] (pdfforge GmbH) Toolbar: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 3u032o1y.default FF ProfilePath: C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default [2016-10-12] FF NewTab: Mozilla\Firefox\Profiles\3u032o1y.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3u032o1y.default -> YHS FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3u032o1y.default -> YHS FF Homepage: Mozilla\Firefox\Profiles\3u032o1y.default -> hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StCtCtCtAyDyD0A0CtGtCtCtD0FtGyC0C0D0BtGyC0BtC0DtGzytDyEzytBzzyEzy0FzyyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1542198389%26a%3Dhdr_s_16_38_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage FF Keyword.URL: Mozilla\Firefox\Profiles\3u032o1y.default -> user_pref("keyword.URL", true); FF Extension: (YouTube™ Flash® Player) - C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-09-02] FF Extension: (System.Runtime.Remoting.Metadata.W3cXsd2001.SoapEntities) - C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default\Extensions\{9A26491B-7EB6-3A72-1873-B4EDAEEA00BA} [2016-09-05] [not signed] FF Extension: (Adblock Plus) - C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF SearchPlugin: C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default\searchplugins\avg-secure-search.xml [2016-09-03] FF SearchPlugin: C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default\searchplugins\google-default.xml [2015-06-29] FF SearchPlugin: C:\Users\Axlykajill04\AppData\Roaming\Mozilla\Firefox\Profiles\3u032o1y.default\searchplugins\yhs.xml [2016-08-28] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-07-01] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-10] (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.4\\npsitesafety.dll [No File] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-11] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-25] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems) FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-05-04] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-1995861311-3636309898-3167673773-1001: @nsroblox.roblox.com/launcher -> C:\Users\Axlykajill04\AppData\Local\Roblox\Versions\version-14d50132362e4612\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1995861311-3636309898-3167673773-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Axlykajill04\AppData\Local\Roblox\Versions\version-14d50132362e4612\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1995861311-3636309898-3167673773-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Axlykajill04\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> mysearch.avg.com/?rvt=1 CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms} CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR Profile: C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default [2016-10-11] CHR Extension: (YouTube) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11] CHR Extension: (AVG Secure Search) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-08-24] CHR Extension: (Google Search) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11] CHR Extension: (Google Docs Offline) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-07] CHR Extension: (Grammarly for Chrome) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-10-04] CHR Extension: (Home Tab) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2016-08-07] CHR Extension: (Office Online) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-10-10] CHR Extension: (Gmail) - C:\Users\Axlykajill04\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11] CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-03-13] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-29] (Digital Wave Ltd.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625640 2015-04-24] (Lenovo) S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438368 2016-05-04] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-05-04] (pdfforge GmbH) R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-05-04] (pdfforge GmbH) R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.) S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-27] (TOSHIBA CORPORATION) S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-06-18] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-06-18] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980040 2016-08-23] () S2 Dreary Life; C:\Users\Axlykajill04\AppData\Roaming\Dreary Life\Dreary Life.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.) S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [217824 2013-03-22] (AppEx Networks Corporation) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-16] (Advanced Micro Devices) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-11-18] (DT Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-26] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-01] (Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-06-18] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-06-18] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-06-18] (Microsoft Corporation) S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X] S3 X6va034; \??\C:\WINDOWS\SysWOW64\Drivers\X6va034 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-12 15:39 - 2016-10-12 15:40 - 00034909 _____ C:\Users\Axlykajill04\Downloads\FRST.txt 2016-10-12 15:39 - 2016-10-12 15:39 - 00000000 ____D C:\FRST 2016-10-12 15:38 - 2016-10-12 15:38 - 02407424 _____ (Farbar) C:\Users\Axlykajill04\Downloads\FRST64.exe 2016-10-12 13:11 - 2016-10-12 13:11 - 00281664 _____ C:\WINDOWS\Minidump\101216-29234-01.dmp 2016-10-12 13:06 - 2016-10-12 13:06 - 00281664 _____ C:\WINDOWS\Minidump\101216-31953-01.dmp 2016-10-12 12:52 - 2016-10-12 12:52 - 00281664 _____ C:\WINDOWS\Minidump\101216-25203-01.dmp 2016-10-12 08:10 - 2016-10-12 08:10 - 00002319 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2016-10-12 08:10 - 2016-10-12 08:10 - 00002311 _____ C:\Users\Axlykajill04\Desktop\Chromium.lnk 2016-10-12 08:09 - 2016-10-12 08:10 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\chromium 2016-10-12 08:06 - 2016-10-12 08:10 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\{58A66EFA-7C0E-0242-1196-27AA35FEDB32} 2016-10-12 08:06 - 2016-10-12 08:06 - 00002522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2016-10-11 21:13 - 2016-10-11 21:13 - 00281664 _____ C:\WINDOWS\Minidump\101116-32625-01.dmp 2016-10-11 19:41 - 2016-10-11 19:41 - 00281664 _____ C:\WINDOWS\Minidump\101116-36187-01.dmp 2016-10-11 19:36 - 2016-10-12 13:17 - 00000000 ____D C:\Users\Axlykajill04\AppData\LocalLow\uTorrent 2016-10-09 15:05 - 2016-10-09 15:06 - 00000080 _____ C:\Users\Axlykajill04\Desktop\askgeek.txt 2016-10-08 15:25 - 2016-10-09 14:50 - 00002129 _____ C:\Users\Public\Desktop\Google Earth.lnk 2016-10-08 15:25 - 2016-10-08 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-10-07 22:03 - 2016-10-07 22:03 - 00281664 _____ C:\WINDOWS\Minidump\100716-83609-01.dmp 2016-10-07 12:58 - 2016-10-07 13:00 - 02754964 _____ C:\Users\Axlykajill04\Downloads\TPAD-Final-Paper_-Sitio-Kawayan-HRM-1.pdf 2016-10-07 12:25 - 2016-10-07 12:25 - 00000000 ____D C:\Users\Axlykajill04\Desktop\keyboard 2016-10-07 12:24 - 2016-10-07 12:24 - 00568552 _____ (PortableApps.com) C:\Users\Axlykajill04\Downloads\On-ScreenKeyboardPortable_1.2.paf.exe 2016-10-04 15:31 - 2016-10-04 15:33 - 00000000 ____D C:\Users\Axlykajill04\Desktop\Movies 2016-10-04 01:52 - 2016-10-04 01:52 - 00281664 _____ C:\WINDOWS\Minidump\100416-167218-01.dmp 2016-09-24 22:25 - 2016-10-12 15:07 - 00000316 _____ C:\WINDOWS\Tasks\{41EBE507-AFEF-6C62-D2DB-32F7BE0E4294}.job 2016-09-24 22:25 - 2016-10-12 08:07 - 00019082 _____ C:\Users\Axlykajill04\AppData\Roaming\Bufebalusa 2016-09-24 22:25 - 2016-10-12 08:07 - 00002654 _____ C:\WINDOWS\System32\Tasks\{41EBE507-AFEF-6C62-D2DB-32F7BE0E4294} 2016-09-20 18:35 - 2016-09-20 18:36 - 00281664 _____ C:\WINDOWS\Minidump\092016-58703-01.dmp 2016-09-14 00:07 - 2016-09-14 00:07 - 00281664 _____ C:\WINDOWS\Minidump\091416-44140-01.dmp 2016-09-13 19:11 - 2016-09-13 19:11 - 00281664 _____ C:\WINDOWS\Minidump\091316-42078-01.dmp 2016-09-13 18:34 - 2016-09-13 18:34 - 00281608 _____ C:\WINDOWS\Minidump\091316-43671-01.dmp 2016-09-13 18:17 - 2016-09-13 18:17 - 00086016 _____ (Adobe Systems, Incorporated) C:\Users\Axlykajill04\AppData\Roaming\OpenCandy.dll 2016-09-12 15:14 - 2016-09-12 15:34 - 25842673 _____ C:\Users\Axlykajill04\Downloads\paperscanfree.zip 2016-09-12 15:03 - 2016-09-12 15:03 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-09-12 14:41 - 2016-09-12 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2016-09-12 14:33 - 2007-12-07 02:08 - 00108032 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBZP.DLL 2016-09-12 14:33 - 2007-12-07 02:01 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_IBCBBZP.DLL 2016-09-12 14:33 - 2005-02-02 12:05 - 00008704 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-12 15:38 - 2016-02-28 17:42 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\uTorrent 2016-10-12 15:23 - 2016-08-03 10:25 - 00000316 _____ C:\WINDOWS\Tasks\{544942CE-FCB9-C6F2-1111-40E260E4631C}.job 2016-10-12 15:22 - 2016-04-07 17:11 - 00000312 _____ C:\WINDOWS\Tasks\{0F4C76BB-9725-2605-06C7-39CFE411FE67}.job 2016-10-12 15:17 - 2016-02-10 20:20 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-12 14:59 - 2015-07-06 14:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-10-12 13:22 - 2015-06-15 21:11 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1995861311-3636309898-3167673773-1001 2016-10-12 13:17 - 2016-02-10 20:20 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-12 13:16 - 2014-11-21 12:44 - 00005392 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-10-12 13:12 - 2015-06-17 21:01 - 00000000 ____D C:\Users\Axlykajill04 2016-10-12 13:11 - 2015-06-19 15:27 - 00000000 ____D C:\WINDOWS\Minidump 2016-10-12 13:11 - 2015-06-19 15:26 - 682396536 _____ C:\WINDOWS\MEMORY.DMP 2016-10-12 13:11 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-10-12 13:06 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\Inf 2016-10-12 12:57 - 2015-07-17 16:02 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4DA7CEE0-78AA-4D33-BECE-29DC4CB866A5} 2016-10-12 12:56 - 2015-06-11 02:22 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\Adobe 2016-10-12 08:07 - 2016-08-03 10:25 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\{58FB6E40-7DA9-0336-169F-24E4CA4DD9DA} 2016-10-12 08:06 - 2016-04-07 17:11 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-10-12 08:04 - 2016-04-07 18:11 - 00000266 _____ C:\Users\Axlykajill04\AppData\Roaming\WB.CFG 2016-10-11 21:59 - 2015-07-06 14:23 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-10-11 21:59 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-10-11 21:59 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-10-11 19:59 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-10-11 19:59 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-10-10 23:31 - 2015-06-11 01:32 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\Packages 2016-10-10 20:10 - 2016-08-07 14:28 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2016-10-10 20:10 - 2016-07-17 13:59 - 00001386 _____ C:\Users\Axlykajill04\Desktop\ROBLOX Player.lnk 2016-10-10 20:10 - 2016-07-17 13:50 - 00001201 _____ C:\Users\Axlykajill04\Desktop\ROBLOX Studio.lnk 2016-10-09 15:06 - 2015-06-17 20:50 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-10-09 14:51 - 2016-09-10 21:50 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\8e3e55b 2016-10-09 14:51 - 2016-09-04 16:24 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-10-09 14:51 - 2016-09-02 15:24 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\8064d 2016-10-09 14:51 - 2016-08-02 16:30 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\8e3e55 2016-10-09 14:51 - 2016-06-29 10:06 - 00001865 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-10-09 14:51 - 2016-01-22 20:46 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-10-09 14:51 - 2015-07-08 08:04 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-10-09 14:51 - 2015-07-06 16:53 - 00001189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk 2016-10-09 14:51 - 2015-06-17 21:30 - 00001433 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-09 14:51 - 2015-06-17 21:08 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-10-09 14:51 - 2015-06-17 21:01 - 00000445 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2016-10-09 14:51 - 2015-06-17 21:01 - 00000443 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2016-10-09 14:51 - 2015-06-11 16:53 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-09 14:51 - 2015-06-11 02:21 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk 2016-10-09 14:51 - 2015-06-11 02:21 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk 2016-10-09 14:51 - 2015-06-11 02:21 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 3D Reviewer.lnk 2016-10-09 14:51 - 2015-06-11 02:21 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk 2016-10-09 14:51 - 2013-09-03 07:43 - 00001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk 2016-10-09 14:51 - 2013-04-16 15:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2016-10-09 14:50 - 2016-09-04 17:29 - 00002152 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk 2016-10-09 14:50 - 2016-09-04 16:24 - 00001128 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-10-09 14:50 - 2016-08-07 17:20 - 00001191 _____ C:\Users\Public\Desktop\LG PC Suite.lnk 2016-10-09 14:50 - 2016-07-01 03:47 - 00000861 _____ C:\Users\Public\Desktop\PDF Architect 4.lnk 2016-10-09 14:50 - 2016-07-01 03:39 - 00000897 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2016-10-09 14:50 - 2016-06-09 16:05 - 00002035 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\More Great Games.lnk 2016-10-09 14:50 - 2016-05-28 13:46 - 00001984 _____ C:\Users\Public\Desktop\REACHit.lnk 2016-10-09 14:50 - 2016-03-26 13:36 - 00001617 _____ C:\Users\Public\Desktop\Mp42Mkvac3.lnk 2016-10-09 14:50 - 2016-03-02 02:34 - 00001462 _____ C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2016-10-09 14:50 - 2016-02-28 17:53 - 00000877 _____ C:\Users\Axlykajill04\Desktop\uTorrent.lnk 2016-10-09 14:50 - 2016-02-28 17:53 - 00000857 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-10-09 14:50 - 2016-02-26 09:02 - 00001659 _____ C:\Users\Axlykajill04\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk 2016-10-09 14:50 - 2016-01-23 17:23 - 00001822 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2016-10-09 14:50 - 2016-01-23 17:07 - 00001000 _____ C:\Users\Public\Desktop\iExplorer.lnk 2016-10-09 14:50 - 2016-01-22 20:49 - 00001770 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-10-09 14:50 - 2016-01-09 18:28 - 00001297 _____ C:\Users\Public\Desktop\Free YouTube Uploader.lnk 2016-10-09 14:50 - 2016-01-09 18:28 - 00001226 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2016-10-09 14:50 - 2016-01-09 13:16 - 00001083 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-10-09 14:50 - 2015-12-12 19:52 - 00001000 _____ C:\Users\Public\Desktop\Notepad++.lnk 2016-10-09 14:50 - 2015-12-04 17:18 - 00001258 _____ C:\Users\Public\Desktop\Bigasoft Total Video Converter.lnk 2016-10-09 14:50 - 2015-11-01 21:08 - 00001309 _____ C:\Users\Axlykajill04\Desktop\VLC.lnk 2016-10-09 14:50 - 2015-08-20 00:52 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk 2016-10-09 14:50 - 2015-07-26 13:22 - 00002023 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-10-09 14:50 - 2015-07-26 13:22 - 00002021 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-10-09 14:50 - 2015-07-26 13:22 - 00002011 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-10-09 14:50 - 2015-07-08 08:04 - 00001162 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2016-10-09 14:50 - 2015-07-06 13:50 - 00002004 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk 2016-10-09 14:50 - 2015-06-28 15:17 - 00001225 _____ C:\Users\Public\Desktop\SHAREit.lnk 2016-10-09 14:50 - 2015-06-11 19:14 - 00003102 _____ C:\Users\Axlykajill04\Desktop\WordPad.lnk 2016-10-09 14:50 - 2015-06-11 02:21 - 00002032 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk 2016-10-09 14:50 - 2015-06-11 02:13 - 00001137 _____ C:\Users\Public\Desktop\Jobber Computer Plus v3.4.lnk 2016-10-09 14:50 - 2015-06-11 02:03 - 00001977 _____ C:\Users\Public\Desktop\Tekla Structures 19.0.lnk 2016-10-09 14:50 - 2015-06-11 01:48 - 00001977 _____ C:\Users\Public\Desktop\Tekla Structures 17.0.lnk 2016-10-09 14:50 - 2013-09-03 08:42 - 00001300 _____ C:\Users\Public\Desktop\SugarSync Your Cloud.lnk 2016-10-09 14:50 - 2013-09-03 08:42 - 00001128 _____ C:\Users\Public\Desktop\Anibee.lnk 2016-10-09 14:50 - 2013-09-03 08:28 - 00002115 _____ C:\Users\Public\Desktop\Norton Online Backup ARA.lnk 2016-10-09 14:50 - 2013-04-16 15:36 - 00001062 _____ C:\Users\Public\Desktop\Desktop Assist.lnk 2016-10-09 14:49 - 2016-07-26 01:33 - 00002250 _____ C:\Users\Axlykajill04\Desktop\Google Chrome.lnk 2016-10-09 14:49 - 2016-06-29 10:06 - 00001859 _____ C:\Users\Axlykajill04\Desktop\Spotify.lnk 2016-10-09 14:49 - 2016-04-11 10:36 - 00001232 _____ C:\Users\Axlykajill04\Desktop\MediaHuman Audio Converter.lnk 2016-10-09 14:49 - 2015-11-17 21:51 - 00001094 _____ C:\Users\Axlykajill04\Desktop\DAEMON Pro.lnk 2016-10-09 14:49 - 2015-07-26 13:19 - 00001058 _____ C:\Users\Axlykajill04\Desktop\Photoscape.lnk 2016-10-09 14:46 - 2016-09-10 21:50 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\9029ed6 2016-10-09 14:46 - 2016-09-02 15:24 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\a621d 2016-10-09 14:46 - 2016-07-26 19:24 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\Ipjsoft 2016-10-09 14:46 - 2016-07-26 19:18 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\YjPack 2016-10-09 14:46 - 2016-07-26 01:32 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\BrowserMe 2016-10-09 14:46 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-10-09 14:41 - 2016-08-02 16:30 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\9029ed 2016-10-09 13:29 - 2016-01-09 13:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-10-09 13:17 - 2016-03-19 14:59 - 00000000 ____D C:\Users\Axlykajill04\Desktop\kung fu panda 3 2016-10-08 17:04 - 2015-12-04 16:02 - 00000000 ____D C:\Users\Axlykajill04\Documents\Bigasoft Total Video Converter 2016-10-08 15:25 - 2015-06-11 16:45 - 00000000 ____D C:\Program Files (x86)\Google 2016-10-08 00:07 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-10-04 15:35 - 2015-10-12 22:04 - 00000000 ____D C:\Users\Axlykajill04\AppData\Roaming\vlc 2016-10-04 15:15 - 2016-03-06 15:34 - 00000000 ____D C:\Users\Axlykajill04\AppData\Local\ElevatedDiagnostics 2016-10-04 00:23 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-09-17 14:33 - 2016-09-08 12:02 - 00000000 ____D C:\Users\Axlykajill04\Desktop\conrad 2016-09-17 12:37 - 2013-08-22 23:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-17 12:34 - 2016-02-17 09:51 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-09-12 14:41 - 2016-09-04 17:29 - 00000000 ____D C:\ProgramData\EPSON ==================== Files in the root of some directories ======= 2016-06-17 14:54 - 2016-06-17 14:54 - 0000703 _____ () C:\Users\Axlykajill04\AppData\Roaming\1.svg 2016-06-17 14:54 - 2016-06-17 14:54 - 0000361 _____ () C:\Users\Axlykajill04\AppData\Roaming\10.png 2016-06-17 14:54 - 2016-06-17 14:54 - 0000565 _____ () C:\Users\Axlykajill04\AppData\Roaming\11.png 2016-06-17 14:54 - 2016-06-17 14:54 - 0001272 _____ () C:\Users\Axlykajill04\AppData\Roaming\403-8.htm 2016-06-17 14:54 - 2016-06-17 14:54 - 0001120 _____ () C:\Users\Axlykajill04\AppData\Roaming\404-12.htm 2016-06-17 14:54 - 2016-06-17 14:54 - 0001293 _____ () C:\Users\Axlykajill04\AppData\Roaming\404-4.htm 2016-06-17 14:54 - 2016-06-17 14:54 - 0001112 _____ () C:\Users\Axlykajill04\AppData\Roaming\404-8.htm 2016-06-17 14:54 - 2016-06-17 14:54 - 0000672 _____ () C:\Users\Axlykajill04\AppData\Roaming\69-unifont.conf 2016-06-17 14:54 - 2016-06-17 14:54 - 0001280 _____ () C:\Users\Axlykajill04\AppData\Roaming\ade.extensions.xml 2016-08-30 12:59 - 2016-08-30 12:59 - 0033280 _____ () C:\Users\Axlykajill04\AppData\Roaming\Aero.dll 1987-03-27 16:00 - 1987-03-27 16:00 - 0004334 _____ () C:\Users\Axlykajill04\AppData\Roaming\Akaryote.ktp 2016-06-17 14:54 - 2016-06-17 14:54 - 0003703 _____ () C:\Users\Axlykajill04\AppData\Roaming\akilok_yellow.png 2016-06-17 14:54 - 2016-06-17 14:54 - 0003526 _____ () C:\Users\Axlykajill04\AppData\Roaming\Alienlabs.UpgradeService.dll.config 2016-06-17 14:54 - 2016-06-17 14:54 - 0000698 _____ () C:\Users\Axlykajill04\AppData\Roaming\annotations.xsl 2016-08-28 11:21 - 2016-08-28 11:21 - 0008354 _____ () C:\Users\Axlykajill04\AppData\Roaming\anr.y 2016-06-17 14:54 - 2016-06-17 14:54 - 0000000 _____ () C:\Users\Axlykajill04\AppData\Roaming\application.sif 2016-06-17 14:53 - 2016-06-17 14:53 - 0001080 _____ () C:\Users\Axlykajill04\AppData\Roaming\author.othername.in.middle.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0004036 _____ () C:\Users\Axlykajill04\AppData\Roaming\axf.xsl 2016-06-17 14:53 - 2016-06-17 14:53 - 0000137 _____ () C:\Users\Axlykajill04\AppData\Roaming\Barbados 2016-08-28 11:21 - 2016-08-28 11:21 - 0008066 _____ () C:\Users\Axlykajill04\AppData\Roaming\blqvedv.ts 2016-09-24 22:25 - 2016-10-12 08:07 - 0019082 _____ () C:\Users\Axlykajill04\AppData\Roaming\Bufebalusa 2001-03-02 16:00 - 2001-03-02 16:00 - 0049763 _____ () C:\Users\Axlykajill04\AppData\Roaming\Bustard.8 2016-06-17 14:53 - 2016-06-17 14:53 - 0000903 _____ () C:\Users\Axlykajill04\AppData\Roaming\chunk.section.depth.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0001164 _____ () C:\Users\Axlykajill04\AppData\Roaming\chunker.output.indent.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0001090 _____ () C:\Users\Axlykajill04\AppData\Roaming\CommonMessages_de.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0001266 _____ () C:\Users\Axlykajill04\AppData\Roaming\compact.list.item.spacing.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0001930 _____ () C:\Users\Axlykajill04\AppData\Roaming\compare-with-callbacks.js 2016-06-17 14:53 - 2016-06-17 14:53 - 0000524 _____ () C:\Users\Axlykajill04\AppData\Roaming\Cool Gray 7 bl 4.ADO 2016-06-17 14:53 - 2016-06-17 14:53 - 0000926 _____ () C:\Users\Axlykajill04\AppData\Roaming\crop.marks.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0000788 _____ () C:\Users\Axlykajill04\AppData\Roaming\ctl.fca 2016-08-30 21:07 - 2016-08-30 21:07 - 0011906 _____ () C:\Users\Axlykajill04\AppData\Roaming\cumbxuyn.fn 2016-06-17 14:53 - 2016-06-17 14:53 - 0001369 _____ () C:\Users\Axlykajill04\AppData\Roaming\Detail Plastic - Black.3PP 2016-06-17 14:53 - 2016-06-17 14:53 - 0004868 _____ () C:\Users\Axlykajill04\AppData\Roaming\doap.rdf 2014-11-29 22:40 - 2014-11-29 22:40 - 0029926 _____ () C:\Users\Axlykajill04\AppData\Roaming\drijnall.gsf 2016-08-28 11:21 - 2016-08-28 11:21 - 0011906 _____ () C:\Users\Axlykajill04\AppData\Roaming\duveambm.uri 2016-08-26 06:13 - 2016-08-26 06:13 - 0012193 _____ () C:\Users\Axlykajill04\AppData\Roaming\eiuxgxes.qrac 2016-08-30 21:07 - 2016-08-30 21:07 - 0005751 _____ () C:\Users\Axlykajill04\AppData\Roaming\emsodhx.qhy 2016-06-17 14:53 - 2016-06-17 14:53 - 0000089 _____ () C:\Users\Axlykajill04\AppData\Roaming\Enderbury 2016-06-17 14:53 - 2016-06-17 14:53 - 0003719 _____ () C:\Users\Axlykajill04\AppData\Roaming\engine_glow.jpg 2016-06-17 14:53 - 2016-06-17 14:53 - 0000924 _____ () C:\Users\Axlykajill04\AppData\Roaming\equation.properties.xml 2016-06-17 14:53 - 2016-06-17 14:53 - 0001389 _____ () C:\Users\Axlykajill04\AppData\Roaming\error.png 2016-08-28 11:21 - 2016-08-28 11:21 - 0008122 _____ () C:\Users\Axlykajill04\AppData\Roaming\euyhqof.tsxc 2016-06-17 14:53 - 2016-06-17 14:53 - 0001231 _____ () C:\Users\Axlykajill04\AppData\Roaming\f22.png 2016-08-30 21:07 - 2016-08-30 21:07 - 0007069 _____ () C:\Users\Axlykajill04\AppData\Roaming\fkkhso.rd 2016-06-17 14:53 - 2016-06-17 14:53 - 0002550 _____ () C:\Users\Axlykajill04\AppData\Roaming\flash.icon1.ico 2014-11-29 22:40 - 2014-11-29 22:40 - 0000766 _____ () C:\Users\Axlykajill04\AppData\Roaming\fod.cv 2016-06-17 14:53 - 2016-06-17 14:53 - 0001379 _____ () C:\Users\Axlykajill04\AppData\Roaming\getGeneratorSettings.jsx 2016-06-17 14:53 - 2016-06-17 14:53 - 0001106 _____ () C:\Users\Axlykajill04\AppData\Roaming\GIF 64 Dithered.irs 2016-08-19 18:23 - 2016-08-19 18:23 - 0004043 _____ () C:\Users\Axlykajill04\AppData\Roaming\godroon.dym 2016-06-17 14:52 - 2016-06-17 14:52 - 0000518 _____ () C:\Users\Axlykajill04\AppData\Roaming\goURL_lr_photoshop_no.csv 2016-08-28 11:21 - 2016-08-28 11:21 - 0008011 _____ () C:\Users\Axlykajill04\AppData\Roaming\guwe.mg 2016-08-30 21:07 - 2016-08-30 21:07 - 0007609 _____ () C:\Users\Axlykajill04\AppData\Roaming\h.c 2016-08-28 11:21 - 2016-08-28 11:21 - 0008578 _____ () C:\Users\Axlykajill04\AppData\Roaming\iqxib.allm 2016-08-30 21:07 - 2016-08-30 21:07 - 0005973 _____ () C:\Users\Axlykajill04\AppData\Roaming\jiew.qvkg 2014-11-29 22:40 - 2014-11-29 22:40 - 0002862 _____ () C:\Users\Axlykajill04\AppData\Roaming\jun.cbfs 2016-08-30 21:07 - 2016-08-30 21:07 - 0220680 _____ () C:\Users\Axlykajill04\AppData\Roaming\khpixwrc.qwb 2016-08-28 11:21 - 2016-08-28 11:21 - 0007695 _____ () C:\Users\Axlykajill04\AppData\Roaming\krvil.dd 2016-08-19 18:23 - 2016-08-19 18:23 - 0000250 _____ () C:\Users\Axlykajill04\AppData\Roaming\lifeguard.uea 2016-08-19 21:42 - 2016-08-19 21:42 - 0004293 _____ () C:\Users\Axlykajill04\AppData\Roaming\MaxillaPepo.nk8 2016-08-30 21:07 - 2016-08-30 21:07 - 0005973 _____ () C:\Users\Axlykajill04\AppData\Roaming\mwytnlly.b 2016-09-13 18:17 - 2016-09-13 18:17 - 0086016 _____ (Adobe Systems, Incorporated) C:\Users\Axlykajill04\AppData\Roaming\OpenCandy.dll 2016-08-22 05:19 - 2016-08-22 05:19 - 0049672 _____ () C:\Users\Axlykajill04\AppData\Roaming\opoweeai.drh 2016-08-30 21:07 - 2016-08-30 21:07 - 0006215 _____ () C:\Users\Axlykajill04\AppData\Roaming\p.adql 2016-08-26 06:13 - 2016-08-26 06:13 - 0049672 _____ () C:\Users\Axlykajill04\AppData\Roaming\qtgthgyk.ua 2016-08-30 21:07 - 2016-08-30 21:07 - 0005999 _____ () C:\Users\Axlykajill04\AppData\Roaming\r.wtim 2016-08-28 11:21 - 2016-08-28 11:21 - 0005300 _____ () C:\Users\Axlykajill04\AppData\Roaming\rmcarpp.ax 2016-08-22 05:19 - 2016-08-22 05:19 - 0009994 _____ () C:\Users\Axlykajill04\AppData\Roaming\rowgleru 2016-07-09 10:21 - 2016-07-09 10:21 - 3161619 _____ () C:\Users\Axlykajill04\AppData\Roaming\sb437.dat 2016-07-01 00:18 - 2016-07-01 00:18 - 2049556 _____ () C:\Users\Axlykajill04\AppData\Roaming\sb640.dat 2015-06-28 16:04 - 2015-06-28 16:04 - 0000103 _____ () C:\Users\Axlykajill04\AppData\Roaming\settings.xml 2016-07-09 10:20 - 2016-07-09 10:20 - 0240640 _____ () C:\Users\Axlykajill04\AppData\Roaming\Setup37348.exe 1998-04-15 15:00 - 1998-04-15 15:00 - 0140261 _____ () C:\Users\Axlykajill04\AppData\Roaming\Suede.RHq 2016-08-28 11:21 - 2016-08-28 11:21 - 0049672 _____ () C:\Users\Axlykajill04\AppData\Roaming\thdyqikv.ac 2016-08-30 21:07 - 2016-08-30 21:07 - 0006856 _____ () C:\Users\Axlykajill04\AppData\Roaming\tw.olvc 2014-11-29 22:40 - 2014-11-29 22:40 - 0000326 _____ () C:\Users\Axlykajill04\AppData\Roaming\uesdiww.ikdu 2010-05-16 15:00 - 2010-05-16 15:00 - 0049795 _____ () C:\Users\Axlykajill04\AppData\Roaming\Washery.s 2016-08-28 11:21 - 2016-08-28 11:21 - 0005764 _____ () C:\Users\Axlykajill04\AppData\Roaming\waydmk.kjub 2016-04-07 18:11 - 2016-10-12 08:04 - 0000266 _____ () C:\Users\Axlykajill04\AppData\Roaming\WB.CFG 2016-08-28 11:21 - 2016-08-28 11:21 - 0008354 _____ () C:\Users\Axlykajill04\AppData\Roaming\wknwcda.hd 2016-08-28 11:21 - 2016-08-28 11:21 - 0005270 _____ () C:\Users\Axlykajill04\AppData\Roaming\xoked.onl 2016-08-30 21:07 - 2016-08-30 21:07 - 0006830 _____ () C:\Users\Axlykajill04\AppData\Roaming\xtubnduk.s 2014-11-29 22:40 - 2014-11-29 22:40 - 0007886 _____ () C:\Users\Axlykajill04\AppData\Roaming\yvpc.yf 2016-07-26 01:32 - 2016-07-26 01:32 - 0000480 ____H () C:\Users\Axlykajill04\AppData\Roaming\½ž’“Ó™œ‰ 2015-10-28 20:15 - 2015-10-28 20:15 - 0000853 _____ () C:\Users\Axlykajill04\AppData\Local\recently-used.xbel 2016-07-26 01:33 - 2016-07-26 01:33 - 0000008 ____H () C:\ProgramData\@000001.dat 2016-07-26 01:33 - 2016-07-26 01:33 - 0000920 ____H () C:\ProgramData\@system.temp 2016-07-26 01:32 - 2016-07-26 01:33 - 0000656 ____H () C:\ProgramData\@system3.att 2014-11-21 13:15 - 2014-11-21 13:15 - 80338944 ___SH () C:\ProgramData\msgia.exe 2016-04-17 16:06 - 2016-04-17 16:06 - 0000479 _____ () C:\ProgramData\TI80141900D (C) - Shortcut.lnk Files to move or delete: ==================== C:\ProgramData\@000001.dat C:\ProgramData\msgia.exe C:\Windows\Tasks\{0F4C76BB-9725-2605-06C7-39CFE411FE67}.job C:\Windows\Tasks\{41EBE507-AFEF-6C62-D2DB-32F7BE0E4294}.job C:\Windows\Tasks\{544942CE-FCB9-C6F2-1111-40E260E4631C}.job Some files in TEMP: ==================== C:\Users\Axlykajill04\AppData\Local\Temp\67D5458E9F53F6DB59.exe C:\Users\Axlykajill04\AppData\Local\Temp\cdo3432035841.dll C:\Users\Axlykajill04\AppData\Local\Temp\cdo498095765.dll C:\Users\Axlykajill04\AppData\Local\Temp\eauninstall.exe C:\Users\Axlykajill04\AppData\Local\Temp\HD-Logger-Native.dll C:\Users\Axlykajill04\AppData\Local\Temp\HD-ShortcutHandler.dll C:\Users\Axlykajill04\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\Axlykajill04\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-08 15:06 ==================== End of FRST.txt ============================