Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Adware infected on multiple browsers. [Solved]

Started by piefacedude , Apr 26 2016 04:20 AM

This topic is locked

#1
piefacedude

Posted 26 April 2016 - 04:20 AM

New Member

Member
4 posts

Aloha people!

So, my browsers (my main browser is firefox and is where the re-occuring problem is, but I have had the same problems on other browsers) are infected.
I have done some digging that yielded info on assorted viruses. When trying to remove said viruses by name, it works for about a day. Then, again and again, the adware re-appears.
I have found one source that gave me no results when I searched it, which was a CSS linked file to a page that I'm working on for school. Along with all the code I had written, a new link had appeared (https://softwaretren...c=ext-ff-nochan).
It had the names of various viruses I had been chasing over time (akamihd.net, liveadexchange.net), which leads me to believe that this is probably the root of my woes.

None of this is probably useful, but long story short... Help?

#2
Jr0x

Posted 26 April 2016 - 10:36 AM

Malware removal team

Malware Removal
1,830 posts

Hi piefacedude,

Welcome to :welcome:

. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
If there is anything you are unclear of, please ask before you start the fix.
Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
There may be delayed response to you as we may live in different timezone.
Inform me of anything that happens unexpectedly during the fix at any point of time.
As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Let's see what we have here first.

Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
piefacedude

Posted 27 April 2016 - 02:36 AM

New Member

Topic Starter
Member
4 posts

Here it is!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by HeartOfGold (administrator) on DESKTOP-R3I0MEV (27-04-2016 18:35:26)
Running from C:\Users\HeartOfGold\Downloads
Loaded Profiles: HeartOfGold & (Available Profiles: HeartOfGold)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Brio) C:\Program Files\FolderSize\FolderSize.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Spotify Ltd) C:\Users\HeartOfGold\AppData\Roaming\Spotify\Spotify.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Spotify Ltd) C:\Users\HeartOfGold\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\HeartOfGold\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\HeartOfGold\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\HeartOfGold\AppData\Roaming\Spotify\Spotify.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13381512 2016-04-25] (Zemana Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-17] (AVAST Software)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-01] (Valve Corporation)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [Spotify Web Helper] => C:\Users\HeartOfGold\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-12] (Brio)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [Spotify] => C:\Users\HeartOfGold\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-12] (Piriform Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\RunOnce: [Uninstall C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\RunOnce: [Uninstall C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-01] (Valve Corporation)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\HeartOfGold\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-12] (Brio)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\HeartOfGold\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-12] (Piriform Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-01] (Valve Corporation)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Spotify Web Helper] => C:\Users\HeartOfGold\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-12] (Brio)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Spotify] => C:\Users\HeartOfGold\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-12] (Piriform Ltd)
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-17] (AVAST Software)
Startup: C:\Users\HeartOfGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-08]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{8ddde32f-949b-43d8-874a-dc200f67cfd0}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HeartOfGold\AppData\Roaming\Mozilla\Firefox\Profiles\s10aun5a.default-1460825916799
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin HKU\S-1-5-21-3192328379-1914616829-1123331858-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HeartOfGold\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3192328379-1914616829-1123331858-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-03-27] ()
FF Plugin HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HeartOfGold\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-03-27] ()
FF Plugin HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HeartOfGold\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-03-27] ()
FF Extension: Firefox Helper2 - C:\Users\HeartOfGold\AppData\Roaming\Mozilla\Firefox\Profiles\s10aun5a.default-1460825916799\extensions\firefox@helper2 [2016-04-27] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-26]
CHR Extension: (Google Docs) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (Google Drive) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26]
CHR Extension: (YouTube) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26]
CHR Extension: (Google Sheets) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-26]
CHR Extension: (Avira Browser Safety) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-26]
CHR Extension: (Google Docs Offline) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\HeartOfGold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-17] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-04-17] (Avast Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1352736 2016-02-28] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-26] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [254904 2016-04-24] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [89368 2016-04-14] (Reason Software Company Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-12] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13381512 2016-04-25] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-17] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-16] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-04-17] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-02-24] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-18] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-04-17] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202656 2016-04-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202656 2016-04-26] (Zemana Ltd.)
S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 22:45 - 2016-04-26 22:45 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-04-26 22:45 - 2016-04-26 22:45 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-04-26 22:41 - 2016-04-27 17:16 - 00002488 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-26 22:41 - 2016-04-26 22:41 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-26 22:40 - 2016-04-26 22:40 - 00987728 _____ (Google Inc.) C:\Users\HeartOfGold\Downloads\ChromeSetup(1).exe
2016-04-26 22:33 - 2016-04-26 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-26 22:00 - 2016-04-26 22:00 - 03580480 _____ C:\Users\HeartOfGold\Downloads\adwcleaner_5.113.exe
2016-04-26 19:55 - 2016-04-26 19:55 - 02870984 _____ (ESET) C:\Users\HeartOfGold\Downloads\esetsmartinstaller_enu.exe
2016-04-26 19:55 - 2016-04-26 19:55 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-24 16:53 - 2016-04-24 16:53 - 00003650 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2016-04-24 16:53 - 2016-04-24 16:53 - 00003526 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2016-04-24 16:53 - 2016-04-24 16:53 - 00000959 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2016-04-24 16:53 - 2016-04-24 16:53 - 00000000 ____D C:\ProgramData\Reason
2016-04-24 16:53 - 2016-04-24 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-04-24 16:52 - 2016-04-24 16:52 - 03919376 _____ (Reason Software Company Inc.) C:\Users\HeartOfGold\Downloads\reason-core-security-setup.exe
2016-04-24 16:52 - 2016-04-24 16:52 - 00000000 ____D C:\Program Files\Reason
2016-04-23 17:07 - 2016-04-27 18:35 - 02001635 _____ C:\Windows\ZAM.krnl.trace
2016-04-23 17:07 - 2016-04-27 17:37 - 00017032 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-23 17:07 - 2016-04-26 22:33 - 00202656 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-04-23 17:07 - 2016-04-26 22:33 - 00202656 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-04-23 17:07 - 2016-04-26 22:33 - 00001156 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-04-23 17:07 - 2016-04-26 22:33 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-23 17:07 - 2016-04-23 17:07 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Zemana
2016-04-21 19:05 - 2016-04-23 17:07 - 05252032 _____ ( ) C:\Users\HeartOfGold\Downloads\Zemana.AntiMalware.Setup.exe
2016-04-18 23:36 - 2016-04-18 23:36 - 02102124 _____ C:\Users\HeartOfGold\Desktop\summary.nfo
2016-04-18 23:34 - 2016-04-18 23:34 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-18 23:32 - 2016-04-18 23:33 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-18 23:32 - 2016-04-18 23:32 - 00011390 _____ C:\Users\HeartOfGold\Downloads\MTB.txt
2016-04-18 23:30 - 2016-04-18 23:31 - 00891392 _____ (Farbar) C:\Users\HeartOfGold\Downloads\MiniToolBox.exe
2016-04-18 23:29 - 2016-04-18 23:32 - 19764296 _____ C:\Users\HeartOfGold\Downloads\RogueKiller.exe
2016-04-18 23:28 - 2016-04-18 23:28 - 00046142 _____ C:\Users\HeartOfGold\Downloads\Addition.txt
2016-04-18 23:27 - 2016-04-27 18:35 - 00031992 _____ C:\Users\HeartOfGold\Downloads\FRST.txt
2016-04-18 23:27 - 2016-04-27 18:35 - 00000000 ____D C:\FRST
2016-04-18 23:27 - 2016-04-18 23:27 - 02375680 _____ (Farbar) C:\Users\HeartOfGold\Downloads\FRST64.exe
2016-04-18 20:54 - 2016-04-18 20:54 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-04-18 20:54 - 2016-04-18 20:54 - 00000000 ____D C:\Windows\system32\vbox
2016-04-17 16:32 - 2016-04-17 16:32 - 00000000 _____ C:\Users\HeartOfGold\Desktop\New Text Document.txt
2016-04-17 07:11 - 2016-04-17 07:11 - 00161760 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-04-17 07:11 - 2016-04-17 07:11 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-17 07:11 - 2016-04-17 07:11 - 00003178 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460841111
2016-04-17 07:11 - 2016-04-17 07:11 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-17 03:31 - 2016-04-17 03:31 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\AVAST Software
2016-04-17 03:22 - 2016-04-25 07:21 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-17 03:22 - 2016-04-17 03:32 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-17 03:22 - 2016-04-17 03:22 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-17 03:22 - 2016-04-17 03:22 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-17 03:22 - 2016-04-17 03:22 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-17 03:21 - 2016-04-17 07:11 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-17 03:21 - 2016-04-17 07:11 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-17 03:21 - 2016-04-17 03:21 - 05168280 _____ (AVAST Software) C:\Users\HeartOfGold\Downloads\avast_free_antivirus_setup_online.exe
2016-04-17 02:58 - 2016-04-17 02:58 - 00000000 ____D C:\Users\HeartOfGold\Desktop\Old Firefox Data
2016-04-17 02:56 - 2016-04-17 02:56 - 00752296 _____ C:\Users\HeartOfGold\Downloads\Adware Removal Tool by TSA.exe
2016-04-17 02:56 - 2016-04-17 02:56 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-04-17 02:56 - 2016-04-17 02:56 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-04-17 02:46 - 2016-04-17 02:46 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-17 02:46 - 2016-04-17 02:46 - 00001231 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-17 02:46 - 2016-04-17 02:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-17 02:14 - 2016-04-17 02:14 - 01610352 _____ (Malwarebytes) C:\Users\HeartOfGold\Downloads\JRT (1).exe
2016-04-17 02:12 - 2016-04-17 02:13 - 22851472 _____ (Malwarebytes ) C:\Users\HeartOfGold\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-04-17 02:09 - 2016-04-17 02:09 - 06868672 _____ (Piriform Ltd) C:\Users\HeartOfGold\Downloads\ccsetup516.exe
2016-04-17 02:09 - 2016-04-17 02:09 - 00002882 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-17 02:09 - 2016-04-17 02:09 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-17 02:09 - 2016-04-17 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-17 02:09 - 2016-04-17 02:09 - 00000000 ____D C:\Program Files\CCleaner
2016-04-16 20:56 - 2016-04-16 20:56 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-04-16 20:51 - 2016-04-16 20:51 - 11441744 _____ (SurfRight B.V.) C:\Users\HeartOfGold\Downloads\hitmanpro_x64(1).exe
2016-04-16 20:51 - 2016-04-16 20:51 - 00001977 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-16 20:51 - 2016-04-16 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-16 17:41 - 2016-04-16 17:41 - 00000000 _____ C:\autoexec.bat
2016-04-16 17:40 - 2016-04-16 17:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\HeartOfGold\Downloads\SpyHunter-Installer.exe
2016-04-16 17:40 - 2016-04-16 17:40 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-16 17:26 - 2016-04-16 17:26 - 00000000 ____D C:\Users\HeartOfGold\Documents\sgool
2016-04-14 19:36 - 2016-04-14 19:36 - 00000668 _____ C:\Windows\system32\.crusader
2016-04-14 19:28 - 2016-04-16 20:51 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-14 19:28 - 2016-04-14 19:36 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-14 19:27 - 2016-04-27 16:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-14 19:27 - 2016-04-14 19:28 - 11441744 _____ (SurfRight B.V.) C:\Users\HeartOfGold\Downloads\hitmanpro_x64.exe
2016-04-14 19:27 - 2016-04-14 19:27 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-14 19:27 - 2016-04-14 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-14 19:27 - 2016-04-14 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-14 19:27 - 2016-04-14 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-14 19:27 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-14 19:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-14 19:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-14 19:26 - 2016-04-21 19:10 - 00000746 _____ C:\Users\HeartOfGold\Desktop\JRT.txt
2016-04-14 19:26 - 2016-04-14 19:27 - 22851472 _____ (Malwarebytes ) C:\Users\HeartOfGold\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-14 19:24 - 2016-04-14 19:24 - 01610352 _____ (Malwarebytes) C:\Users\HeartOfGold\Downloads\JRT.exe
2016-04-13 17:47 - 2016-04-02 14:13 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-04-13 17:47 - 2016-04-02 14:10 - 00770640 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-04-13 17:47 - 2016-04-02 14:10 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 17:47 - 2016-04-02 14:10 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-13 17:47 - 2016-04-02 13:30 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-04-13 17:47 - 2016-04-02 13:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-04-13 17:47 - 2016-04-02 13:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 17:47 - 2016-04-02 13:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-04-13 17:47 - 2016-04-02 13:25 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2016-04-13 17:47 - 2016-04-02 13:25 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2016-04-13 17:47 - 2016-04-02 13:23 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-04-13 17:47 - 2016-04-02 13:23 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-04-13 17:47 - 2016-04-02 13:21 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-04-13 17:47 - 2016-04-02 13:19 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-04-13 17:47 - 2016-04-02 13:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-04-13 17:47 - 2016-04-02 13:15 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-04-13 17:47 - 2016-04-02 13:14 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-04-13 17:47 - 2016-04-02 13:09 - 01832448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-04-13 17:47 - 2016-04-02 13:07 - 03575296 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 17:47 - 2016-04-02 13:07 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-04-13 17:47 - 2016-04-02 13:03 - 04774912 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-04-13 17:47 - 2016-04-02 13:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-04-13 17:47 - 2016-03-29 20:23 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-04-13 17:47 - 2016-03-29 20:22 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 17:47 - 2016-03-29 20:22 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-04-13 17:47 - 2016-03-29 20:20 - 07474016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 17:47 - 2016-03-29 20:20 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-04-13 17:47 - 2016-03-29 20:20 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 17:47 - 2016-03-29 20:20 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-04-13 17:47 - 2016-03-29 20:18 - 02152280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-13 17:47 - 2016-03-29 20:15 - 00100232 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-04-13 17:47 - 2016-03-29 20:11 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-04-13 17:47 - 2016-03-29 20:05 - 01152864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-13 17:47 - 2016-03-29 20:02 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-04-13 17:47 - 2016-03-29 20:02 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-04-13 17:47 - 2016-03-29 19:56 - 01297752 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-04-13 17:47 - 2016-03-29 19:37 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-04-13 17:47 - 2016-03-29 19:28 - 00696664 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-04-13 17:47 - 2016-03-29 19:28 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-04-13 17:47 - 2016-03-29 19:28 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-04-13 17:47 - 2016-03-29 19:25 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-04-13 17:47 - 2016-03-29 19:25 - 00058400 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-04-13 17:47 - 2016-03-29 19:19 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-04-13 17:47 - 2016-03-29 19:18 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-04-13 17:47 - 2016-03-29 19:17 - 00300104 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-04-13 17:47 - 2016-03-29 19:13 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-04-13 17:47 - 2016-03-29 19:11 - 00605440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-13 17:47 - 2016-03-29 19:11 - 00074424 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-04-13 17:47 - 2016-03-29 19:10 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-04-13 17:47 - 2016-03-29 19:09 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-04-13 17:47 - 2016-03-29 19:08 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 17:47 - 2016-03-29 19:08 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-04-13 17:47 - 2016-03-29 19:07 - 00081144 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-04-13 17:47 - 2016-03-29 18:44 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-04-13 17:47 - 2016-03-29 18:44 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-04-13 17:47 - 2016-03-29 18:41 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-04-13 17:47 - 2016-03-29 18:41 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-04-13 17:47 - 2016-03-29 18:32 - 00253088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-04-13 17:47 - 2016-03-29 18:26 - 02403680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-04-13 17:47 - 2016-03-29 18:26 - 01089888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-04-13 17:47 - 2016-03-29 18:26 - 00073872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-04-13 17:47 - 2016-03-29 18:25 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-04-13 17:47 - 2016-03-29 18:24 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 17:47 - 2016-03-29 18:23 - 00069744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-04-13 17:47 - 2016-03-29 18:21 - 00378208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-04-13 17:47 - 2016-03-29 18:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-04-13 17:47 - 2016-03-29 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-04-13 17:47 - 2016-03-29 18:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2016-04-13 17:47 - 2016-03-29 18:06 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-13 17:47 - 2016-03-29 18:02 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-13 17:47 - 2016-03-29 18:01 - 00541304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-04-13 17:47 - 2016-03-29 18:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2016-04-13 17:47 - 2016-03-29 17:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-04-13 17:47 - 2016-03-29 17:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-04-13 17:47 - 2016-03-29 17:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 17:47 - 2016-03-29 17:57 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-04-13 17:47 - 2016-03-29 17:57 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-04-13 17:47 - 2016-03-29 17:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2016-04-13 17:47 - 2016-03-29 17:51 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-04-13 17:47 - 2016-03-29 17:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-04-13 17:47 - 2016-03-29 17:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-04-13 17:47 - 2016-03-29 17:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-04-13 17:47 - 2016-03-29 17:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-04-13 17:47 - 2016-03-29 17:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-04-13 17:47 - 2016-03-29 17:48 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-04-13 17:47 - 2016-03-29 17:46 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-13 17:47 - 2016-03-29 17:46 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-04-13 17:47 - 2016-03-29 17:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2016-04-13 17:47 - 2016-03-29 17:42 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-04-13 17:47 - 2016-03-29 17:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-04-13 17:47 - 2016-03-29 17:38 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-04-13 17:47 - 2016-03-29 17:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-04-13 17:47 - 2016-03-29 17:36 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-04-13 17:47 - 2016-03-29 17:36 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-04-13 17:47 - 2016-03-29 17:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-04-13 17:47 - 2016-03-29 17:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-04-13 17:47 - 2016-03-29 17:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-04-13 17:47 - 2016-03-29 17:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-04-13 17:47 - 2016-03-29 17:34 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-04-13 17:47 - 2016-03-29 17:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-04-13 17:47 - 2016-03-29 17:30 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-04-13 17:47 - 2016-03-29 17:30 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 17:47 - 2016-03-29 17:28 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-04-13 17:47 - 2016-03-29 17:27 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-04-13 17:47 - 2016-03-29 17:26 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-04-13 17:47 - 2016-03-29 17:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-04-13 17:47 - 2016-03-29 17:23 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-04-13 17:47 - 2016-03-29 17:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-04-13 17:47 - 2016-03-29 17:22 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-04-13 17:47 - 2016-03-29 17:21 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 17:47 - 2016-03-29 17:20 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-04-13 17:47 - 2016-03-29 17:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-04-13 17:47 - 2016-03-29 17:20 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2016-04-13 17:47 - 2016-03-29 17:19 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-04-13 17:47 - 2016-03-29 17:19 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-13 17:47 - 2016-03-29 17:18 - 00676352 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-04-13 17:47 - 2016-03-29 17:17 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-04-13 17:47 - 2016-03-29 17:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 17:47 - 2016-03-29 17:17 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-04-13 17:47 - 2016-03-29 17:16 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-04-13 17:47 - 2016-03-29 17:16 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-13 17:47 - 2016-03-29 17:15 - 01714688 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-04-13 17:47 - 2016-03-29 17:15 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 17:47 - 2016-03-29 17:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-04-13 17:47 - 2016-03-29 17:14 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-04-13 17:47 - 2016-03-29 17:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-04-13 17:47 - 2016-03-29 17:12 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-04-13 17:47 - 2016-03-29 17:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-04-13 17:47 - 2016-03-29 17:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 17:47 - 2016-03-29 17:11 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-04-13 17:47 - 2016-03-29 17:11 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-04-13 17:47 - 2016-03-29 17:11 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-04-13 17:47 - 2016-03-29 17:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-04-13 17:47 - 2016-03-29 17:10 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-04-13 17:47 - 2016-03-29 17:10 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-04-13 17:47 - 2016-03-29 17:09 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-04-13 17:47 - 2016-03-29 17:08 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-04-13 17:47 - 2016-03-29 17:08 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-04-13 17:47 - 2016-03-29 17:07 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 17:47 - 2016-03-29 17:07 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-04-13 17:47 - 2016-03-29 17:06 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-04-13 17:47 - 2016-03-29 17:06 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-13 17:47 - 2016-03-29 17:05 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-04-13 17:47 - 2016-03-29 17:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2016-04-13 17:47 - 2016-03-29 17:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-04-13 17:47 - 2016-03-29 17:02 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-04-13 17:47 - 2016-03-29 17:02 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-04-13 17:47 - 2016-03-29 17:02 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-13 17:47 - 2016-03-29 17:00 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-04-13 17:47 - 2016-03-29 17:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-04-13 17:47 - 2016-03-29 16:59 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-04-13 17:47 - 2016-03-29 16:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-04-13 17:47 - 2016-03-29 16:56 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-04-13 17:47 - 2016-03-29 16:56 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-04-13 17:47 - 2016-03-29 16:55 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-04-13 17:47 - 2016-03-29 16:53 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-04-13 17:47 - 2016-03-29 16:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-04-13 17:47 - 2016-03-29 16:52 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-04-13 17:47 - 2016-03-29 16:49 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-04-13 17:47 - 2016-03-29 16:48 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-04-13 17:47 - 2016-03-29 16:44 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-04-13 17:47 - 2016-03-29 16:43 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AccountsRt.dll
2016-04-13 17:47 - 2016-03-29 16:42 - 03592704 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-04-13 17:47 - 2016-03-29 16:42 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-04-13 17:47 - 2016-03-29 16:42 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 17:47 - 2016-03-29 16:41 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-04-13 17:47 - 2016-03-29 16:40 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-04-13 17:47 - 2016-03-29 16:39 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-04-13 17:47 - 2016-03-29 16:39 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 17:47 - 2016-03-29 16:39 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-04-13 17:47 - 2016-03-29 16:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-04-13 17:47 - 2016-03-29 16:37 - 01444352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-04-13 17:47 - 2016-03-29 16:37 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-04-13 17:47 - 2016-03-29 16:37 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 17:47 - 2016-03-29 16:36 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-13 17:47 - 2016-03-29 16:36 - 00649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 17:47 - 2016-03-29 16:35 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-04-13 17:47 - 2016-03-29 16:34 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-04-13 17:47 - 2016-03-29 16:34 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 17:47 - 2016-03-29 16:34 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-04-13 17:47 - 2016-03-29 16:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-04-13 17:47 - 2016-03-29 16:31 - 02275328 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-13 17:47 - 2016-03-29 16:31 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-04-13 17:47 - 2016-03-29 16:31 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-04-13 17:47 - 2016-03-29 16:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-13 17:47 - 2016-03-29 16:30 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-04-13 17:47 - 2016-03-29 16:29 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-04-13 17:47 - 2016-03-29 16:29 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-04-13 17:47 - 2016-03-29 16:28 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-04-13 17:47 - 2016-03-29 16:28 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-04-13 17:47 - 2016-03-29 16:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-04-13 17:47 - 2016-03-29 16:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 17:47 - 2016-03-29 16:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-04-13 17:47 - 2016-03-29 16:26 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 17:47 - 2016-03-29 16:23 - 00777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 17:47 - 2016-03-29 16:22 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-04-13 17:47 - 2016-03-29 16:19 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-04-13 17:47 - 2016-03-29 16:17 - 00765952 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 17:47 - 2016-03-29 16:14 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-04-13 17:47 - 2016-03-29 16:13 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-04-13 17:47 - 2016-03-29 16:10 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-13 17:47 - 2016-03-29 16:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-04-13 17:47 - 2016-03-29 16:05 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-04-13 17:47 - 2016-03-29 16:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-04-13 17:47 - 2016-03-29 16:05 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 17:47 - 2016-03-29 16:05 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 17:47 - 2016-03-29 16:05 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-04-13 17:47 - 2016-03-29 16:05 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-04-13 17:47 - 2016-03-29 16:04 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 17:47 - 2016-03-29 16:04 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-04-13 17:47 - 2016-03-29 16:02 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 17:47 - 2016-03-29 16:01 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 17:47 - 2016-03-29 16:01 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-04-13 17:47 - 2016-03-29 15:58 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-04-13 17:47 - 2016-03-29 15:56 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-04-13 17:47 - 2016-03-29 15:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-04-13 17:47 - 2016-03-29 15:51 - 22378496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-04-13 17:47 - 2016-03-29 15:51 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-04-13 17:47 - 2016-03-29 15:49 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-04-13 17:47 - 2016-03-29 15:45 - 03078144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-04-13 17:47 - 2016-03-29 15:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2016-04-13 17:47 - 2016-03-29 15:43 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-04-13 17:47 - 2016-03-29 15:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 17:47 - 2016-03-29 15:41 - 24602112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 17:47 - 2016-03-29 15:41 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 17:47 - 2016-03-29 15:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 17:47 - 2016-03-29 15:38 - 18673664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-04-13 17:47 - 2016-03-29 15:38 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-04-13 17:47 - 2016-03-29 15:37 - 19340800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 17:47 - 2016-03-29 15:36 - 02722816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-04-13 17:47 - 2016-03-29 15:35 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-04-13 17:47 - 2016-03-29 15:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-04-13 17:47 - 2016-03-29 15:27 - 07836160 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-04-13 17:47 - 2016-03-29 15:27 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-04-13 17:47 - 2016-03-29 15:27 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-04-13 17:47 - 2016-03-29 15:26 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-04-13 17:47 - 2016-03-29 15:26 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-04-13 17:47 - 2016-03-29 15:25 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 17:47 - 2016-03-29 15:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-13 17:46 - 2016-04-02 13:08 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-04-13 17:46 - 2016-03-29 18:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-04-13 17:46 - 2016-03-29 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-04-13 17:46 - 2016-03-29 18:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-13 17:46 - 2016-03-29 18:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2016-04-13 17:46 - 2016-03-29 18:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2016-04-13 17:46 - 2016-03-29 18:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-04-13 17:46 - 2016-03-29 18:00 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-04-13 17:46 - 2016-03-29 17:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-04-13 17:46 - 2016-03-29 17:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 17:46 - 2016-03-29 17:55 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-04-13 17:46 - 2016-03-29 17:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-04-13 17:46 - 2016-03-29 17:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 17:46 - 2016-03-29 17:53 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-04-13 17:46 - 2016-03-29 17:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2016-04-13 17:46 - 2016-03-29 17:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-04-13 17:46 - 2016-03-29 17:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-04-13 17:46 - 2016-03-29 17:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-04-13 17:46 - 2016-03-29 17:34 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-13 17:46 - 2016-03-29 17:32 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-04-13 17:46 - 2016-03-29 17:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-04-13 17:46 - 2016-03-29 17:20 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 17:46 - 2016-03-29 17:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll
2016-04-13 17:46 - 2016-03-29 17:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-04-13 17:46 - 2016-03-29 17:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 17:46 - 2016-03-29 17:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-04-13 17:46 - 2016-03-29 17:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2016-04-13 17:46 - 2016-03-29 17:08 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 17:46 - 2016-03-29 17:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2016-04-13 17:46 - 2016-03-29 17:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 17:46 - 2016-03-29 17:00 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-04-13 17:46 - 2016-03-29 17:00 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 17:46 - 2016-03-29 16:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 17:46 - 2016-03-29 16:52 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2016-04-13 17:46 - 2016-03-29 16:34 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-04-13 17:46 - 2016-03-29 16:27 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-04-13 17:46 - 2016-03-29 16:27 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-04-13 17:46 - 2016-03-29 16:00 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-04-13 17:46 - 2016-03-29 15:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-04-13 17:27 - 2016-04-27 17:16 - 00003452 _____ C:\Windows\System32\Tasks\InternetSoft Software Uninstaller
2016-04-13 17:27 - 2016-04-13 17:27 - 00000000 ____D C:\Program Files (x86)\InternetSoft Software
2016-04-12 17:03 - 2016-04-13 16:15 - 00000590 _____ C:\Users\HeartOfGold\Downloads\fg.ini
2016-04-12 17:03 - 2016-04-12 17:03 - 00000516 _____ C:\Users\HeartOfGold\Downloads\dtwpc.dat
2016-04-12 17:02 - 2016-04-12 17:03 - 02758432 _____ (Dynamic Internet Technology, Inc.) C:\Users\HeartOfGold\Downloads\fg758p.exe
2016-04-11 18:58 - 2016-04-11 18:58 - 00008271 _____ C:\Users\HeartOfGold\Downloads\aldo_the_apache.zip
2016-04-11 18:58 - 2016-04-11 18:58 - 00000000 ____D C:\Users\HeartOfGold\Downloads\prisma
2016-04-11 18:58 - 2016-04-11 18:58 - 00000000 ____D C:\Users\HeartOfGold\Downloads\intensa_fuente
2016-04-11 18:58 - 2016-04-11 18:58 - 00000000 ____D C:\Users\HeartOfGold\Downloads\aldo_the_apache
2016-04-11 18:56 - 2016-04-11 18:56 - 00053617 _____ C:\Users\HeartOfGold\Downloads\prisma.zip
2016-04-11 11:08 - 2016-04-11 11:09 - 00987728 _____ (Google Inc.) C:\Users\HeartOfGold\Downloads\ChromeSetup.exe
2016-04-10 19:36 - 2016-04-10 19:38 - 71192564 _____ C:\Users\HeartOfGold\Downloads\MLG Sound Pack.zip
2016-04-09 11:47 - 2016-04-26 22:01 - 00000000 ____D C:\AdwCleaner
2016-04-07 16:13 - 2016-04-07 16:13 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\com.playsaurus.heroclicker
2016-04-05 15:11 - 2016-04-05 15:11 - 00015986 _____ C:\Users\HeartOfGold\Downloads\intensa_fuente.zip
2016-04-05 14:01 - 2016-04-05 14:01 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\PACE Anti-Piracy
2016-04-05 14:01 - 2016-04-05 14:01 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2016-04-05 13:48 - 2016-04-05 13:50 - 00000000 ____D C:\Users\HeartOfGold\Desktop\Adobe Premiere Pro CS6
2016-04-05 13:30 - 2016-04-05 13:48 - 01009120 _____ (Adobe Systems Incorporated) C:\Users\HeartOfGold\Downloads\PremierePro_6_LS7.exe
2016-04-05 10:51 - 2016-04-05 13:20 - 00001121 _____ C:\Users\HeartOfGold\Documents\starburn.txt
2016-04-05 10:51 - 2016-04-05 10:51 - 00000000 ____D C:\ProgramData\Wondershare
2016-04-05 10:50 - 2016-04-05 10:50 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-05 10:50 - 2016-04-05 10:50 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Wondershare
2016-04-05 10:49 - 2016-04-05 13:25 - 00000000 ____D C:\Users\HeartOfGold\Documents\Wondershare Filmora
2016-04-05 10:49 - 2016-04-05 10:49 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-04-05 10:41 - 2016-04-05 10:41 - 00966728 _____ C:\Users\HeartOfGold\Downloads\filmora_setup_full846.exe
2016-04-04 17:46 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-04-04 17:46 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-04-04 17:46 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-04-04 17:46 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-04-04 17:46 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-04-04 17:46 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-04-04 17:46 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-04-04 17:46 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-04-04 17:46 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-04-04 17:46 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-04-04 17:46 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-04-04 17:46 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-04-04 17:46 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-04-04 17:46 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-04-04 17:46 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-04-04 17:46 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-04-04 17:46 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-04-04 17:46 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-04-04 17:46 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-04-04 17:46 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-04-04 17:46 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-04-04 17:46 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-04-04 17:46 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-04-04 17:46 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-04-04 17:46 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-04-04 17:46 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-04-04 17:46 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-04-04 17:46 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-04-04 17:46 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-04-04 17:46 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-04-04 17:46 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-04-04 17:46 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-04-04 17:46 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-04-04 17:46 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-04-04 17:46 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-04-04 17:46 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-04-04 17:46 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-04-04 17:46 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-04-04 17:46 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-04-04 17:46 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-04-04 17:46 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-04-04 17:46 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-04-04 17:46 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-04-04 17:46 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-04-04 17:46 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-04-04 17:46 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-04-04 17:46 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-04-04 17:46 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-04-04 17:46 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-04-04 17:46 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-04-04 17:46 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-04-04 17:46 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-04-04 17:46 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-04-04 17:46 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-04-04 17:46 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-04-04 17:46 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-04-04 17:46 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-04-04 17:46 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-04-04 17:46 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-04-04 17:46 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-04-04 17:46 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-04-04 17:46 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-04-04 17:46 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-04-04 17:46 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-04-04 17:46 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-04-04 17:46 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-04-04 17:46 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-04-04 17:46 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-04-04 17:46 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-04-04 17:46 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-04-04 17:46 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-04-04 17:46 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-04-04 17:46 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-04-04 17:46 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-04-04 17:46 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-04-04 17:46 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-04-04 17:46 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-04-04 17:46 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-04-04 17:45 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-04-04 17:45 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-04-04 17:45 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-04-04 17:45 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-04-04 17:45 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-04-04 17:45 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-04-04 17:45 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-04-04 17:45 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-04-04 17:45 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-04-04 17:45 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-04-04 17:45 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-04-04 17:45 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-04-04 17:45 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-04-04 17:45 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-04-04 17:45 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-04-04 17:45 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-04-04 17:45 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-04-04 17:45 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-04-04 17:45 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-04-04 17:45 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-04-04 17:45 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-04-04 17:45 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-04-04 17:45 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-04-04 17:45 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-04-04 17:45 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-04-04 17:45 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-04-04 17:45 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-04-04 17:45 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-04-04 17:45 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-04-04 17:45 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-04-04 17:45 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-04-04 17:45 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-04-04 17:45 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-04-04 17:45 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-04-04 17:45 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-04-04 17:45 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-04-04 17:45 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-04-04 17:45 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-04-04 17:45 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-04-04 17:45 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-04-04 17:45 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-04-04 17:45 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-04-04 17:45 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-04-04 17:45 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-04-04 17:45 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-04-04 17:45 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-04-04 17:45 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-04-04 17:45 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-04-04 17:45 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-04-04 17:45 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-04-04 17:45 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-04-04 17:45 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-04-04 17:45 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-04-04 17:45 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-04-04 17:45 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-04-04 17:45 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-04-04 17:45 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-04-04 17:45 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-04-04 17:45 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-04-04 17:45 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-04-04 17:45 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-04-04 17:45 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-04-04 17:45 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-04-04 17:45 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-04-04 17:45 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-04-04 17:45 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-04-04 17:45 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-04-04 17:45 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-04-04 17:45 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-04-04 17:45 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-04-04 17:45 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-04-04 17:45 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-04-04 17:01 - 2016-04-04 20:25 - 00000197 _____ C:\Users\HeartOfGold\Desktop\Counter-Strike Global Offensive.url
2016-04-04 14:16 - 2016-04-04 14:16 - 02239373 _____ (EFD Software ) C:\Users\HeartOfGold\Downloads\hdtunepro_560_trial.exe
2016-04-03 11:07 - 2016-04-03 11:07 - 00000222 _____ C:\Users\HeartOfGold\Desktop\Clicker Heroes.url
2016-03-31 14:46 - 2016-03-31 14:46 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\Easy2Convert
2016-03-31 14:46 - 2016-03-31 14:46 - 00000000 ____D C:\Program Files (x86)\Easy2Convert Software
2016-03-31 14:45 - 2016-03-31 14:45 - 02431806 _____ C:\Users\HeartOfGold\Downloads\callouts-6-20-15.zip
2016-03-31 14:45 - 2016-03-31 14:45 - 00000000 ____D C:\Users\HeartOfGold\Downloads\callouts-6-20-15
2016-03-31 14:44 - 2016-03-31 14:46 - 02639919 _____ (Easy2Convert Software ) C:\Users\HeartOfGold\Downloads\jpg2dds.exe
2016-03-31 13:54 - 2016-03-31 14:06 - 00000000 ____D C:\Users\HeartOfGold\Desktop\G-Ma's Pics
2016-03-31 12:39 - 2016-03-31 12:39 - 00000222 _____ C:\Users\HeartOfGold\Desktop\Dirty Bomb.url
2016-03-29 09:38 - 2016-03-29 09:38 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-29 09:38 - 2016-03-29 09:38 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-29 09:38 - 2016-03-29 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-29 09:38 - 2016-03-29 09:38 - 00000000 ____D C:\Program Files\iTunes
2016-03-29 09:38 - 2016-03-29 09:38 - 00000000 ____D C:\Program Files\iPod
2016-03-29 09:38 - 2016-03-29 09:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-29 09:38 - 2016-03-29 09:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-29 09:36 - 2016-04-15 20:25 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Apple Computer
2016-03-29 09:36 - 2016-03-29 09:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-29 09:36 - 2016-03-29 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-03-29 09:36 - 2016-03-29 09:36 - 00000000 ____D C:\Program Files\Bonjour
2016-03-29 09:36 - 2016-03-29 09:36 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-28 18:34 - 2016-03-28 18:34 - 02658432 _____ (Kingston Technology Corporation) C:\Users\HeartOfGold\Downloads\CloudII_FW_Update_0005.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-27 18:23 - 2016-03-05 12:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-27 18:13 - 2016-03-05 14:51 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\Skype
2016-04-27 17:45 - 2016-03-17 16:14 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 16:34 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-27 16:34 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-27 13:55 - 2016-03-04 23:29 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D125C293-9676-4F2D-926A-5322046B32FD}
2016-04-27 07:51 - 2016-03-14 12:40 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\CrashDumps
2016-04-27 07:42 - 2016-03-07 19:17 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\Spotify
2016-04-27 07:37 - 2016-03-17 16:22 - 00000000 ___RD C:\Users\HeartOfGold\Google Drive
2016-04-27 07:37 - 2016-03-07 19:17 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Spotify
2016-04-27 07:36 - 2016-03-17 16:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-27 07:36 - 2016-03-04 23:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-27 02:00 - 2016-03-05 12:02 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Adobe
2016-04-26 22:54 - 2016-03-08 16:41 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\TS3Client
2016-04-26 22:52 - 2016-03-08 16:41 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-26 22:45 - 2016-03-17 16:14 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-26 22:45 - 2016-03-17 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-26 22:40 - 2016-03-17 16:14 - 00003998 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-26 22:40 - 2016-03-17 16:14 - 00003766 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-26 22:40 - 2016-03-17 16:14 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-26 22:35 - 2016-03-04 23:22 - 00000000 ____D C:\Users\HeartOfGold
2016-04-26 22:06 - 2016-03-04 23:26 - 00005388 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-26 22:02 - 2016-03-04 23:31 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-26 22:02 - 2016-03-04 23:20 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-26 22:01 - 2015-10-30 16:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-25 09:00 - 2016-03-05 14:51 - 00000000 ____D C:\ProgramData\Skype
2016-04-25 08:59 - 2016-03-05 14:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-24 22:42 - 2016-03-24 21:17 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\vlc
2016-04-23 16:37 - 2016-03-04 23:23 - 00002396 _____ C:\Users\HeartOfGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-23 16:37 - 2016-03-04 23:23 - 00000000 ___RD C:\Users\HeartOfGold\OneDrive
2016-04-21 23:16 - 2015-10-30 17:21 - 00000000 ____D C:\Windows\INF
2016-04-19 17:39 - 2016-03-16 18:18 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\ElevatedDiagnostics
2016-04-18 23:18 - 2016-03-19 10:00 - 00001218 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-18 23:18 - 2016-03-19 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-18 23:18 - 2016-03-05 12:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 02:46 - 2016-03-04 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-17 02:09 - 2016-03-05 10:16 - 00000000 ____D C:\Windows\Panther
2016-04-14 19:34 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-14 16:38 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\rescache
2016-04-14 15:57 - 2015-10-30 17:11 - 00000000 ____D C:\Windows\CbsTemp
2016-04-13 21:49 - 2016-03-04 23:18 - 04892584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 21:48 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-04-13 21:48 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-13 21:48 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\system32\en-GB
2016-04-13 21:48 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 21:48 - 2015-10-30 17:24 - 00000000 ____D C:\Windows\bcastdvr
2016-04-13 17:54 - 2016-03-05 09:27 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 17:52 - 2016-03-05 09:27 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 17:28 - 2016-03-04 23:22 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Packages
2016-04-13 17:14 - 2016-03-05 16:09 - 00000000 ____D C:\Users\HeartOfGold\Documents\Adobe
2016-04-13 17:14 - 2016-03-05 16:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-12 16:59 - 2016-03-04 23:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-11 12:08 - 2016-03-17 16:14 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\Google
2016-04-09 11:42 - 2016-03-16 17:49 - 00000000 ____D C:\ProgramData\Avg
2016-04-09 11:42 - 2016-03-16 17:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-09 11:42 - 2016-03-16 17:48 - 00000000 ____D C:\Users\HeartOfGold\AppData\Local\AvgSetupLog
2016-04-08 16:23 - 2016-03-05 12:02 - 00003816 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 04:32 - 2015-10-30 17:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 04:32 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 03:44 - 2016-03-27 12:59 - 00001142 _____ C:\Users\HeartOfGold\Desktop\nativelog.txt
2016-04-05 14:01 - 2016-03-05 16:02 - 00000000 ____D C:\Program Files\Adobe
2016-04-05 14:01 - 2016-03-04 23:22 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\Adobe
2016-04-05 14:01 - 2016-02-16 05:56 - 00000000 ___HD C:\Users\HeartOfGold\AppData\Local\OuByy1Yd4J4
2016-04-05 13:53 - 2016-03-05 16:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-04-05 13:52 - 2016-03-25 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-04-05 01:32 - 2016-03-05 15:53 - 00000000 ___RD C:\Users\HeartOfGold\Creative Cloud Files
2016-04-05 01:32 - 2016-03-05 15:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-04 17:01 - 2016-03-05 09:21 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-31 13:02 - 2016-03-05 09:21 - 00000000 ____D C:\Users\HeartOfGold\Documents\My Games
2016-03-29 14:30 - 2016-03-05 11:51 - 00000000 ____D C:\Users\HeartOfGold\Downloads\Vuze Leap
2016-03-29 10:39 - 2016-03-25 16:51 - 00000000 ____D C:\Users\HeartOfGold\AppData\Roaming\Apple Computer
2016-03-29 09:38 - 2016-03-25 08:58 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-29 09:38 - 2016-03-25 08:58 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-29 09:38 - 2016-03-25 08:58 - 00000000 ____D C:\ProgramData\Apple

==================== Files in the root of some directories =======

2016-03-16 17:58 - 2016-03-16 17:58 - 0000218 _____ () C:\Users\HeartOfGold\AppData\Local\recently-used.xbel
2016-03-19 09:50 - 2016-03-19 09:51 - 0001467 _____ () C:\ProgramData\1458344927.10692.bin
2016-03-19 09:49 - 2016-03-19 09:50 - 0004427 _____ () C:\ProgramData\1458344927.11988.bin

Some files in TEMP:
====================
C:\Users\HeartOfGold\AppData\Local\Temp\avgnt.exe
C:\Users\HeartOfGold\AppData\Local\Temp\libeay32.dll
C:\Users\HeartOfGold\AppData\Local\Temp\msvcr120.dll
C:\Users\HeartOfGold\AppData\Local\Temp\npp.6.9.1.Installer.exe
C:\Users\HeartOfGold\AppData\Local\Temp\sqlite3.dll
C:\Users\HeartOfGold\AppData\Local\Temp\xmlUpdater.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avc3.sys
C:\Windows\System32\Drivers\avchv.sys
C:\Windows\System32\Drivers\avckf.sys

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-27 07:46

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by HeartOfGold (2016-04-18 23:28:03)
Running from C:\Users\HeartOfGold\Downloads
Windows 10 Pro Version 1511 (X64) (2016-03-04 13:20:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3192328379-1914616829-1123331858-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3192328379-1914616829-1123331858-503 - Limited - Disabled)
Guest (S-1-5-21-3192328379-1914616829-1123331858-501 - Limited - Disabled)
HeartOfGold (S-1-5-21-3192328379-1914616829-1123331858-1001 - Administrator - Enabled) => C:\Users\HeartOfGold

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Encore CS6 Library (HKLM-x32\...\{07E80932-FFB1-402D-9198-18C58EBAF216}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dirty Bomb (HKLM\...\Steam App 333930) (Version: - Splash Damage®)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Krita Desktop (x64) 2.9.11.0 (HKLM\...\{AF6A4BDD-B912-42DD-972B-986DA81A429A}) (Version: 2.9.11.0 - Krita Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2589 - )
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Spotify (HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{083E9AF8-1900-4D7A-AB08-0B4BB98D2848}) (Version: 2.7.1512.1839 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3192328379-1914616829-1123331858-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E85C5DB85EC5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3192328379-1914616829-1123331858-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\HeartOfGold\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192328379-1914616829-1123331858-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A7BDCF4-BD12-477E-921F-F1C08056BA77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1366115A-A65E-4422-9BC7-E044150FB1A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-17] (AVAST Software)
Task: {1E7662BF-B2E4-4C0B-BA4B-2892ED3BE5A2} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {222E8F8E-0328-43C7-9300-32C4D2AA0B98} - System32\Tasks\Network Defrag Logon => C:\Users\HeartOfGold\AppData\Roaming\Network Defrag\Network Defrag.exe
Task: {456A0E6F-E9AE-450E-84B3-02AC7ECA7143} - \Upload Updater Worker -> No File <==== ATTENTION
Task: {7C77C328-095C-4F34-9606-6D4F9FC3A261} - System32\Tasks\InternetSoft Software Uninstaller => C:\Program Files (x86)\InternetSoft Software\ittask.exe [2016-04-13] () <==== ATTENTION
Task: {890E7608-A885-416E-BC11-18A13A3DC62F} - System32\Tasks\Network Defrag => C:\Users\HeartOfGold\AppData\Roaming\Network Defrag\Network Defrag.exe <==== ATTENTION
Task: {A34086F4-5D21-4DFE-85C7-3A01EEB9C164} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B2376C6B-B71E-44BE-AA34-F1AA08F9D9E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B48D3689-FF82-4FA3-92AE-581602A98F42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-12] (Piriform Ltd)
Task: {B6A459C6-F723-4446-A6BE-936DF6549AD9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {DB933F4E-19F5-4C1E-874F-ADAB7F2DE94F} - System32\Tasks\SafeZone scheduled Autoupdate 1460841111 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {FC2D7001-3FC3-4D7A-A880-93077E940250} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-03-04 23:31 - 2016-02-24 06:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 00031256 _____ () C:\Windows\System32\us008lm.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-14 10:22 - 2016-02-17 16:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-07 19:32 - 2016-02-17 16:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-14 10:22 - 2016-02-17 16:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-13 17:47 - 2016-03-29 20:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-03-07 18:47 - 2016-03-07 18:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-14 23:20 - 2016-01-12 03:30 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-03-27 01:49 - 2012-03-27 01:49 - 02298536 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CS6\ImageRenderer.dll
2012-03-27 01:49 - 2012-03-27 01:49 - 06184616 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CS6\Premiere.dll
2012-03-27 01:49 - 2012-03-27 01:49 - 09726120 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CS6\HandlerTitler.dll
2012-03-27 01:47 - 2012-03-27 01:47 - 00391848 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CS6\BravoInitializer.dll
2016-04-13 17:47 - 2016-03-29 20:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-22 12:55 - 2016-01-22 12:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-03-07 19:32 - 2016-02-17 17:01 - 00717184 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-03-07 19:32 - 2016-02-17 17:02 - 00862592 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-03-05 09:26 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 17:46 - 2016-04-02 13:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 17:47 - 2016-04-02 13:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 17:47 - 2016-04-02 12:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 17:47 - 2016-04-02 12:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 17:47 - 2016-04-02 13:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-17 03:22 - 2016-04-17 03:22 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-17 03:22 - 2016-04-17 03:22 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-18 20:53 - 2016-04-18 20:53 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041800\algo.dll
2016-04-17 03:22 - 2016-04-17 03:22 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-07 18:47 - 2016-03-07 18:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-03-07 18:47 - 2016-03-07 18:47 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-07 19:32 - 2016-02-17 17:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-03-27 01:51 - 2012-03-27 01:51 - 02042024 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CS6\32\ImageRenderer.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-03-09 15:26 - 2012-03-09 15:26 - 00100352 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 17:24 - 2015-10-30 17:21 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\HeartOfGold\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\HeartOfGold\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1750D969-5A0C-47E4-9FA2-8D13A2840E3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{68EFC4A2-37B6-44CF-B48F-A0B91B426720}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4F53C06-1BBD-4545-BAA6-877E8FC86D1E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{467A19E9-C8CE-4E8F-AFEF-103317D60E53}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C9B95964-E33B-4BFA-A6E8-C766E33F9419}] => (Allow) F:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B5DC63F1-C2A2-49EC-9BDF-118D3202264B}] => (Allow) F:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76DB99FD-0FF3-44C0-B009-0EC97C69E5E3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4271C99C-1DB7-455D-A36C-7A40096C635B}] => (Allow) F:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{90D0221E-7A12-4477-891D-DDA6367B79D4}] => (Allow) F:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{8F99DE3E-3306-48C7-87FB-5114C550CC63}] => (Allow) F:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{BB171510-B5B9-4C9C-8A0B-179B6838AE80}] => (Allow) F:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{5CDFF986-8ABD-40FC-97EF-9531EBF84BBF}] => (Allow) F:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{56B161AB-108C-4902-B170-2AF5A905C5D9}] => (Allow) F:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{4E3BF3B2-DACE-4682-8524-84B3AD8824BE}] => (Allow) F:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{03D777E3-254A-4693-945D-638C4808003F}] => (Allow) F:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{18203AE9-640F-413B-9E05-237F20153DEA}C:\users\heartofgold\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\heartofgold\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3D7CE259-31EF-4B09-B286-4345EA141C83}C:\users\heartofgold\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\heartofgold\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8CF10717-4726-49DB-B105-CD5993124797}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{737390FD-AB70-4266-9E5A-80F8C6468AA3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AF3A8255-647D-4AEB-B976-E47B3777AD19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A565D8A3-C218-4440-AF0C-51CE206A568E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0CF6320B-8CF1-4A3B-9DC8-B13A3EFD78B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{89DADC0F-4A58-4906-BBF4-DB4839BFB82E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2931875B-14FF-48C2-9F56-40B6023852E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AC9894A8-C467-4078-A05C-D80CF90E7DF1}] => (Allow) F:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{02F17161-E7EA-4F7E-9282-2ACC01B8853E}] => (Allow) F:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F112A458-2B47-448A-8D7C-7E010C9B5F5A}F:\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) F:\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [UDP Query User{24F3188C-8067-46FD-A740-8571507D36BD}F:\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) F:\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{9917AF96-03F2-477F-B017-F7A2619DEFD2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A126554E-BE60-43C3-AAF7-8D0E638914AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9ECBED38-C836-4938-A07D-939282167CD1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CBA396A6-5328-467B-80D3-684ACBD9C223}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DC2C179D-AA4D-443B-83CB-FA7E9E95F74C}] => (Allow) F:\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{2D7F6FCE-E958-432B-A67C-4D113F3D6C02}] => (Allow) F:\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{8909897C-AEED-4F9D-B216-49D4339B8006}] => (Allow) F:\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{DD46A6C1-DC38-40EA-8273-37422F926A29}] => (Allow) F:\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{8D20DB6B-AEE2-4481-AFC4-C186066CC20E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{AF6F78EA-70A4-4219-BA91-8ABB69A3B73D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{29EB23A3-CB59-4EC6-AE6A-0DF637C5EADF}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7A300004-D278-4A39-B320-06EBF81F0E3A}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{90086C62-F274-4E2A-BBD7-11A7911BBC14}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{426AC147-89A7-4667-92E5-9353AE5D458A}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{56CC1284-2F1A-43B0-BB8E-C64F4F6B3012}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7BCBC9B5-2233-404D-9A80-48A2DA3F320D}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A2D01558-9329-4FA8-8125-3FE30B60DD92}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D6A23DBC-3BA5-4215-BE11-ACA2861D9C5B}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9C242993-F01F-477D-A45C-575D6954EDD8}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C988861D-6768-4A2F-AEFF-E914CC64E171}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{010D47E0-6A11-4363-BFE3-F66DE3C5D857}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{4322D93E-A1C2-49F6-9281-FA22779103B7}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{9D13410F-6548-4173-AAC4-AE56525F0082}F:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe] => (Allow) F:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe
FirewallRules: [UDP Query User{40315BB1-FB83-40C6-A8DA-D2AB8B92F737}F:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe] => (Allow) F:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe
FirewallRules: [TCP Query User{4629751D-EFF0-4FB4-B2FE-A3C8A5C947F4}F:\steam\steamapps\common\dayz\dayz.exe] => (Block) F:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{AECA8C8A-D236-4A34-A635-B622EAA485A6}F:\steam\steamapps\common\dayz\dayz.exe] => (Block) F:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{69DE57D0-FEF7-42B8-8D36-10ACD1C28317}] => (Allow) F:\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{1851D941-09C2-4BCB-83E7-2EF4A017A993}] => (Allow) F:\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{1B018EBA-1FCA-4D46-B3F5-3BDCACE05866}] => (Allow) F:\Steam\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{F0324EE0-4AB1-45A8-A321-713DBE022081}] => (Allow) F:\Steam\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{879653F5-29DF-42D0-959C-771C63084C9B}] => (Allow) F:\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{9A4BA0D5-F28D-4912-A631-033B6F9DE37C}] => (Allow) F:\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{E032E505-CE3D-4D12-B5B4-22BA4BD99ACF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{5FA51CCA-7C9C-43A1-8FD0-E854629653D6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{18FE280D-04B4-4D03-92FD-835DBAD29191}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{7DAC5F91-1099-4C34-BEDB-A11CAF0262A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{83BC36BF-A57F-4AE1-BE7F-98C54FBDF8AF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{34F08428-165C-44AF-9E8A-130A25EC5647}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{B0100E13-4295-440E-BE5F-F0163FB33E68}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{E1982525-F8D1-4B49-9257-D0C95BD39508}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{39EE9AB6-1DB8-4CF0-B858-625133C703C7}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
FirewallRules: [{7BBA9CAD-0211-464B-B946-19BB76F98A46}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
FirewallRules: [{76D76906-94B7-439C-8F30-EC9A7473D893}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
FirewallRules: [{6B68669A-623E-485A-830B-B8D892B38466}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
FirewallRules: [TCP Query User{8CBC6CA9-DD92-48C8-9BA0-6F97ACF63F9F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{AC843211-0E2F-4886-9631-1AE337290709}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{67D34CFB-5D25-4E48-99CF-B22E3ECA9566}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AB836A10-5CAD-40AF-8E13-BAEBD8449D5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F7913F6-0A2B-4F81-B1A7-66D8543BAB71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{344A3F77-68F2-48ED-8C9F-C434701E552E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7AA92A2-BAD2-4FE4-AE61-3B73EE948FCA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8EEBDA37-6504-475D-8BEC-EB80B1C73A22}] => (Allow) F:\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{407B24C8-04C3-4037-8B69-2C0CAE7E716D}] => (Allow) F:\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [TCP Query User{CD2384C7-367F-4C5C-A8B7-888BA53DD71D}F:\steam\steamapps\downloading\730\csgo.exe] => (Allow) F:\steam\steamapps\downloading\730\csgo.exe
FirewallRules: [UDP Query User{F4B8E0B2-0A3E-4794-A31D-8412FA50824D}F:\steam\steamapps\downloading\730\csgo.exe] => (Allow) F:\steam\steamapps\downloading\730\csgo.exe
FirewallRules: [{98971408-87C7-4ABC-9C50-0ABD038AC34A}] => (Allow) G:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B1B58B12-746E-42F0-A3BC-75863BA82473}] => (Allow) G:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{769D0D1B-428C-49D5-8E9B-06A05E347D5C}] => (Allow) F:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{80FF9BE3-5B82-43DB-BCD7-9D74975DAF99}] => (Allow) F:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{7C80EC74-9B31-401B-B662-5274AD800C30}] => (Allow) C:\Users\HeartOfGold\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{CDB014EA-0024-4B0D-9470-266CEB0FBBF4}] => (Allow) C:\Users\HeartOfGold\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{D5E35CCF-1E30-4675-AD49-6F3D784E956C}] => (Allow) F:\Steam\steamapps\common\Chess\Chess.exe
FirewallRules: [{1ABD36B8-2045-4941-BF0C-8032E63A9B3F}] => (Allow) F:\Steam\steamapps\common\Chess\Chess.exe
FirewallRules: [TCP Query User{72FD8A5A-2A53-4F19-A6D5-887A3BC14638}C:\users\heartofgold\downloads\fg758p.exe] => (Allow) C:\users\heartofgold\downloads\fg758p.exe
FirewallRules: [UDP Query User{38D8DE3B-C2E2-498D-AF10-FB10668517C3}C:\users\heartofgold\downloads\fg758p.exe] => (Allow) C:\users\heartofgold\downloads\fg758p.exe
FirewallRules: [{186A1E83-65A7-40A0-BFB1-666327B5D77A}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{50C8C60A-2539-4028-97B8-8206F6794765}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B4F8A717-3638-4993-9871-04A48EDC6724}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7F96230-9AF3-4627-A59A-B45BFD2F6B0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C20682CA-234B-4377-BA2F-9CD863785FD6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{28782DAB-DA98-4F86-A0E5-D0CFE38503D2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Multimedia Video Controller
Description: Multimedia Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2016 11:23:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/18/2016 11:23:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/18/2016 11:18:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R3I0MEV)
Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/18/2016 08:57:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/18/2016 08:57:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/17/2016 07:15:02 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/17/2016 07:15:02 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/17/2016 07:10:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_StateRepository, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000005
Fault offset: 0x0000000000056e29
Faulting process ID: 0xb3c
Faulting application start time: 0xsvchost.exe_StateRepository0
Faulting application path: svchost.exe_StateRepository1
Faulting module path: svchost.exe_StateRepository2
Report ID: svchost.exe_StateRepository3
Faulting package full name: svchost.exe_StateRepository4
Faulting package-relative application ID: svchost.exe_StateRepository5

Error: (04/17/2016 03:33:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/17/2016 03:33:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (04/18/2016 11:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/18/2016 11:18:13 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-R3I0MEV)
Description: "C:\Windows\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider31Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProviderUnavailableUnavailable

Error: (04/18/2016 11:17:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:52:21 PM on ‎18/‎04/‎2016 was unexpected.

Error: (04/18/2016 08:54:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/17/2016 06:06:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/17/2016 06:02:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_d81eb service to connect.

Error: (04/17/2016 06:02:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_d81eb service to connect.

Error: (04/17/2016 06:02:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_d81eb service, but this action failed with the following error:
%%1056

Error: (04/17/2016 06:02:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_d81eb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/17/2016 06:02:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_d81eb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-04-14 19:25:13.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-13 21:49:26.762
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-26 00:29:32.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-25 15:46:39.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-19 17:28:01.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-17 17:07:38.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-15 19:58:53.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-15 18:51:40.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-14 23:42:56.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-14 09:08:13.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 77%
Total physical RAM: 8111.39 MB
Available physical RAM: 1835.38 MB
Total Virtual: 10799.39 MB
Available Virtual: 3641.19 MB

==================== Drives ================================

Drive c: (SSD MAXIMUS) (Fixed) (Total:111.01 GB) (Free:58.09 GB) NTFS
Drive d: (Tablet_CD) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Storage) (Fixed) (Total:1862.67 GB) (Free:151.91 GB) NTFS
Drive g: (Old PC) (Fixed) (Total:1397.26 GB) (Free:787.44 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: F15157BC)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 29248C60)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 54E1D9EF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Edited by piefacedude, 27 April 2016 - 02:37 AM.

#4
Jr0x

Posted 28 April 2016 - 09:02 AM

Malware removal team

Malware Removal
1,830 posts

Hi piefacedude,

Apologies for the delay response.

Move FRST to Desktop

I noticed that you did not run FRST from Desktop, instead from Downloads folder. Do note to move FRST from your Downloads (C:\Users\HeartOfGold\Downloads) folder to Desktop (C:\Users\HeartOfGold\Desktop).

Warning

I noticed that you have a couple of tools downloaded such as AdwCleaner, RogueKiller and so on. I suggest that you do not run these tools unsupervised as this may cause more harm than good to your machine.

Only run 1 Anti Virus program on your computer

The real-time protection of two antivirus programs may conflict with each other and cause the following:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

I noticed that you have both Avira and Avast! anti-virus installed and running on your machine. Choose one to retain so that I can provide you with the instruction for the removal of the anti-virus that you want to uninstall.

Turn on System Restore

It seems that your windows system restore is turned off. Are you aware of this or turned it off yourself?

If you have not turned this off please renable it by doing the following:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Under Protection Settings, click the disk, and then click Configure.
To be able to restore system settings and previous versions of files, click Restore system settings and previous versions of files.
Click OK, and then click OK again.

Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste.
Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
2016-04-13 17:27 - 2016-04-27 17:16 - 00003452 _____ C:\Windows\System32\Tasks\InternetSoft Software Uninstaller
2016-04-13 17:27 - 2016-04-13 17:27 - 00000000 ____D C:\Program Files (x86)\InternetSoft Software
CustomCLSID: HKU\S-1-5-21-3192328379-1914616829-1123331858-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E85C5DB85EC5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {222E8F8E-0328-43C7-9300-32C4D2AA0B98} - System32\Tasks\Network Defrag Logon => C:\Users\HeartOfGold\AppData\Roaming\Network Defrag\Network Defrag.exe
Task: {456A0E6F-E9AE-450E-84B3-02AC7ECA7143} - \Upload Updater Worker -> No File <==== ATTENTION
Task: {7C77C328-095C-4F34-9606-6D4F9FC3A261} - System32\Tasks\InternetSoft Software Uninstaller => C:\Program Files (x86)\InternetSoft Software\ittask.exe [2016-04-13] () <==== ATTENTION
Task: {890E7608-A885-416E-BC11-18A13A3DC62F} - System32\Tasks\Network Defrag => C:\Users\HeartOfGold\AppData\Roaming\Network Defrag\Network Defrag.exe <==== ATTENTION

C:\Users\HeartOfGold\AppData\Roaming\Network Defrag
C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys

Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.

Scan with AdwCleaner

*Note: Your current version of AdwCleaner is a older version, hence, please follow the instruction below to download the latest version to run.

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Do not click the Cleaning button.
Click the Logfile button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

In your next reply, please include the following:

Which anti-virus would you like to retain?
Any issue turning on System Restore?
FRST fixlog
AdwCleaner log

#5
piefacedude

Posted 01 May 2016 - 01:50 AM

New Member

Topic Starter
Member
4 posts

1. I would like to keep Avast! Antivirus.

2. No issue turning on system restore, I don't know why it was off.

3. FRST LOG:

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by HeartOfGold (2016-05-01 17:43:51) Run:1
Running from C:\Users\HeartOfGold\Desktop
Loaded Profiles: HeartOfGold (Available Profiles: HeartOfGold)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {f3131937-e213-11e5-8f83-806e6f6e6963} - "D:\Startup.exe"
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
2016-04-13 17:27 - 2016-04-27 17:16 - 00003452 _____ C:\Windows\System32\Tasks\InternetSoft Software Uninstaller
2016-04-13 17:27 - 2016-04-13 17:27 - 00000000 ____D C:\Program Files (x86)\InternetSoft Software
CustomCLSID: HKU\S-1-5-21-3192328379-1914616829-1123331858-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E85C5DB85EC5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {222E8F8E-0328-43C7-9300-32C4D2AA0B98} - System32\Tasks\Network Defrag Logon => C:\Users\HeartOfGold\AppData\Roaming\Network Defrag\Network Defrag.exe
Task: {456A0E6F-E9AE-450E-84B3-02AC7ECA7143} - \Upload Updater Worker -> No File <==== ATTENTION
Task: {7C77C328-095C-4F34-9606-6D4F9FC3A261} - System32\Tasks\InternetSoft Software Uninstaller => C:\Program Files (x86)\InternetSoft Software\ittask.exe [2016-04-13] () <==== ATTENTION
Task: {890E7608-A885-416E-BC11-18A13A3DC62F} - System32\Tasks\Network Defrag => C:\Users\HeartOfGold\AppData\Roaming\Network Defrag\Network Defrag.exe <==== ATTENTION

C:\Users\HeartOfGold\AppData\Roaming\Network Defrag
C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys

Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-3192328379-1914616829-1123331858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3131937-e213-11e5-8f83-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{f3131937-e213-11e5-8f83-806e6f6e6963} => key not found.
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found.
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKU\S-1-5-21-3192328379-1914616829-1123331858-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
BEDaisy => service removed successfully
C:\Windows\System32\Tasks\InternetSoft Software Uninstaller => moved successfully
C:\Program Files (x86)\InternetSoft Software => moved successfully
"HKU\S-1-5-21-3192328379-1914616829-1123331858-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E85C5DB85EC5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{222E8F8E-0328-43C7-9300-32C4D2AA0B98} => key not found.
C:\Windows\System32\Tasks\Network Defrag Logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Network Defrag Logon => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{456A0E6F-E9AE-450E-84B3-02AC7ECA7143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{456A0E6F-E9AE-450E-84B3-02AC7ECA7143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Upload Updater Worker" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C77C328-095C-4F34-9606-6D4F9FC3A261} => key not found.
C:\Windows\System32\Tasks\InternetSoft Software Uninstaller => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InternetSoft Software Uninstaller" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{890E7608-A885-416E-BC11-18A13A3DC62F} => key not found.
C:\Windows\System32\Tasks\Network Defrag => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Network Defrag => key not found.
"C:\Users\HeartOfGold\AppData\Roaming\Network Defrag" => not found.
"C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys" => not found.
EmptyTemp: => 13 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:44:23 ====

# AdwCleaner v5.114 - Logfile created 01/05/2016 at 17:47:54
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : HeartOfGold - DESKTOP-R3I0MEV
# Running from : C:\Users\HeartOfGold\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\HeartOfGold\AppData\Roaming\Mozilla\Firefox\Profiles\s10aun5a.default-1460825916799\extensions\firefox@helper2

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C10].txt - [2538 bytes] - [26/04/2016 22:01:41]
C:\AdwCleaner\AdwCleaner[C1].txt - [3035 bytes] - [09/04/2016 11:48:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1229 bytes] - [13/04/2016 17:24:04]
C:\AdwCleaner\AdwCleaner[C3].txt - [3090 bytes] - [13/04/2016 21:48:20]
C:\AdwCleaner\AdwCleaner[C4].txt - [1569 bytes] - [14/04/2016 19:20:53]
C:\AdwCleaner\AdwCleaner[C5].txt - [2488 bytes] - [15/04/2016 19:31:28]
C:\AdwCleaner\AdwCleaner[C6].txt - [2506 bytes] - [17/04/2016 03:06:40]
C:\AdwCleaner\AdwCleaner[C7].txt - [2096 bytes] - [21/04/2016 19:05:59]
C:\AdwCleaner\AdwCleaner[C8].txt - [2243 bytes] - [23/04/2016 17:08:27]
C:\AdwCleaner\AdwCleaner[C9].txt - [2390 bytes] - [24/04/2016 16:42:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [2076 bytes] - [23/04/2016 17:07:32]
C:\AdwCleaner\AdwCleaner[S11].txt - [2223 bytes] - [24/04/2016 16:41:36]
C:\AdwCleaner\AdwCleaner[S12].txt - [2370 bytes] - [26/04/2016 22:00:49]
C:\AdwCleaner\AdwCleaner[S13].txt - [1726 bytes] - [01/05/2016 17:47:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3473 bytes] - [09/04/2016 11:47:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [1048 bytes] - [13/04/2016 17:23:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [3332 bytes] - [13/04/2016 17:46:10]
C:\AdwCleaner\AdwCleaner[S4].txt - [3405 bytes] - [13/04/2016 21:47:46]
C:\AdwCleaner\AdwCleaner[S5].txt - [1401 bytes] - [14/04/2016 19:19:12]
C:\AdwCleaner\AdwCleaner[S6].txt - [1547 bytes] - [15/04/2016 19:28:04]
C:\AdwCleaner\AdwCleaner[S7].txt - [2198 bytes] - [15/04/2016 19:30:45]
C:\AdwCleaner\AdwCleaner[S8].txt - [2222 bytes] - [17/04/2016 03:06:11]
C:\AdwCleaner\AdwCleaner[S9].txt - [1928 bytes] - [21/04/2016 19:03:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [2457 bytes] ##########

#6
Jr0x

Posted 02 May 2016 - 12:21 AM

Malware removal team

Malware Removal
1,830 posts

Hi piefacedude,

Remove anti-virus programs

Please uninstall the following anti-virus programs:

Avira Antivirus
Avira Launcher

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:

Enter control panel in the search box beside Start Button, then tap or click Control Panel.
Under View by: select Large Icons, then tap or click Programs and features.
Tap or click the program, then tap or click Uninstall.
Follow the instructions on screen.

Repeat the above steps for all the other programs to remove.
Reboot the machine once all programs has been uninstalled.

Avira Registry Cleaner

Download the free Avira Registry Cleaner tool to your Desktop.

Double-click the downloaded avira_registry_cleaner_en.exe file
Accept the license terms
Select ALL Avira products
Click Remove

Reboot your machine once completed.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to finish.
Everything left checked will be deleted.
Now click the Cleaning button.
Once done it will ask to reboot, allow this.
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C11].txt

Re-scan with Malwarebytes Anti-Malware

Launch Malwarebytes from your Desktop
In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the big, green Scan Now button.
Wait for Malwarebytes Anti-Malware to finish the scan
If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
Click Export, then click Copy to Clipboard.
Paste (CTRL+V) the log into your next reply.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Enable detection of potentially unwanted applications is checked.
In the Advanced Settings dropdown menu:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Use custom proxy settings is unchecked.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

In your next reply, please include the following:

Any issue with the uninstallation of Avira anti-virus
AdwCleaner log
MalwareBytes log
ESET log
How is your machine running now?

#7
piefacedude

Posted 03 May 2016 - 12:26 AM

New Member

Topic Starter
Member
4 posts

1. No issues with uninstallations

# AdwCleaner v5.115 - Logfile created 02/05/2016 at 22:21:33
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : HeartOfGold - DESKTOP-R3I0MEV
# Running from : C:\Users\HeartOfGold\Downloads\adwcleaner_5.115.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\HeartOfGold\AppData\Roaming\Mozilla\Firefox\Profiles\s10aun5a.default-1460825916799\extensions\firefox@helper2

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C10].txt - [2538 bytes] - [26/04/2016 22:01:41]
C:\AdwCleaner\AdwCleaner[C11].txt - [948 bytes] - [02/05/2016 22:21:33]
C:\AdwCleaner\AdwCleaner[C1].txt - [3035 bytes] - [09/04/2016 11:48:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1229 bytes] - [13/04/2016 17:24:04]
C:\AdwCleaner\AdwCleaner[C3].txt - [3090 bytes] - [13/04/2016 21:48:20]
C:\AdwCleaner\AdwCleaner[C4].txt - [1569 bytes] - [14/04/2016 19:20:53]
C:\AdwCleaner\AdwCleaner[C5].txt - [2488 bytes] - [15/04/2016 19:31:28]
C:\AdwCleaner\AdwCleaner[C6].txt - [2506 bytes] - [17/04/2016 03:06:40]
C:\AdwCleaner\AdwCleaner[C7].txt - [2096 bytes] - [21/04/2016 19:05:59]
C:\AdwCleaner\AdwCleaner[C8].txt - [2243 bytes] - [23/04/2016 17:08:27]
C:\AdwCleaner\AdwCleaner[C9].txt - [2390 bytes] - [24/04/2016 16:42:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [2076 bytes] - [23/04/2016 17:07:32]
C:\AdwCleaner\AdwCleaner[S11].txt - [2223 bytes] - [24/04/2016 16:41:36]
C:\AdwCleaner\AdwCleaner[S12].txt - [2370 bytes] - [26/04/2016 22:00:49]
C:\AdwCleaner\AdwCleaner[S13].txt - [2537 bytes] - [01/05/2016 17:47:54]
C:\AdwCleaner\AdwCleaner[S14].txt - [2617 bytes] - [02/05/2016 22:20:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3473 bytes] - [09/04/2016 11:47:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [1048 bytes] - [13/04/2016 17:23:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [3332 bytes] - [13/04/2016 17:46:10]
C:\AdwCleaner\AdwCleaner[S4].txt - [3405 bytes] - [13/04/2016 21:47:46]
C:\AdwCleaner\AdwCleaner[S5].txt - [1401 bytes] - [14/04/2016 19:19:12]
C:\AdwCleaner\AdwCleaner[S6].txt - [1547 bytes] - [15/04/2016 19:28:04]
C:\AdwCleaner\AdwCleaner[S7].txt - [2198 bytes] - [15/04/2016 19:30:45]
C:\AdwCleaner\AdwCleaner[S8].txt - [2222 bytes] - [17/04/2016 03:06:11]
C:\AdwCleaner\AdwCleaner[S9].txt - [1928 bytes] - [21/04/2016 19:03:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C11].txt - [2705 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/05/2016
Scan Time: 10:24 PM
Logfile: deeo.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.02.02
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: HeartOfGold

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354491
Time Elapsed: 8 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3AA76DE-4BE5-4853-A873-B7375FB15061}, Quarantined, [e03acc0526737db9751fd2e8768e42be],

Registry Values: 1
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3AA76DE-4BE5-4853-A873-B7375FB15061}|Path, \InternetSoft Software Uninstaller, Quarantined, [e03acc0526737db9751fd2e8768e42be]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# end=init
# utc_time=2016-04-26 09:56:15
# local_time=2016-04-26 07:56:15 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29244
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# end=updated
# utc_time=2016-04-26 10:02:57
# local_time=2016-04-26 08:02:57 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# engine=29244
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-26 11:43:08
# local_time=2016-04-26 09:43:08 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=788 16777213 83 96 736751 847311 0 0
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 0 4715926 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1887046 15442740 0 0
# scanned=791713
# found=6
# cleaned=6
# scan_time=6010
sh=636AF59BEA742E4C6D173B58B6DF1D856B48ADA9 ft=1 fh=1a2ef36f8f08a478 vn="a variant of Win32/InstallCore.ACZ potentially unwanted application (cleaned by deleting)" ac=C fn="G:\downloads\cr_downloader_for_desmume.exe"
sh=5A80CC0C2FB645817DA0B18DF5444D634C31667A ft=1 fh=4607010b50fb560b vn="Win32/InstalleRex.L potentially unwanted application (cleaned by deleting)" ac=C fn="G:\ProgramData\InstallMate\{100F9C13-BBFF-4265-A08E-F3DDCBECBEE5}\Custom.dll"
sh=5A80CC0C2FB645817DA0B18DF5444D634C31667A ft=1 fh=4607010b50fb560b vn="Win32/InstalleRex.L potentially unwanted application (cleaned by deleting)" ac=C fn="G:\ProgramData\InstallMate\{65B0D83E-5BCE-496E-AB85-13ECBE53FAC8}\Custom.dll"
sh=495ADA4EE9CA2DC352A81211D32F1314E46F2D72 ft=1 fh=53d6f5fcee269c1b vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application (cleaned by deleting)" ac=C fn="G:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\556EPBPC\ism[1].exe"
sh=2A2FD5B25E29CEAB0D0DCD079AB97B50E87C27DA ft=1 fh=e7d1ed22d2bc6bdf vn="Win32/Toolbar.Conduit.AO potentially unwanted application (cleaned by deleting)" ac=C fn="G:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6ZFESEB\checktbexist[1].exe"
sh=3E37507BBD4C0287689634B2CDD77E59679681AF ft=1 fh=cbd9e88b633aff58 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application (cleaned by deleting)" ac=C fn="G:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCDZWBSE\mism[1].exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# end=init
# utc_time=2016-05-02 12:54:47
# local_time=2016-05-02 10:54:47 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29338
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# end=updated
# utc_time=2016-05-02 01:03:39
# local_time=2016-05-02 11:03:39 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# end=init
# utc_time=2016-05-02 03:18:11
# local_time=2016-05-03 01:18:11 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29341
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# end=updated
# utc_time=2016-05-02 03:18:46
# local_time=2016-05-03 01:18:46 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3bc9af87db514b48a41e89abd1c5e385
# engine=29341
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-02 04:46:50
# local_time=2016-05-03 02:46:50 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=788 16777213 83 96 1273373 1383933 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2427268 15979362 0 0
# scanned=782777
# found=0
# cleaned=0
# scan_time=5283

5. I left this for a few days to make sure it was gone, and as far as I can see, it has. If it returns, I will mention it.

#8
Jr0x

Posted 03 May 2016 - 07:48 AM

Malware removal team

Malware Removal
1,830 posts

Hi piefacedude,

OK! Well done. :thumbsup:

Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Uninstall ESET
Please uninstall the following unwanted programs:

Note: If any of the programs are not listed, proceed to the next one and work through the list.

ESET

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET
C:\Program Files (86)\ESET

2. Close Windows Explorer.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.

Right click the and click Run as Administrator.
Ensure ALL boxes are checked.
Click the Run button.
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Delete the following Files and Folders (If Present):

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates

Please go to Start Menu -> Control Panel
Under View by: select Large Icons, then tap or click Windows Update.
Click on Change Settings

[/b]
Select "Install updates automatically (recommended)" from the Important updates drop-down.
Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
Ensure that all of the other check boxes are checked.
Click OK.

Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

Then click Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:

Click CryptoPrevent
Under the Free Edition column, enter your name and email and click on Request Download Link button to request for a download link
Once received a link in your email (may need to check your Junk mail), download the tool to your Desktop
Open the program by clicking Run when prompted from your browser or by going to the Desktop where the file was saved and right-click and select Run as Administrator
Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
Click the Apply button to set Default protection.
You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.

#9
Naathim

Posted 08 May 2016 - 02:08 PM

GeekU Minion

Expert
4,568 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.