Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

some browser hijack loaded. need help removing it [Closed]


  • This topic is locked This topic is locked

#1
mechgeek419

mechgeek419

    Member

  • Member
  • PipPip
  • 13 posts

I have something that shows up on my home page that says I have a virus and need help removing it, because, I've used Malware bytes.

 

Help!

 

I am running Windows 10 64.bit.


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello mechgeek419 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll need a couple of logs to look at so please run Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

  • 0

#3
mechgeek419

mechgeek419

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here we go:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by kent (administrator) on KENTPC (31-05-2016 15:58:08)
Running from C:\Users\kent\Downloads
Loaded Profiles: kent & postgres (Available Profiles: kent & postgres)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\AssetCacheService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1602.3010.0_x64__8wekyb3d8bbwe\CompanionApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.20961.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Milan Digital Audio LLC) C:\Program Files\Hauptwerk Virtual Pipe Organ\Hauptwerk.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2016-02-18] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-19] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-03-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-03-24] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-12-02] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-05-24] ()
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Run: [Chromium] => "c:\users\kent\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-20] (SUPERAntiSpyware)
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\MountPoints2: {34a3c576-4dd5-11e5-8250-806e6f6e6963} - "I:\setup.exe"
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\MountPoints2: {c1d06aa9-d403-11e5-9c1e-ac9e174ea719} - "D:\Setup.exe"
HKU\S-1-5-21-3738634946-379025392-388106291-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2016-03-22]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{9f001b78-2f51-427e-bb99-38d8349d7361}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3738634946-379025392-388106291-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Users\kent\AppData\Roaming\Mozilla\Firefox\Profiles\op14r1cp.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: www.google.com
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll [2014-11-11] (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll [2014-11-11] (Musicnotes, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\kent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-31]
CHR Extension: (Avast SafePrice) - C:\Users\kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-31]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2016-02-18] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2016-02-18] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-08] (AVAST Software)
R2 AvidAssetCacheService; C:\Program Files\Avid\Cloud Client Services\AssetCacheService.exe [5122824 2015-11-20] (Avid Technology, Inc.)
R2 AvidAssetDeliveryService; C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe [7023880 2015-11-20] (Avid Technology, Inc.)
R2 AvidProjectSyncService; C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe [7020296 2015-11-20] (Avid Technology, Inc.)
R2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [6588168 2015-11-20] (Avid Technology, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2105352 2016-01-29] (Electronic Arts)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224 2016-02-18] ()
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-03-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe -s [X]
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe" [X]
S3 ehRecvr; %systemroot%\ehome\ehRecvr.exe [X]
S3 ehSched; %systemroot%\ehome\ehsched.exe [X]
S4 Mcx2Svc; %SystemRoot%\system32\Mcx2Svc.dll [X]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-02-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-08] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
U5 ipMIDI; C:\Windows\System32\Drivers\ipMIDI.sys [23040 2013-01-31] (nerds.de) [File not signed]
R3 NIWinCDEmu; C:\Windows\System32\drivers\NIWinCDEmu.sys [112408 2015-12-02] ()
R3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] ()
R3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
R3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-02] (Wondershare)
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [21184 2016-01-25] ()
S3 YMIDUSBW; C:\Windows\system32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 15:54 - 2016-05-31 15:54 - 00068045 _____ C:\Users\kent\Desktop\FRST.txt
2016-05-31 15:52 - 2016-05-31 15:52 - 02383872 _____ (Farbar) C:\Users\kent\Downloads\FRST64 (1).exe
2016-05-31 13:50 - 2016-05-31 13:50 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-31 13:50 - 2016-05-31 13:50 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-31 13:49 - 2016-05-31 14:59 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-31 13:49 - 2016-05-31 13:59 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-31 13:49 - 2016-05-31 13:54 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-31 13:49 - 2016-05-31 13:54 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-31 13:49 - 2016-05-31 13:49 - 00987728 _____ (Google Inc.) C:\Users\kent\Downloads\ChromeSetup.exe
2016-05-31 11:36 - 2016-05-31 11:36 - 00049638 _____ C:\Users\kent\Downloads\Addition.txt
2016-05-31 11:35 - 2016-05-31 15:58 - 00020301 _____ C:\Users\kent\Downloads\FRST.txt
2016-05-31 11:35 - 2016-05-31 15:58 - 00000000 ____D C:\FRST
2016-05-31 11:35 - 2016-05-31 11:35 - 02383872 _____ (Farbar) C:\Users\kent\Downloads\FRST64.exe
2016-05-31 10:33 - 2016-05-31 10:47 - 00295380 _____ C:\WINDOWS\ntbtlog.txt
2016-05-31 10:27 - 2016-05-31 10:27 - 00000000 ____D C:\Users\kent\AppData\Roaming\SUPERAntiSpyware.com
2016-05-31 10:26 - 2016-05-31 10:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-31 10:26 - 2016-05-31 10:26 - 26006208 _____ (SUPERAntiSpyware) C:\Users\kent\Downloads\SUPERAntiSpyware.exe
2016-05-31 10:26 - 2016-05-31 10:26 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-05-31 10:26 - 2016-05-31 10:26 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-05-31 10:26 - 2016-05-31 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-05-31 10:24 - 2016-05-31 10:24 - 00000000 ____D C:\ProgramData\Codemasters
2016-05-31 10:07 - 2016-05-31 10:07 - 00000222 _____ C:\Users\kent\Desktop\GRID 2 Demo.url
2016-05-30 15:32 - 2016-05-30 22:27 - 00000000 ____D C:\Users\kent\Documents\recording organ
2016-05-30 14:38 - 2016-05-31 09:52 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF79D211-5315-40C6-825A-969081CFEEB9}
2016-05-30 14:30 - 2016-05-30 14:30 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-30 13:03 - 2016-05-30 13:03 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-30 12:58 - 2016-05-30 13:02 - 22851472 _____ (Malwarebytes ) C:\Users\kent\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-30 12:58 - 2016-05-30 13:02 - 22851472 _____ (Malwarebytes ) C:\Users\kent\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-05-30 12:53 - 2016-05-30 12:53 - 00000000 ____D C:\Users\kent\Desktop\Ebook Series - Scifan - Brandon Sanderson - Mistborn Trilogy - (3 Ebooks)
2016-05-30 12:53 - 2016-05-30 12:53 - 00000000 ____D C:\Program Files (x86)\Setup Support for CurveLayer DH
2016-05-30 12:52 - 2016-05-30 14:45 - 00000000 ____D C:\Users\kent\AppData\Roaming\Capmaolm
2016-05-30 12:52 - 2016-05-30 14:45 - 00000000 ____D C:\Program Files\RilzUn
2016-05-30 12:52 - 2016-05-30 14:45 - 00000000 ____D C:\Program Files\Rilz
2016-05-30 12:52 - 2016-05-30 14:29 - 00000000 ____D C:\Users\kent\AppData\Roaming\FakmThmi
2016-05-30 12:52 - 2016-05-30 12:52 - 00000000 ____D C:\Users\kent\AppData\Local\Tempfolder
2016-05-30 12:51 - 2016-05-30 12:51 - 04397056 _____ C:\Users\kent\Downloads\Ebook.Series.-.Scifan.-.Brandon.Sanderson.-.Mistborn.Trilogy.-.3.Ebooks..iso
2016-05-29 21:44 - 2016-05-29 21:44 - 00000000 ____D C:\musicsoft downloader
2016-05-29 21:44 - 2016-05-29 21:44 - 00000000 ____D C:\DIR
2016-05-29 21:34 - 2016-05-29 21:34 - 00000000 ____D C:\Users\kent\Documents\jfxzciuljdCXnlxz
2016-05-29 21:03 - 2016-05-30 15:59 - 00000000 ____D C:\Users\kent\Documents\piano
2016-05-29 21:02 - 2016-05-29 21:02 - 00000000 ____D C:\Users\kent\Documents\testing piano
2016-05-28 13:01 - 2016-05-28 13:03 - 00000000 ____D C:\Program Files (x86)\Windows Media Center
2016-05-28 13:00 - 2016-05-28 13:00 - 56370237 _____ C:\Users\kent\Downloads\WindowsMediaCenter_10.0.10134.0v2.1.rar
2016-05-27 20:26 - 2016-05-27 20:27 - 90701824 _____ C:\Users\kent\Downloads\VMware-tools-windows-10.0.6-3560309.iso
2016-05-27 20:23 - 2016-05-27 20:25 - 98643144 _____ (PreSonus) C:\Users\kent\Downloads\PreSonus Studio One 3 Installer (x64).exe
2016-05-27 09:47 - 2016-05-31 15:42 - 00000000 ____D C:\Users\kent\AppData\Roaming\Bioshock2Steam
2016-05-27 09:47 - 2016-05-27 09:47 - 00000000 ____D C:\Users\kent\Documents\Bioshock2
2016-05-26 20:12 - 2016-05-26 20:12 - 00000220 _____ C:\Users\kent\Desktop\BioShock 2.url
2016-05-26 20:10 - 2016-05-26 20:10 - 01058032 _____ (Amazon Services LLC) C:\Users\kent\Downloads\Bioshock_2_Downloader.exe
2016-05-26 20:10 - 2016-05-26 20:10 - 00000000 ____D C:\Users\kent\Desktop\Bioshock 2 (Download)
2016-05-25 13:00 - 2016-05-30 15:59 - 00000000 ____D C:\Users\kent\Documents\organ
2016-05-25 12:57 - 2016-05-30 11:42 - 00000000 ____D C:\Users\kent\Documents\2BITs
2016-05-24 20:45 - 2016-05-24 20:45 - 03013389 _____ C:\Users\kent\Downloads\Dupré - Vêpres du commun des fêtes de la Sainte-Vierge, Op. 18 (organ).pdf
2016-05-24 16:38 - 2016-05-24 16:38 - 00002053 _____ C:\Users\kent\Desktop\hie to.mid
2016-05-24 16:33 - 2016-05-24 16:33 - 00000273 _____ C:\Users\kent\Desktop\hie.mid
2016-05-24 16:32 - 2016-05-24 16:32 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musician 3.lnk
2016-05-24 16:32 - 2016-05-24 16:32 - 00000000 ____D C:\Users\Public\Documents\Notation_3
2016-05-24 16:32 - 2016-05-24 16:32 - 00000000 ____D C:\Program Files (x86)\Notation_3
2016-05-24 16:30 - 2016-05-24 16:31 - 13344768 _____ C:\Users\kent\Downloads\Inst_NS_Musician_3_English_Trial.msi
2016-05-21 14:24 - 2016-05-21 14:24 - 00001290 _____ C:\Users\kent\Desktop\Hauptwerk user guide.lnk
2016-05-21 14:24 - 2016-05-21 14:24 - 00001075 _____ C:\Users\kent\Desktop\Hauptwerk (alt config 3).lnk
2016-05-21 14:24 - 2016-05-21 14:24 - 00001075 _____ C:\Users\kent\Desktop\Hauptwerk (alt config 2).lnk
2016-05-21 14:24 - 2016-05-21 14:24 - 00001075 _____ C:\Users\kent\Desktop\Hauptwerk (alt config 1).lnk
2016-05-21 14:24 - 2016-05-21 14:24 - 00001000 _____ C:\Users\kent\Desktop\Hauptwerk.lnk
2016-05-21 14:23 - 2016-05-21 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauptwerk Virtual Pipe Organ
2016-05-21 14:23 - 2016-05-21 14:23 - 00000000 ____D C:\Program Files\Hauptwerk Virtual Pipe Organ VST Link Plug-In
2016-05-21 14:23 - 2016-05-21 14:23 - 00000000 ____D C:\Program Files\Hauptwerk Virtual Pipe Organ
2016-05-21 14:22 - 2016-05-21 14:22 - 00000000 ____D C:\Program Files (x86)\HauptwerkJavaRuntime
2016-05-21 14:03 - 2016-05-21 14:21 - 2469460648 _____ C:\Users\kent\Downloads\InstallHauptwerk_v4.2.1.003.exe
2016-05-20 14:48 - 2016-05-20 11:16 - 34298517 ____N C:\Users\kent\Desktop\IMG_1777.MOV
2016-05-20 14:48 - 2016-05-20 11:15 - 29455476 ____N C:\Users\kent\Desktop\IMG_1776.MOV
2016-05-19 18:50 - 2016-05-19 17:43 - 158282046 _____ C:\Users\kent\Desktop\kent organ.MOV
2016-05-16 14:00 - 2016-05-16 14:00 - 00031996 _____ C:\Users\kent\Downloads\2001-01-1350-my-redeemer-lives-eng.pdf
2016-05-16 13:01 - 2016-05-16 13:02 - 20435776 _____ (Kakao) C:\Users\kent\Downloads\PotPlayerSetup64.exe
2016-05-15 16:55 - 2016-05-15 16:55 - 00031321 _____ C:\Users\kent\Desktop\come ye thankful people come.aup
2016-05-15 16:55 - 2016-05-15 16:55 - 00000000 ____D C:\Users\kent\Desktop\come ye thankful people come_data
2016-05-14 18:50 - 2016-05-30 22:27 - 00000000 ____D C:\Users\kent\AppData\Roaming\Tracktion 4
2016-05-14 18:50 - 2016-05-14 18:50 - 10127672 _____ (Tracktion Software Corp.) C:\Users\kent\Downloads\TracktionInstall_7_Windows_64Bit_latest.exe
2016-05-14 18:50 - 2016-05-14 18:50 - 00000889 _____ C:\Users\Public\Desktop\Tracktion 7 (x64).lnk
2016-05-14 18:50 - 2016-05-14 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracktion 7
2016-05-14 18:50 - 2016-05-14 18:50 - 00000000 ____D C:\Program Files\Tracktion 7
2016-05-10 18:46 - 2016-05-10 18:46 - 00433724 _____ C:\Users\kent\Downloads\NE-3290987aa8d045a2b6479c1eae472ea2 (1).pdf
2016-05-10 18:31 - 2016-05-10 18:31 - 00433724 _____ C:\Users\kent\Downloads\NE-3290987aa8d045a2b6479c1eae472ea2.pdf
2016-05-10 16:20 - 2016-05-10 16:20 - 00000000 ____D C:\Program Files (x86)\GUMACDA.tmp
2016-05-10 12:31 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 12:31 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 12:31 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 12:31 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 12:31 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 12:31 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 12:31 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 12:31 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 12:31 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 12:31 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 12:31 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 12:31 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 12:31 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 12:31 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 12:31 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 12:31 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 12:31 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 12:31 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 12:31 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 12:31 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 12:31 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 12:31 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 12:31 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 12:31 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 12:31 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 12:31 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 12:31 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 12:31 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 12:31 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 12:31 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 12:31 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 12:31 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 12:31 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 12:31 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 12:31 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 12:31 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 12:31 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 12:31 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 12:31 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 12:31 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 12:31 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 12:31 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 12:31 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 12:31 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 12:31 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 12:31 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 12:31 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 12:31 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 12:31 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 12:31 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 12:31 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 12:31 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 12:31 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 12:31 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 12:31 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 12:31 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 12:31 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 12:31 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 12:31 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 12:31 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 12:31 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 12:31 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 12:31 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 12:31 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 12:31 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 12:31 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 12:31 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 12:31 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 12:31 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 12:31 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 12:31 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 12:31 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 12:31 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 12:31 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 12:31 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 12:31 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 12:31 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 12:31 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 12:31 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 12:31 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 12:31 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 12:31 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 12:31 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 12:31 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 12:31 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 12:31 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 12:31 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 12:31 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 12:31 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 12:31 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 12:31 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 12:31 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 12:31 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 12:31 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 12:31 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 12:31 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 12:31 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 12:31 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 12:31 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 12:31 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 12:31 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 12:31 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 12:31 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 12:31 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 12:31 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 12:31 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 12:31 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 12:31 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 12:31 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 12:31 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 12:31 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 12:31 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 12:31 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 12:31 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 12:31 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 12:31 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 12:31 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 12:31 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 12:31 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 12:31 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 12:31 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 12:31 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 12:31 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 12:31 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 12:31 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 12:31 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 12:31 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 12:31 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 12:31 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 12:31 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 12:31 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 12:31 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 12:31 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 12:31 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 12:31 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 12:31 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 12:31 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 12:31 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 12:31 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 12:31 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 12:31 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 12:31 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 12:31 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 12:31 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 12:31 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 12:31 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 12:31 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 12:31 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 12:30 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 12:30 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 12:30 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 12:30 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 12:30 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 12:30 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 12:30 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 12:30 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 12:30 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 12:30 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 12:30 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 12:30 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 12:30 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 12:30 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 12:30 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 12:30 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 12:30 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 12:30 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 12:30 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 12:30 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 12:30 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 12:30 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 12:30 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 12:30 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 12:30 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 12:30 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 12:30 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 12:30 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 12:30 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 12:30 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 12:30 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 12:30 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 12:30 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 12:30 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 12:30 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 12:30 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 12:30 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 12:30 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 12:30 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 12:30 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 12:30 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 12:30 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 12:30 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 12:30 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 12:30 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 12:30 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 12:30 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 12:30 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 12:30 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 12:30 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 12:30 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 12:30 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 12:30 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 12:30 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 12:30 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 11:41 - 2016-05-10 11:41 - 00015396 _____ C:\Users\kent\Desktop\not sure.aup
2016-05-10 11:01 - 2016-05-10 11:01 - 12948928 _____ (AMD Inc.) C:\Users\kent\Downloads\radeon-crimson-16.3.2-minimalsetup_web.exe
2016-05-08 10:01 - 2016-05-08 10:01 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-05-08 10:01 - 2016-05-08 10:01 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-05-07 13:02 - 2016-05-26 19:18 - 00000000 ____D C:\Users\kent\AppData\Roaming\Bioshock
2016-05-07 13:02 - 2016-05-07 13:46 - 00000000 ____D C:\Users\kent\Documents\Bioshock
2016-05-07 12:33 - 2016-05-07 12:33 - 00000220 _____ C:\Users\kent\Desktop\BioShock.url
2016-05-07 12:32 - 2016-05-07 12:32 - 00000000 ____D C:\Users\kent\Desktop\Bioshock (Download)
2016-05-07 12:31 - 2016-05-07 12:32 - 01054064 _____ (Amazon Services LLC) C:\Users\kent\Downloads\Bioshock_Downloader.exe
2016-05-06 14:02 - 2016-05-06 14:02 - 00028844 _____ C:\Users\kent\Desktop\the spirit of god james kasen.aup
2016-05-06 13:34 - 2016-05-06 13:34 - 00024142 _____ C:\Users\kent\Desktop\star wars.aup
2016-05-05 11:51 - 2016-05-05 11:51 - 00000000 ____D C:\Users\kent\AppData\Local\Oblivion
2016-05-04 20:34 - 2016-05-31 10:07 - 00000000 ____D C:\Users\kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-04 17:03 - 2016-05-05 10:00 - 00000000 ____D C:\Users\kent\AppData\Local\PrivateTunnel
2016-05-04 17:03 - 2016-05-04 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies
2016-05-04 17:03 - 2016-05-04 17:03 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2016-05-04 16:59 - 2016-05-04 16:59 - 01841784 _____ C:\Users\kent\Downloads\openvpn-install-2.3.10-I604-x86_64.exe
2016-05-01 19:45 - 2016-05-01 19:45 - 07582376 _____ (Auslogics Labs Pty Ltd ) C:\Users\kent\Downloads\disk-defrag-setup.exe
2016-05-01 18:25 - 2016-05-01 18:25 - 00010128 _____ C:\Users\kent\Desktop\redeemer of israel.aup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 13:52 - 2015-10-11 17:04 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-31 13:50 - 2015-08-29 14:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-31 11:52 - 2016-02-15 13:18 - 00000000 ____D C:\Users\kent\AppData\Roaming\Celemony Software GmbH
2016-05-31 11:30 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-31 11:30 - 2015-08-29 15:53 - 00883368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-31 11:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-31 11:04 - 2015-11-29 05:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-31 11:04 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-05-31 10:33 - 2016-04-05 11:51 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-31 10:33 - 2015-11-29 04:58 - 00000000 ____D C:\Users\kent
2016-05-31 10:32 - 2015-11-29 04:58 - 00000000 ____D C:\Users\postgres
2016-05-31 10:24 - 2015-09-10 14:00 - 00000000 ____D C:\Users\kent\Documents\My Games
2016-05-31 09:54 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-30 21:01 - 2015-09-07 16:43 - 00000000 ____D C:\Users\kent\AppData\Roaming\Audacity
2016-05-30 20:39 - 2015-11-27 21:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-30 13:09 - 2015-09-24 13:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-30 13:03 - 2015-11-27 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-30 13:03 - 2015-11-27 21:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-30 12:53 - 2015-09-24 15:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-30 12:52 - 2016-03-22 13:38 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-05-30 12:52 - 2016-01-18 14:05 - 00001430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-30 12:52 - 2016-01-18 14:05 - 00001418 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-29 21:46 - 2015-08-28 17:48 - 00000000 ____D C:\Users\kent\AppData\Local\VirtualStore
2016-05-29 20:38 - 2015-12-19 13:04 - 00000000 ____D C:\Users\kent\AppData\Roaming\Skype
2016-05-27 20:45 - 2016-02-16 14:21 - 00000000 ____D C:\Users\kent\AppData\Local\VMware
2016-05-27 20:29 - 2016-04-23 11:59 - 00000000 ____D C:\Users\kent\AppData\Roaming\VMware
2016-05-27 11:17 - 2016-04-22 16:22 - 00000000 ____D C:\Users\kent\Documents\Pro Tools
2016-05-27 11:17 - 2016-04-21 12:38 - 00000000 ____D C:\Program Files (x86)\Avid
2016-05-27 11:17 - 2016-03-22 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2016-05-27 11:17 - 2015-09-24 14:55 - 00000000 ____D C:\Users\kent\AppData\Roaming\Avid
2016-05-27 11:17 - 2015-09-24 14:55 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-05-26 22:05 - 2015-11-29 04:52 - 04974496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-26 20:10 - 2015-09-05 14:52 - 00000000 ____D C:\Users\kent\Documents\Amazon Downloader Logs
2016-05-25 17:22 - 2016-04-01 20:37 - 00000000 ____D C:\Users\kent\AppData\Roaming\vlc
2016-05-21 14:23 - 2016-02-28 18:14 - 00000000 ____D C:\Hauptwerk
2016-05-21 10:27 - 2015-12-07 09:09 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-21 10:27 - 2015-12-07 09:09 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-19 14:51 - 2015-12-27 12:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-18 14:15 - 2016-02-29 15:28 - 00000000 ____D C:\Users\kent\AppData\Local\Amazon
2016-05-16 20:36 - 2015-10-31 12:14 - 00000000 ____D C:\Users\kent\AppData\Roaming\PreSonus
2016-05-14 11:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 20:57 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-12 11:47 - 2015-08-29 15:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 07:36 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 07:36 - 2015-10-30 02:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 07:36 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 07:36 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 07:36 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 07:36 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 14:57 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 14:57 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:55 - 2015-08-29 14:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 10:46 - 2015-08-29 14:30 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 11:45 - 2015-12-19 13:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-10 11:45 - 2015-12-19 13:04 - 00000000 ____D C:\ProgramData\Skype
2016-05-10 11:02 - 2015-11-29 04:55 - 00000000 ____D C:\Program Files\AMD
2016-05-10 11:01 - 2015-08-28 18:42 - 00000000 ____D C:\AMD
2016-05-08 10:01 - 2016-03-22 12:51 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-05-08 10:01 - 2015-09-23 16:43 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-05-07 19:49 - 2015-09-05 14:55 - 00000000 ____D C:\ProgramData\Origin
2016-05-03 10:10 - 2015-08-28 17:48 - 00000000 ____D C:\Users\kent\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-10-26 16:39 - 2015-12-05 16:16 - 0050512 _____ () C:\Program Files (x86)\autoruns.chm
2015-10-26 16:42 - 2015-12-05 16:16 - 0696984 _____ (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\Autoruns.exe
2015-10-26 16:44 - 2015-12-05 16:16 - 0609944 _____ (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\autorunsc.exe
2016-03-22 14:14 - 2016-03-22 14:14 - 0000604 ____H () C:\Program Files (x86)\Br1S
2015-10-26 16:33 - 2015-12-05 16:16 - 0007490 _____ () C:\Program Files (x86)\Eula.txt
2014-11-06 18:15 - 2015-11-02 14:46 - 464576272 _____ (MakeMusic) C:\Program Files (x86)\Install Finale 2014d.exe
2014-11-06 18:15 - 2015-10-31 15:32 - 0222158 _____ () C:\Program Files (x86)\Windows Finale Read Me.rtf
2015-10-08 14:15 - 2016-04-21 12:29 - 0475932 _____ () C:\Users\kent\AppData\Roaming\AvidApplicationManager_Install.log
2016-04-18 05:46 - 2016-04-18 05:46 - 0000046 _____ () C:\Users\kent\AppData\Roaming\Camdata.ini
2016-04-18 05:46 - 2016-04-18 05:46 - 0000408 _____ () C:\Users\kent\AppData\Roaming\CamLayout.ini
2016-04-18 05:46 - 2016-04-18 05:46 - 0000408 _____ () C:\Users\kent\AppData\Roaming\CamShapes.ini
2016-04-18 05:46 - 2016-04-18 05:46 - 0004536 _____ () C:\Users\kent\AppData\Roaming\CamStudio.cfg
2016-04-05 13:36 - 2016-04-05 13:48 - 0004244 _____ () C:\Users\kent\AppData\Roaming\GrandOrgueConfig
2016-04-05 13:46 - 2016-04-05 13:46 - 0004244 _____ () C:\Users\kent\AppData\Roaming\GrandOrgueConfig.last
2016-04-17 20:28 - 2016-04-17 20:28 - 0000096 _____ () C:\Users\kent\AppData\Roaming\version2.xml
2016-04-18 13:29 - 2016-04-20 10:29 - 0000097 _____ () C:\Users\kent\AppData\Roaming\WB.CFG
2015-10-23 14:33 - 2015-10-23 14:33 - 0004608 _____ () C:\Users\kent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 19:35 - 2015-09-25 19:35 - 0007605 _____ () C:\Users\kent\AppData\Local\Resmon.ResmonCfg
2016-02-17 14:05 - 2016-02-17 14:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\kent\jobq.dat


Some files in TEMP:
====================
C:\Users\kent\AppData\Local\Temp\GOGh7sLsG0.exe
C:\Users\kent\AppData\Local\Temp\T4oBHOp0Jt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-26 08:00

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by kent (2016-05-31 15:58:40)
Running from C:\Users\kent\Downloads
Windows 10 Pro Version 1511 (X64) (2015-11-29 10:15:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3738634946-379025392-388106291-500 - Administrator - Disabled)
D0E3C22555B3445FB503 (S-1-5-21-3738634946-379025392-388106291-1009 - Limited - Enabled)
DefaultAccount (S-1-5-21-3738634946-379025392-388106291-503 - Limited - Disabled)
Guest (S-1-5-21-3738634946-379025392-388106291-501 - Limited - Disabled)
kent (S-1-5-21-3738634946-379025392-388106291-1001 - Administrator - Enabled) => C:\Users\kent
postgres (S-1-5-21-3738634946-379025392-388106291-1006 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARIA Engine v1.8.4.6 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.6 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.)
Avid Cloud Client Services (HKLM\...\{1EDE8AD9-ABC3-46BC-B155-75BC06727FE4}) (Version: 1.3.0.4430 - Avid Technology, Inc.)
BioShock (HKLM\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version:  - 2K Marin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\CopyTrans Suite) (Version: 4.006 - WindSolutions)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
CurveLayer DH (HKLM-x32\...\Setup Support for CurveLayer DH) (Version: 1.0 - Sono Control Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1172 - Steinberg Media Technologies GmbH)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Finale 2014.5 (HKLM-x32\...\{6F5AA2F8-B5A9-4D9D-9208-EAD5E092EA79}) (Version: 2014.5.0.6359 - MakeMusic)
Garritan ARIA Player v1.846 (HKLM\...\__ARIA_1012___is1) (Version: v1.846 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.1 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GRID 2 Demo (HKLM\...\Steam App 248140) (Version:  - Codemasters Racing)
Hauptwerk (HKLM-x32\...\Hauptwerk) (Version: 4.2.1.3 - Milan Digital Audio)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iSkysoft DVD Creator(Build 3.8.0) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version:  - Wondershare Software)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
KeePass Password Safe 1.30 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.30 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Melodyne singletrack (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 2.01.0202 - Celemony Software GmbH)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{F56435AF-C284-4BAD-BEA5-1C5B7761A843}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
Musicnotes Player V1.40.3 and Viewer V1.20.0 (HKLM-x32\...\Musicnotes Player_is1) (Version: 1.40.3 - Musicnotes Inc.)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version: 1.5.0.1 - Native Instruments)
Native Instruments Komplete 8 Players (HKLM-x32\...\Native Instruments Komplete 8 Players) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
Native Instruments Reaktor Blocks Wired (HKLM-x32\...\Native Instruments Reaktor Blocks Wired) (Version: 1.0.0.3 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
notation musician 3 Trial (HKLM-x32\...\{C1F71A9F-1452-431D-AFAF-4C981403FB16}) (Version: 3.0.0 - Notation Software)
Notion 5 (32-bit) (HKLM\...\Notion 5-32) (Version:  - Notion Music, Inc.)
Notion 5 (64-bit) (HKLM\...\Notion 5-64) (Version:  - Notion Music, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{83E92696-D92D-4c7e-B094-0BE853B191FE}) (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.5.2.1034 - PACE Anti-Piracy, Inc.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlanetSide 2 (HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
PreSonus Studio One 3 x64 (HKLM\...\PreSonus Studio One 3) (Version: 3.2.0.36707 - PreSonus Audio Electronics)
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.6.0.4 - OpenVPN Technologies)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tracktion 7 (HKLM\...\Tracktion 7) (Version: 7.1.1.0 - Tracktion Software Corp.)
Uplay (HKLM-x32\...\Uplay) (Version: 7.5 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.0.0 - VMware, Inc)
VMware Player (Version: 7.0.0 - VMware, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
WD Backup (HKLM-x32\...\{d506fdf0-53bc-4782-8d47-737f9f7c5c22}) (Version: 1.3.5814.26411 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.3.5814.26411 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{163952d1-3ca7-4e98-a686-cc0c227c7447}) (Version: 1.2.0.85 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.2.0.85 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{b304f1ed-b08a-4d51-882b-fd651777d297}) (Version: 1.2.0.83 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.2.0.83 - Western Digital Technologies, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wise Registry Cleaner 9.13 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.13 - WiseCleaner.com, Inc.)
YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}) (Version:  - )
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3738634946-379025392-388106291-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2ED66D1B1A09}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3738634946-379025392-388106291-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\kent\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3738634946-379025392-388106291-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {194C7899-E461-47A3-9763-B36E714338B2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1C4395A8-AB64-4696-B174-117B147CEAB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-31] (Google Inc.)
Task: {2F699CDD-5D4B-4BC0-92A2-BEB77C0C9E76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-31] (Google Inc.)
Task: {3B913F57-EDA0-4A20-964F-53821EDE79CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {50149E08-4038-48DD-9103-756F1C76D138} - \AMD Updater -> No File <==== ATTENTION
Task: {5561923A-F9EE-43D2-AB60-A6D6D35914FE} - \{9F0D9B2B-99F7-4E87-97EA-5BD9C227FFE3} -> No File <==== ATTENTION
Task: {649CC664-67AD-448B-89F1-1800FF4F5CE9} - \{040E0A47-0F08-7E04-0E11-040B057D110F} -> No File <==== ATTENTION
Task: {93AD872A-2B1B-4402-A73C-A1BEC54260E9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A31B3F70-81FE-4AF5-AE18-F8BBE0CD17E6} - \SafeZone scheduled Autoupdate 1458671885 -> No File <==== ATTENTION
Task: {AD10DA37-8563-48F1-89A2-2F150C042413} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {AF57B1B5-796C-4A9D-962D-1B6270AE7B6E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-08] (AVAST Software)
Task: {B9ED7DB9-FA83-42F2-AF84-E4A3A6987072} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C165D980-5CAC-456C-AEE0-FE68C983EFD2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C28D8FB9-A0E7-4308-A45F-3367B9BE1C81} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C8D0D885-B2DD-4DBF-AC75-F721C0DC362E} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2016-03-25] (WiseCleaner.com)
Task: {CB5EB84C-86B3-4A03-BF47-0CEB62EA5BF0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E447124F-1DE8-487F-8CE2-04350E20B5EF} - \Optimize Start Menu Cache Files-S-1-5-21-3738634946-379025392-388106291-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1464630732&a=1024132&src=sh&uuid=c52b9b4c-2e2a-47d8-a574-5134e4f300c2"
ShortcutWithArgument: C:\Users\kent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1464630732&a=1024132&src=sh&uuid=c52b9b4c-2e2a-47d8-a574-5134e4f300c2"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://trustedsurf.com/?ssid=1464630732&a=1024132&src=sh&uuid=c52b9b4c-2e2a-47d8-a574-5134e4f300c2"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://trustedsurf.com/?ssid=1464630732&a=1024132&src=sh&uuid=c52b9b4c-2e2a-47d8-a574-5134e4f300c2"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://trustedsurf.com/?ssid=1464630732&a=1024132&src=sh&uuid=c52b9b4c-2e2a-47d8-a574-5134e4f300c2"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-05-15 18:26 - 2015-05-15 18:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-18 11:04 - 2016-02-18 11:03 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2016-02-18 16:22 - 2016-02-18 16:22 - 01493224 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2016-02-18 11:04 - 2016-02-18 11:04 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-08-21 22:09 - 2015-08-21 22:09 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-09-17 14:37 - 2013-04-01 22:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2015-09-17 14:38 - 2012-08-14 08:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2016-04-12 13:14 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 13:14 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-14 11:46 - 2016-01-22 14:55 - 00553136 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-04-19 10:21 - 2016-04-19 10:21 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 11:46 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 12:30 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-02-15 11:46 - 2012-05-24 14:47 - 07591424 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2015-10-14 12:28 - 2015-10-14 12:28 - 00098304 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\PXF\PXFPlugin.acf
2015-10-14 12:29 - 2015-10-14 12:29 - 00352520 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\PXF\MOG_Framework_2.2.11.dll
2016-03-29 11:46 - 2016-03-29 11:46 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 11:46 - 2016-03-29 11:46 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 11:43 - 2016-03-03 11:43 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-05-10 12:30 - 2016-04-22 23:24 - 00064512 _____ () C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll
2016-02-05 06:25 - 2016-02-05 06:25 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1602.3010.0_x64__8wekyb3d8bbwe\CompanionApp.exe
2016-02-05 06:25 - 2016-02-05 06:25 - 05766656 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1602.3010.0_x64__8wekyb3d8bbwe\CompanionApp.dll
2016-02-05 06:25 - 2016-02-05 06:25 - 00628736 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1602.3010.0_x64__8wekyb3d8bbwe\CompanionAppDeviceManager.dll
2015-12-15 10:14 - 2015-12-15 10:14 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1602.3010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-02-15 11:46 - 2012-05-22 13:07 - 00208384 _____ () c:\program files\presonus\audiobox\paeusbaudioasio_x64.dll
2016-05-10 12:31 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 12:31 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 12:31 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 12:31 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-08 10:01 - 2016-05-08 10:01 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-08 10:01 - 2016-05-08 10:01 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-31 09:51 - 2016-05-31 09:51 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16053100\algo.dll
2016-05-08 10:01 - 2016-05-08 10:01 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-08 10:01 - 2016-05-08 10:01 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-31 13:52 - 2016-05-31 13:52 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16053101\algo.dll
2016-02-18 11:04 - 2016-05-31 11:05 - 00033792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-02-18 11:04 - 2016-02-18 11:03 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-11-20 18:44 - 2014-11-20 18:44 - 01299136 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-04-19 10:21 - 2016-04-19 10:21 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:21 - 2016-04-19 10:21 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-15 11:46 - 2012-05-22 13:07 - 00176128 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2016-03-22 12:51 - 2016-03-22 12:51 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-10 20:34 - 2014-04-04 11:29 - 00371712 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-04-10 20:34 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-10-11 17:49 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-11 17:49 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-11 17:49 - 2016-04-29 19:10 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-11 17:49 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-11 17:49 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-11 17:49 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-11 17:49 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-11 17:49 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-11 17:49 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-11 17:49 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-11 17:49 - 2016-04-29 19:10 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-05 10:23 - 2016-02-17 17:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-10-11 17:49 - 2016-04-27 20:00 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:92762D06056524D6 [217]
AlternateDataStreams: C:\Users\All Users:92762D06056524D6 [217]
AlternateDataStreams: C:\ProgramData\Application Data:92762D06056524D6 [217]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3738634946-379025392-388106291-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kent\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{99a955fa-cd9a-4a0f-b27a-82d0a5db7f5a}.jpg
HKU\S-1-5-21-3738634946-379025392-388106291-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Avid Application Manager.lnk"
HKLM\...\StartupApproved\Run: => "DigidesignMMERefresh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "AppManHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A6BF38A8-5742-463D-9088-B39C388B0F66}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9D398245-24E4-4B2D-A985-07758C93498A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{32A88689-16C2-47FB-B615-0F4FB4438F83}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E8117367-201C-4818-A86A-ED03E374D205}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [UDP Query User{568DABB1-255B-440F-A49D-6DCEF00AB736}C:\program files\presonus\studio one 3\studio one.exe] => (Allow) C:\program files\presonus\studio one 3\studio one.exe
FirewallRules: [TCP Query User{DB013677-4E83-46D9-B018-1B7EE21965DF}C:\program files\presonus\studio one 3\studio one.exe] => (Allow) C:\program files\presonus\studio one 3\studio one.exe
FirewallRules: [{F6AC3FE4-79AC-49CC-B3CA-34A09C17D06F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BE39F679-FFAC-4804-8685-5A0BDBBE4566}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{77B78AB1-6E62-42AD-A098-AB57BDA1B497}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FEDAF198-2135-40BC-B2D7-854C34CC034D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0FC5F329-D5A8-4259-AF4E-DF9FCD7D64E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64CE8989-A631-4C94-BE44-197909628CC5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A4EA51D-39AD-40D4-B15A-8784BC317FE5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{24C13183-0802-4D5B-8C91-2279C6F8F265}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [UDP Query User{D4EFABE6-2C6E-4A95-9B55-15FFEF43690D}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{E81D3D1A-11CE-4B05-82C1-75E1765D7F0B}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe
FirewallRules: [{EBDF353D-2D37-4FF4-AEE7-1632D1C6F412}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{5FE2C34B-7F7D-4DBA-9DC3-86B7B93F59C0}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{92B26F08-0CBB-4C22-B38E-EF0B4EC7A6C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3B9923E2-E07F-4D22-9E6D-547FAAABADC8}] => (Allow) C:\Users\kent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EB135C1B-12C3-4399-A9C9-49BFEB317D02}] => (Allow) C:\Users\kent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{650F4511-76EC-4D78-B6A9-40F900595338}] => (Allow) C:\Users\kent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{88AD1155-232C-44A6-9662-025A552D9E35}] => (Allow) C:\Users\kent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B7BDED8-6686-4427-87BD-5108BB2B595A}] => (Allow) C:\Users\kent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A587D8E5-F22A-44A6-AACF-878DEA0545B4}] => (Allow) C:\Users\kent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7624EAFE-8709-4924-8271-C8E626F02D94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C092759-B8BE-4952-9E2F-1786BE3F78BE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BD93568-C759-4579-8855-590AB2D2CF71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E065A60D-85B1-44E2-B8DE-585B229F94DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D15FDEA-CC6C-42CC-86BF-8C4F1A607D44}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B10A5313-B02C-41E6-9F42-72C126E3BD2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3694953C-70C9-4866-8DD9-2CDCDDEA8619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4F0E3AA-C724-4D85-ACC7-20131B149DE4}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{78B4CD04-DAFF-499F-BF49-04C29B760610}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{25F6C0F3-26E6-44FE-BD41-24A14454CF87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{17D02F2D-E590-424A-AABD-3381A627CDD2}] => (Allow) LPort=2869
FirewallRules: [{28B0EFF4-4FF4-48B3-AFA2-431C4A3A8EF7}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9732138C-3A2D-47E4-B637-86726239BB72}C:\program files\avid\application manager\avidapplicationmanager.exe] => (Allow) C:\program files\avid\application manager\avidapplicationmanager.exe
FirewallRules: [UDP Query User{F00F2A13-FCC3-4B51-A8E2-37A7853A9A14}C:\program files\avid\application manager\avidapplicationmanager.exe] => (Allow) C:\program files\avid\application manager\avidapplicationmanager.exe
FirewallRules: [TCP Query User{020FF421-D906-4A21-AC59-4AC2A16B0203}C:\program files\avid\application manager\avidappmanhelper.exe] => (Allow) C:\program files\avid\application manager\avidappmanhelper.exe
FirewallRules: [UDP Query User{3213E765-CF11-40AE-BD24-8CC89B9FA42F}C:\program files\avid\application manager\avidappmanhelper.exe] => (Allow) C:\program files\avid\application manager\avidappmanhelper.exe
FirewallRules: [{3CDA39E4-CC76-43C1-9ABA-9A5A26E44726}] => (Allow) C:\Program Files\Avid\Cloud Client Services\AssetCacheService.exe
FirewallRules: [{6281525D-7587-4777-9905-DF5E16FCC843}] => (Allow) C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe
FirewallRules: [{B1497C9E-CBD7-45BE-BFEB-A6F0E36C3C72}] => (Allow) C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe
FirewallRules: [{5A6B6ED4-902F-4D73-8DFE-3B08575824B4}] => (Allow) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
FirewallRules: [{E49387D3-88C7-405B-BE0E-C484C5B03392}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7B9E164C-32B6-4388-9741-C340E5820842}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0C232201-DAEB-4F69-A54E-24169654A6D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{19462345-CE20-4288-9B3D-5C6ABFCAF280}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{22B9DEFD-2820-4502-A2D5-9DE1A17D0899}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{0B69402A-B65A-4121-A301-8B7FF68E2F57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{C5C2102A-18E5-4DD2-B959-66994A8A563D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F5A111D4-8727-4289-A1DE-69683CEDA830}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5763AD9D-A8D8-44E0-A463-253020387E89}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A09A650A-3E9D-47B4-BBB6-41F47177FC8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F00BE6FA-6302-4C9D-A507-EFC3732091EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{C8FDBB7D-83E9-41E2-8F72-37C4A6374404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{542E4B19-0B7D-400C-A5BC-6AAE7ABE8C6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D6EE38D2-0750-4D77-B1E0-7C50F93214F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{BD76D0E9-AD65-410E-BD33-C0EA201FD6D7}] => (Allow) C:\Users\kent\AppData\Local\ddnowyes.exe
FirewallRules: [{97D49C7E-C217-4BD2-BCAD-516DD07B4DFE}] => (Allow) C:\Users\kent\AppData\Local\Temp\installer1.exe
FirewallRules: [{EFA6B443-9236-4ACA-A49C-A13487D9B769}] => (Allow) C:\Users\kent\AppData\Local\49757477.exe
FirewallRules: [{803ABF51-290A-40FA-9FB5-91DF483FC535}] => (Allow) C:\Users\kent\AppData\Local\tinstall.exe
FirewallRules: [{29D44289-CCD7-4658-A0B8-BF459D25B8B8}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{CEA2D0C8-A308-4B90-B3C0-E2316C95AAF2}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{7A4C4514-57D0-4528-A5CD-7EB648B752F5}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{AA701136-6A43-4D59-B7AF-F362C68A7941}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{5A946A6B-F24A-4432-A732-306E6A652488}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GRID 2 Demo\grid2.exe
FirewallRules: [{1A3C477E-F06B-40E4-A96F-1AFB2F9313C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GRID 2 Demo\grid2.exe
FirewallRules: [{D322815F-EEE3-47C9-8B48-7F32FA67AAE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-05-2016 14:16:45 Removed ooVoo
24-05-2016 16:31:44 Installed notation musician 3 Trial
27-05-2016 09:46:27 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: E:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: G:\
Description: SM/xD-Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: F:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2016 12:08:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Error: (05/31/2016 12:06:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Error: (05/31/2016 10:34:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KENTPC)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/30/2016 10:28:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KENTPC)
Description: Package Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (05/29/2016 10:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4875

Error: (05/29/2016 10:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4875

Error: (05/29/2016 10:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2016 10:27:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3657

Error: (05/29/2016 10:27:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3657

Error: (05/29/2016 10:27:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/31/2016 11:05:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (05/31/2016 11:05:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (05/31/2016 11:05:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware NAT Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (05/31/2016 11:05:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DigiRefresh service failed to start due to the following error:
%%2

Error: (05/31/2016 11:05:06 AM) (Source: VMnetDHCP) (EventID: 2) (User: )
Description: Can't open C:\ProgramData\VMware\vmnetdhcp.conf: The system cannot find the file specified.
 / The system cannot find the file specified

Error: (05/31/2016 11:04:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/31/2016 11:03:32 AM) (Source: DCOM) (EventID: 10005) (User: KENTPC)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (05/31/2016 11:03:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/31/2016 11:03:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (05/31/2016 10:47:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2016-05-27 11:23:18.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 14:13:17.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 03:39:50.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 10:32:50.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 14:50:23.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-27 13:56:39.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-27 13:30:02.477
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-24 10:21:59.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 16:17:17.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-18 03:58:18.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 16285.19 MB
Available physical RAM: 13351.21 MB
Total Virtual: 18717.19 MB
Available Virtual: 15336.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:891.62 GB) (Free:595.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000001)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Mechgeek419

Please follow the instructions below and let me know how your computer is running after this and if the virus messages have gone.

Step1 - FRST fix



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\MountPoints2: {34a3c576-4dd5-11e5-8250-806e6f6e6963} - "I:\setup.exe"
HKU\S-1-5-21-3738634946-379025392-388106291-1001\...\MountPoints2: {c1d06aa9-d403-11e5-9c1e-ac9e174ea719} - "D:\Setup.exe"
C:\Users\kent\jobq.dat
CustomCLSID: HKU\S-1-5-21-3738634946-379025392-388106291-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2ED66D1B1A09}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {194C7899-E461-47A3-9763-B36E714338B2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {50149E08-4038-48DD-9103-756F1C76D138} - \AMD Updater -> No File <==== ATTENTION
Task: {5561923A-F9EE-43D2-AB60-A6D6D35914FE} - \{9F0D9B2B-99F7-4E87-97EA-5BD9C227FFE3} -> No File <==== ATTENTION
Task: {649CC664-67AD-448B-89F1-1800FF4F5CE9} - \{040E0A47-0F08-7E04-0E11-040B057D110F} -> No File <==== ATTENTION
Task: {93AD872A-2B1B-4402-A73C-A1BEC54260E9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A31B3F70-81FE-4AF5-AE18-F8BBE0CD17E6} - \SafeZone scheduled Autoupdate 1458671885 -> No File <==== ATTENTION
Task: {AD10DA37-8563-48F1-89A2-2F150C042413} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B9ED7DB9-FA83-42F2-AF84-E4A3A6987072} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C165D980-5CAC-456C-AEE0-FE68C983EFD2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C28D8FB9-A0E7-4308-A45F-3367B9BE1C81} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {CB5EB84C-86B3-4A03-BF47-0CEB62EA5BF0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E447124F-1DE8-487F-8CE2-04350E20B5EF} - \Optimize Start Menu Cache Files-S-1-5-21-3738634946-379025392-388106291-1001 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:92762D06056524D6 [217]
AlternateDataStreams: C:\Users\All Users:92762D06056524D6 [217]
AlternateDataStreams: C:\ProgramData\Application Data:92762D06056524D6 [217]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - AdwCleaner


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options tick -
    Reset proxy settings
    Reset winsock settings
    Reset TCP/IP settings
    Reset IPSec settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.

    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • How is the computer running now?

  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP