Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Virus [Closed] [Solved]


  • This topic is locked This topic is locked

#1
BojanglesWA

BojanglesWA

    New Member

  • Member
  • Pip
  • 7 posts

I am not sure when the computer acquired the virus but it first came to notice two days ago.  I was in facebook, running Opera (not sure of the version) when a new tab opened displaying the Opera help page.  I was unable to close the new tab, each time I attempted to it re-opened.  I closed Opera and immediately the Windows help screen loaded up.  I was unable to close this window either.  I closed down the computer and rebooted and again the windows help screen loaded.  I eventually closed it by usung A lt-F4 and found that by keeping my finger on the Alt key I was able to prevent the help screen from re-opening.  However this was unsatisfactory as I was limited to what I could do on the computer.  I loaded Defender,( it informed me that it had been turned off) and ran a scan, it found nothing.  I went online using IE and had the same problem I had encountered with Opera ie IE's help screen loaded.  I found that by using various function keys I was able to keep the help screen from reloading.  I searched for solutions to my problem but found no answers.  I downloaded Microsoft Security Essentials and ran it.  That was when my problems began.  The computer immediately slowed down to the point where everything froze.  I shut down the computer using the on/off button and rebooted.  I attempted to run MSE again but the same thing happened.  After rebooting yet again the compuer became excessively slow again and closed down by itself.  When I again rebooted message appeared on the screen stating the computer had encountered memory problems.  Some time passed while the memory was checked.  After finding no problems Windows reloaded with the help screen problem back again and a slow computer.  I need to point out that there are short periods (maybe an hour or two) when the virus is dormant and when you think maybe it has gone it comes back again.  Hope you can assist me remove this thing.  Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-06-2016
Ran by ASUS (administrator) on ASUS-PC (04-06-2016 09:55:44)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
() C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Opera Software) C:\Program Files\Opera\37.0.2178.54\opera.exe
(Opera Software) C:\Program Files\Opera\37.0.2178.54\opera_crashreporter.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\37.0.2178.54\opera.exe
(Opera Software) C:\Program Files\Opera\37.0.2178.54\opera.exe
(Opera Software) C:\Program Files\Opera\37.0.2178.54\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\37.0.2178.54\opera.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-16] (AVAST Software)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-06] (Safer-Networking Ltd.)
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [829280 2012-05-23] (AppEx Networks Corporation)
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AceUpdater] => C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00b5c678-2864-11e3-b920-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00b5c698-2864-11e3-b920-001e101f8aaa} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00eb3970-43af-11e3-8abc-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {014ef0ce-f66f-11e3-9bbf-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {041e290b-25aa-11e3-a192-001e101f4e71} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {04c598fc-04ef-11e3-b19e-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06704a4e-a129-11e3-898c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06704a86-a129-11e3-898c-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06ef27cd-a359-11e3-a17e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06ef280c-a359-11e3-a17e-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0b253673-052a-11e3-9f5b-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0c87834e-3c7e-11e3-991e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0c878386-3c7e-11e3-991e-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0e2ab04e-c889-11e3-b675-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {113641cc-194a-11e4-a562-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {15ed514e-a8e8-11e3-b392-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {15ed5184-a8e8-11e3-b392-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {16a480cd-515b-11e3-948b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {1fc9ddce-b74b-11e3-b706-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {1fc9de03-b74b-11e3-b706-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {28ea79f0-6244-11e3-9bd0-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2c63bbce-4632-11e4-aa8d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2c63bc05-4632-11e4-aa8d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2e165bf5-27f3-11e3-ab70-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {30b49d76-6458-11e4-90bf-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {35f5bf6f-4cd5-11e4-b3e6-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5bb04e-a446-11e3-9f09-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5bb087-a446-11e3-9f09-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5f2283-54df-11e3-bf43-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5f2290-54df-11e3-bf43-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {41c82a6f-681b-11e4-a28d-5404a6747a63} - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4202ecce-9f4e-11e3-8297-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4202ed05-9f4e-11e3-8297-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {429003cf-25fb-11e3-b94a-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {42900404-25fb-11e3-b94a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {42fbfaef-253d-11e4-9020-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43692003-8c03-11e3-a314-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43692010-8c03-11e3-a314-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43b73073-4c54-11e4-9167-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43b7308c-4c54-11e4-9167-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {482a4e6a-f319-11e2-8c5a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4b996d08-6c0c-11e3-853e-5404a6747a63} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4ba894a2-8a3b-11e4-8e4d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {56aef4e6-8a3a-11e4-a429-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {56aef4f4-8a3a-11e4-a429-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5854d84f-0529-11e3-99e4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {592b28ce-975d-11e3-ab25-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {592b2905-975d-11e3-ab25-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5c124b21-59b2-11e3-aa19-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5cfdb94f-25ca-11e3-8f71-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5cfdb991-25ca-11e3-8f71-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {60419b4e-515c-11e3-b82f-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {60419b85-515c-11e3-b82f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {65f19ce5-0e21-11e4-afdc-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {65f19cf4-0e21-11e4-afdc-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a10b54e-a452-11e3-9ac6-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a10b584-a452-11e3-9ac6-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a629a76-515a-11e3-bf6f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f1c934e-5e68-11e3-a851-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f1c9383-5e68-11e3-a851-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f86b18c-2384-11e3-8fc2-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7670f95f-0495-11e3-9ee5-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7aba186f-250f-11e3-90cf-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7f84974e-a153-11e3-b4a0-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7f849786-a153-11e3-b4a0-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {86074ef6-a39f-11e3-a60d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {88b7c3ed-253b-11e4-9350-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {8c1b2086-80d3-11e4-9ee5-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {8c1b2094-80d3-11e4-9ee5-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {931197fe-2512-11e4-8c08-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9673b64e-eac1-11e3-9a4c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9673b687-eac1-11e3-9a4c-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {96895a51-d8fd-11e3-bec4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9ea215ce-6243-11e3-bad9-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9f7641ce-519d-11e4-915b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9f764207-519d-11e4-915b-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a6747cce-befa-11e3-8dc4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a6747d02-befa-11e3-8dc4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a7d545a2-4be2-11e2-80c4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a7d545b2-4be2-11e2-80c4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a8e492aa-644a-11e3-97c8-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {aa657ace-253c-11e4-ada3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {ac620bd3-f66f-11e3-afe9-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {acc310ce-d361-11e3-a0c3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {acc31108-d361-11e3-a0c3-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {af41c173-608b-11e4-b043-001e101f2c0e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {baf3d595-4996-11e2-9b15-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {baf3d5a1-4996-11e2-9b15-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {c2e2d075-20f4-11e3-851c-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbb5a34c-c889-11e3-9791-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbb5a36f-c889-11e3-9791-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbc1cefa-2961-11e4-8a49-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cc6b9cce-59af-11e3-a26d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cc6b9d04-59af-11e3-a26d-5404a6747a63} - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cdc1bccf-64b9-11e3-8f2a-806e6f6e6963} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d881ce4e-7f0b-11e3-9071-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d881ce88-7f0b-11e3-9071-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d9547e65-96ca-11e3-819d-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d9547e74-96ca-11e3-819d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {db2c01fe-0bbf-11e3-b868-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dca56f4d-9941-11e3-b33a-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dca56f8a-9941-11e3-b33a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dcc058ce-a39e-11e3-b207-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c026-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c032-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c03e-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e43531ce-f7d6-11e3-b6a4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e4353202-f7d6-11e3-b6a4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e54479ce-64a8-11e3-8b50-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e5447a10-64a8-11e3-8b50-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e69c57e5-9720-11e3-8e48-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e69c57f4-9720-11e3-8e48-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {ee15254e-a152-11e3-8079-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {eefb1ff4-f4bc-11e2-8d42-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {efa25cce-d8fc-11e3-9268-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {f32947f6-5e75-11e3-bb02-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {f7927979-6819-11e4-a033-001e101fb45e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fbf12f03-d560-11e2-836f-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fbf12f0f-d560-11e2-836f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fda29065-608a-11e4-9002-74de2bf06d33} - F:\AutoRun.exe
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-10] (Qualcomm Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-10-16] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A6970E0-0856-4DEE-A1D5-3C633A26A53E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6D1B9051-2004-4011-B1E7-B808F56FC03C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A30F1158-07FB-487C-B653-A992B13B10E9}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A755F62C-B4EB-4810-8718-9F6B99F71AD8}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-558300477-696560046-2245731031-1000 - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKU\S-1-5-21-558300477-696560046-2245731031-1000 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {7605CA87-5F99-44CE-AB61-95EB8E12702D} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-27] (Safer Networking Limited)
BHO: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-16] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
BHO: YouTube Downloader Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> No File
Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-05-17] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin HKU\S-1-5-21-558300477-696560046-2245731031-1000: @acestream.net/acestreamplugin,version=3.0.11 -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-04] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-558300477-696560046-2245731031-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-16] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/sport/0/football/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-30]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (uTorrentControl2) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2014-06-17] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3072253&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.bbc.com/sport/0/football/"
OPR Extension: (AS Magic Player) - C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-06-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-08-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-16] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S4 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-27] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [156512 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-16] ()
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-08-03] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-08-03] (Raxco Software, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-08-23] (Duplex Secure Ltd.)
U3 a9evaaog; C:\Windows\system32\Drivers\a9evaaog.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 GPU-Z; \??\C:\Users\ASUS\AppData\Local\Temp\GPU-Z.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-04 09:55 - 2016-06-04 09:57 - 00032359 _____ C:\Users\ASUS\Desktop\FRST.txt
2016-06-04 09:54 - 2016-06-04 09:52 - 01734656 _____ (Farbar) C:\Users\ASUS\Desktop\FRST.exe
2016-06-04 09:52 - 2016-06-04 09:55 - 00000000 ____D C:\FRST
2016-06-04 06:11 - 2016-06-04 06:11 - 00000000 __SHD C:\found.000
2016-06-03 16:40 - 2016-06-03 16:40 - 00001020 _____ C:\Users\ASUS\Desktop\Alexis Resume - Shortcut.lnk
2016-06-03 14:00 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-03 14:00 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-03 14:00 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-03 14:00 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-03 13:59 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-03 13:59 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-03 13:59 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-03 13:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-03 13:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-03 13:49 - 2016-06-03 13:49 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-03 13:48 - 2016-06-03 13:48 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-03 13:48 - 2016-06-03 13:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-01 05:48 - 2016-06-01 11:02 - 00516832 _____ C:\Windows\ntbtlog.txt
2016-05-30 07:32 - 2016-06-04 09:41 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-30 07:32 - 2016-06-04 09:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-30 07:32 - 2016-05-30 07:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-30 07:32 - 2016-05-30 07:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-30 07:18 - 2016-06-04 09:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-30 07:18 - 2016-06-04 07:44 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 07:18 - 2016-05-30 07:37 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-30 07:18 - 2016-05-30 07:37 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-30 07:17 - 2016-05-30 07:19 - 00000000 ____D C:\Program Files\Google
2016-05-29 05:16 - 2016-05-29 05:16 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-28 16:58 - 2016-05-28 16:58 - 00000000 ____D C:\Users\ASUS\Tracing
2016-05-28 16:57 - 2016-05-28 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-28 16:57 - 2016-05-28 16:57 - 00000000 ____D C:\Program Files\Common Files\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-04 09:56 - 2009-07-14 11:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-04 09:56 - 2009-07-14 11:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-04 07:37 - 2012-09-24 00:31 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000UA.job
2016-06-04 07:22 - 2010-11-21 04:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-04 07:22 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2016-06-04 07:15 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-04 06:18 - 2014-11-29 07:26 - 00000000 ____D C:\Program Files\Opera
2016-06-03 10:36 - 2012-09-24 00:31 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000Core.job
2016-06-01 12:09 - 2015-02-17 17:37 - 00000000 ____D C:\Users\ASUS\Desktop\Col Finance
2016-05-30 07:32 - 2014-02-27 03:43 - 00000000 ____D C:\Users\ASUS\AppData\Local\Adobe
2016-05-30 07:17 - 2013-08-31 09:25 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\PriceGong
2016-05-30 07:17 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Conduit
2016-05-29 17:33 - 2012-10-24 01:19 - 00000000 ____D C:\Eudora Storage
2016-05-29 15:16 - 2012-05-12 09:43 - 00000000 ___RD C:\Program Files\Skype
2016-05-28 17:00 - 2012-05-12 09:44 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
2016-05-28 16:58 - 2012-05-07 06:25 - 00000000 ___RD C:\Users\ASUS
2016-05-28 16:57 - 2012-05-12 09:43 - 00000000 ____D C:\ProgramData\Skype
2016-05-28 16:56 - 2014-08-04 12:37 - 00000000 ____D C:\Users\ASUS\AppData\Local\Skype
2016-05-28 14:47 - 2015-03-31 12:40 - 00000000 ____D C:\ProgramData\MobileBrServ
2016-05-27 18:44 - 2015-04-28 15:24 - 00000000 ____D C:\Users\ASUS\AppData\Local\Sid Meier's Starships
2016-05-27 18:44 - 2012-10-19 21:06 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2016-05-27 18:24 - 2012-12-07 08:42 - 00000000 ____D C:\Users\ASUS\AppData\Local\ElevatedDiagnostics
2016-05-24 16:15 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2012-05-08 09:14 - 2012-10-26 09:29 - 0084480 _____ () C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 16:44 - 2014-02-27 16:44 - 0000000 ___SH () C:\Users\ASUS\AppData\Local\LumaEmu
2014-08-21 16:20 - 2015-05-10 05:34 - 0007606 _____ () C:\Users\ASUS\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-29 08:46
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-06-2016
Ran by ASUS (2016-06-04 09:58:48)
Running from C:\Users\ASUS\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-05-06 23:25:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-558300477-696560046-2245731031-500 - Administrator - Disabled)
ASUS (S-1-5-21-558300477-696560046-2245731031-1000 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-558300477-696560046-2245731031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-558300477-696560046-2245731031-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 3.0.11 (HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\AceStream) (Version: 3.0.11 - Ace Stream Media) <==== ATTENTION
Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BF9D2E61-64C4-64EA-6AF7-29EB5A110C26}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
Bonus Content - Better Homes and Gardens® Fabrics (HKLM\...\{D2F30ACB-8DA1-11ED-34E4-2C7BE568D0E3}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Bradbury® Wallpaper (HKLM\...\{FBF29764-A6E8-8082-3ED0-E767CF26A99D}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Eldorado Stone (HKLM\...\{F9E7E2BF-10F7-7D31-9526-136365321015}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Event Planning (HKLM\...\{9D0D342B-211E-E5F2-C161-BC504E3499D2}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Exterior Fireplaces (HKLM\...\{B0D9C297-2389-9F62-3A20-66864463FBD0}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Kitchen Accessories (HKLM\...\{F928923A-C355-5FF7-0EAE-C631F39EF90E}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Kitchen Appliances (HKLM\...\{65F12BCC-5B8A-A9C3-A1FB-F59CD2033321}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Landscape Statuary (HKLM\...\{742E294C-A323-3EB5-A76C-19D1806799EB}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Landscaping Tools (HKLM\...\{68825CF8-75DA-A51C-854F-CE3BC91CD3F2}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Mohawk® (HKLM\...\{37CA3B93-D5C3-3225-E238-C7356BD0B834}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Patio Furniture (HKLM\...\{B6AC6BEE-6D2A-AF5D-B44F-DDA7B369203D}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Pools (HKLM\...\{AAF5C2E6-80D6-6846-0A4D-9A1D77AB7B97}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Rec-Room Items (HKLM\...\{6849D65C-1FA1-1C54-3BB7-D6AE84E034F6}) (Version: 0.0.0.0 - Chief Architect Inc)
calibre (HKLM\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Caribbean (HKLM\...\Caribbean_is1) (Version:  - )
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Eudora (HKLM\...\{5BD8AA37-E312-4EB0-8F0C-C5FE7A273ADA}) (Version: 7.0 - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Family Tree Maker 2011 (HKLM\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (Version: 20.0.368 - Ancestry.com) Hidden
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.3.1.218 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mount&Blade With Fire and Sword (HKLM\...\Mount&Blade With Fire and Sword) (Version:  - )
Opera Stable 37.0.2178.54 (HKLM\...\Opera 37.0.2178.54) (Version: 37.0.2178.54 - Opera Software)
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime (HKLM\...\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}) (Version: 7.1 - Apple Computer, Inc.)
QuickTime (Version: 7.1 - Apple Computer, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
uTorrentControl2 Toolbar (HKLM\...\uTorrentControl2 Toolbar) (Version: 6.8.9.0 - uTorrentControl2) <==== ATTENTION
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Wasteland 2 (HKLM\...\1207665783_is1) (Version: 2.4.0.18 - GOG.com)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YouTube Downloader Toolbar v6.0 (HKLM\...\{590E3295-A11B-4C9F-9F88-399397EE393D}) (Version: 6.0 - Spigot, Inc.) <==== ATTENTION
YTD YouTube Downloader & Converter 3.6 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
Zuma's Revenge (HKLM\...\Zuma's Revenge) (Version:  - islandGirl)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {34F26152-3454-436F-9130-6F79BBD4DDA1} - System32\Tasks\{9F978C64-5F3D-4B60-A9D4-350B413F461C} => pcalua.exe -a "C:\Program Files\Smart Bro\uninst.exe"
Task: {3C9D0BF4-2DDC-46BF-870D-2A604DCFBF52} - System32\Tasks\{E0FAF554-60D5-4462-8016-DB615F6F3090} => pcalua.exe -a "D:\Games\Armed Assault QG 108 Revansh\wmfdist_xp64.exe" -d "D:\Games\Armed Assault QG 108 Revansh"
Task: {45874A7D-D065-44E2-82FD-F0AB870CE8DF} - System32\Tasks\{09DD72D6-890D-4DAF-8C33-11F68D6994BE} => C:\Program Files\Vacation Quest 2 Australia Full\VacationQuestAustralia.exe
Task: {5C236FE5-23DC-4DBD-861C-95502AE4A169} - System32\Tasks\{A4435656-43A1-4E09-A01E-4CB368B9ED6A} => pcalua.exe -a H:\setup.exe -d H:\
Task: {6EAC7F7A-C79E-49ED-BDD5-5179E535E76C} - System32\Tasks\{34A1EB8E-E960-4509-8D98-FE5C7E0EB95E} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {78938F2C-F85F-4D18-8A17-8AC9802636CA} - System32\Tasks\{508230A9-31A8-4D7D-BFDE-6E8BCB0769B5} => C:\Program Files\Family Tree Maker 2011\FTM.exe
Task: {7B3E194B-067B-4FA8-BF39-3AA9ED3DB660} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000Core => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.)
Task: {7E786B0C-BF8B-4456-8824-30F238315DC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {7F329F5E-9CFA-413D-999D-4ED54D5AC6A9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8052578E-B3ED-493E-8A9C-B5EC74141BE8} - System32\Tasks\{1470EA81-4A9E-4CCB-864D-09A010316710} => pcalua.exe -a "C:\Users\ASUS\Downloads\ARMA\Armed Assault QG 108 Revansh.exe" -d C:\Users\ASUS\Downloads\ARMA
Task: {80B9291C-B2D9-49A8-8250-BAE4E24DE161} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic\iologovernor.exe [2014-04-30] (iolo technologies, LLC)
Task: {8D2D9FEE-3B48-4AA3-8476-FA3B5729F3FA} - System32\Tasks\{E4A51B5C-57AE-4F85-A360-76737913B1BF} => pcalua.exe -a "D:\Games\ZZ_Storage\Sport\ifa manager 14\Redist\VCRedist\vcredist_x86.exe" -d "D:\Games\ZZ_Storage\Sport\ifa manager 14"
Task: {8EC8577D-60FE-4A6C-80D7-031B5A2BACD9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000UA => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.)
Task: {98FD4C23-D7F6-4351-8A73-02E51CFE9D72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {B7D1938A-15FF-4448-8865-A71730933655} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {BCFA79A7-851C-41B4-A9DB-2F86AFF99956} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-29] (Avast Software s.r.o.)
Task: {C004A64A-C29F-467D-8A0C-B223329815CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-30] (Adobe Systems Incorporated)
Task: {CA65656F-873F-44BA-A682-8746ED17E2B8} - System32\Tasks\Opera scheduled Autoupdate 1417221472 => C:\Program Files\Opera\launcher.exe [2016-05-30] (Opera Software)
Task: {D7FC9CB3-A999-4A93-BA08-9D57AE28E7C2} - System32\Tasks\{1256E85A-642A-4D6D-A189-342226ED8C15} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Task: {E7D084C6-6454-4A28-B5C9-822A42445700} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-30] (Adobe Systems Incorporated)
Task: {E8CC58B6-08AD-460C-95BA-69ADD1435860} - System32\Tasks\{0F0D6D35-A39D-45D6-A989-1532B6E9FF90} => pcalua.exe -a "C:\Program Files\ProtectDisc Driver Installer\uninstall_v10.exe"
Task: {FFED9814-2541-4E1C-9865-5392DC920DF4} - System32\Tasks\{314CBA95-CCCE-42E5-BCF0-E4AE3B769228} => D:\Games\Rail Nation\RailNation.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000Core.job => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000UA.job => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-16 03:03 - 2014-10-16 03:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2016-06-04 06:17 - 2016-06-04 06:17 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060301\algo.dll
2012-05-07 06:27 - 2008-07-24 09:19 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-16 03:03 - 2014-10-16 03:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-28 08:23 - 2015-02-28 08:23 - 00022824 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2011-06-12 20:09 - 2011-06-12 20:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2011-06-12 20:09 - 2011-06-12 20:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2014-01-23 18:37 - 2014-01-23 18:37 - 00036352 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2012-02-07 23:37 - 2012-02-07 23:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2012-02-07 23:35 - 2012-02-07 23:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2012-02-07 23:38 - 2012-02-07 23:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2012-02-07 23:42 - 2012-02-07 23:42 - 00266240 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00106496 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2010-10-11 05:23 - 2010-10-11 05:23 - 00723968 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2011-01-19 04:56 - 2011-01-19 04:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00688128 _____ () C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2016-06-02 05:33 - 2016-06-02 05:32 - 65893928 _____ () C:\Program Files\Opera\37.0.2178.54\opera.dll
2016-06-02 05:33 - 2016-06-02 05:32 - 02212392 _____ () C:\Program Files\Opera\37.0.2178.54\libglesv2.dll
2016-06-02 05:33 - 2016-06-02 05:32 - 00082472 _____ () C:\Program Files\Opera\37.0.2178.54\libegl.dll
2012-08-23 22:00 - 2012-08-23 22:28 - 00109568 _____ () C:\Program Files\DAEMON Tools Pro\BRD.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A [112]
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8 [123]
AlternateDataStreams: C:\ProgramData\TEMP:D6255023 [128]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7761 more sites.
 
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123simsen.com -> www.123simsen.com
 
There are 7767 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:04 - 2012-07-23 07:49 - 00443578 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 15227 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CDEF3E8A-54C4-4D2D-89EC-59905A3AFCF7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7C2D49A0-9381-4CD2-BA22-2DD7A14AFB37}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{C9629475-F62A-41A3-8D11-8C3A4F0DF81E}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{B413855B-B673-496B-86F3-85714764F12B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E472B956-7C55-4E42-874A-77346067182D}] => (Block) %ProgramFiles%\Iceberg Interactive\goodlife\TGL.exe
FirewallRules: [TCP Query User{7906CA4D-814F-45D6-AB36-17F966B62F31}D:\games\arma ii combined operation\arma ii combined operations\arma2.exe] => (Block) D:\games\arma ii combined operation\arma ii combined operations\arma2.exe
FirewallRules: [UDP Query User{ABAFF686-10E7-4024-A76A-C51B5FF6E28E}D:\games\arma ii combined operation\arma ii combined operations\arma2.exe] => (Block) D:\games\arma ii combined operation\arma ii combined operations\arma2.exe
FirewallRules: [{1B928952-1C05-4938-B0F0-03B105D2AC94}] => (Allow) D:\Games\Supreme Ruler 2020 Gold\SupremeRuler2020GC.exe
FirewallRules: [{1B43D979-FDE4-4643-92AA-C44D54ADEABC}] => (Allow) D:\Games\Supreme Ruler 2020 Gold\SupremeRuler2020GC.exe
FirewallRules: [TCP Query User{BE145DE1-DE9A-4FE2-95D8-0B59FE92BE19}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{86584C0A-959B-40DB-AE61-659435FA217D}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{2C8DCD64-F4EC-4D6D-A637-7D320EB2904E}] => (Allow) D:\Games\FM13\FIFA Manager 13\Manager13.exe
FirewallRules: [{BC1C4CD8-D2F4-4C46-B967-C71061C5A756}] => (Allow) D:\Games\FM13\FIFA Manager 13\Manager13.exe
FirewallRules: [{56EBAF9C-5F61-4292-8E9D-BD7065DB1A01}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CF3E8EC-91A3-43D2-863A-06B978EC6AA0}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F7F98353-E1FE-4D76-ACB7-60120003BDCA}D:\games\shadowrun returns\shadowrun.exe] => (Block) D:\games\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{CB7FC062-871E-4DA1-97A9-103B8C6EF538}D:\games\shadowrun returns\shadowrun.exe] => (Block) D:\games\shadowrun returns\shadowrun.exe
FirewallRules: [{CE26B391-CCE0-4029-AB97-CC305546E230}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4F4B0E3-2CD9-40B6-B088-0A4CB566E51B}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC8A4162-FEAD-4FCD-8C11-8BB22BF545FB}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\PCM.exe
FirewallRules: [{1D26D032-C550-4C9E-BCE4-19C446AE0ACE}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\PCM.exe
FirewallRules: [{A676A126-626B-4C2A-BDA6-935586396895}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\Autorun\Exe\Autorun.exe
FirewallRules: [{907EFC3B-1B32-4D17-896E-70B8A04577A6}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\Autorun\Exe\Autorun.exe
FirewallRules: [TCP Query User{7B58C1A8-9D46-44B8-ABFC-10BC09492402}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Allow) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [UDP Query User{74E8B457-E59A-434F-A5DA-007B0974388C}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Allow) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [TCP Query User{95622287-E958-4D57-9580-B3088ED06AC2}D:\games\saints row iv - game of the century edition\saintsrowiv.exe] => (Block) D:\games\saints row iv - game of the century edition\saintsrowiv.exe
FirewallRules: [UDP Query User{7D39B5C6-7970-4C6A-8001-E1BCC9A31589}D:\games\saints row iv - game of the century edition\saintsrowiv.exe] => (Block) D:\games\saints row iv - game of the century edition\saintsrowiv.exe
FirewallRules: [{14C0F1AB-390B-42F6-95F2-5F9EF78CC291}] => (Allow) C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{26290BE1-FCC3-46DA-A66B-7152DFA3A00C}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{6DB9C866-2B47-4ECD-8BF3-A75E2FF93445}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{3F30A9EC-A9ED-403F-A3FA-BC423756B85F}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{91C82AC4-6DCC-4AC6-ABA0-F99B453ABF9C}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{D5EB781F-C717-4DC2-9363-C97CDC5C12AA}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{5F957C55-D9F1-4F37-916A-8C03D3CC2B5E}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [TCP Query User{72CDFEDD-98E2-4E1C-943F-2285DBEE3415}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Block) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [UDP Query User{8A37A65F-280B-4A14-89C3-5451DC6451F6}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Block) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [{B37DA6EA-57BA-4EDF-A8C2-1D06ECFC9556}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8773C331-36E0-495A-BF9E-51296DB9076A}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9ADD9AA6-3955-4318-A166-BCA9E75801EB}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{86D1FE45-EDC3-4250-A83E-A50A88E691A4}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{B3C52251-BD63-4F7A-A267-17314ADD8968}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{CB9067EA-64DA-4860-8776-4F9F5BFD22BD}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{4FCFE9B5-F7C8-459F-B1EB-A2CDF4A1E800}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [{C8DB39D7-3603-4D5E-AF3C-9A90B474BBF7}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [{BBED1091-32F7-45A3-B44F-052EC422D8A4}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [{BAC74DB0-7B7A-40BA-96FD-D349D7E2DDF0}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{69A37E6E-4341-437B-AA43-4813ABCC8E73}D:\games\republique remastered\republique.exe] => (Block) D:\games\republique remastered\republique.exe
FirewallRules: [UDP Query User{2B7C5CF0-442E-4578-BC2A-F774F3BBAEB3}D:\games\republique remastered\republique.exe] => (Block) D:\games\republique remastered\republique.exe
FirewallRules: [{44FC8069-A7B2-49CF-8D11-BBAE886FC007}] => (Allow) D:\Gamess\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{5A4EACF6-7151-4F20-A0D5-207746AD5EC0}] => (Allow) D:\Gamess\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{5A73153E-6AA0-4C52-ACAD-B59B51B2698D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-06-2016 13:41:57 Windows Defender Checkpoint
03-06-2016 13:59:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2016 07:16:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2016 06:46:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2016 06:29:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2016 06:13:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/03/2016 08:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/03/2016 05:26:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/03/2016 05:00:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/03/2016 03:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/03/2016 03:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/03/2016 03:00:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/04/2016 06:28:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:26:15 AM on ‎6/‎4/‎2016 was unexpected.
 
Error: (06/04/2016 06:15:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
 
Error: (06/04/2016 06:14:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
 
Error: (06/04/2016 06:14:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
 
Error: (06/04/2016 06:14:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (06/04/2016 06:13:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:20:42 PM on ‎6/‎3/‎2016 was unexpected.
 
Error: (06/03/2016 08:22:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:21:04 PM on ‎6/‎3/‎2016 was unexpected.
 
Error: (06/03/2016 03:34:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (06/03/2016 03:06:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:04:51 PM on ‎6/‎3/‎2016 was unexpected.
 
Error: (06/03/2016 03:02:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 74%
Total physical RAM: 1643.72 MB
Available physical RAM: 412.23 MB
Total Virtual: 3287.44 MB
Available Virtual: 1749.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.83 GB) (Free:11.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (My Storage) (Fixed) (Total:224.26 GB) (Free:70.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi BojanglesWA,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.


Have you tried to change to another keyboard? If not, please try to get a spare keyboard and see if the problem persist.

I am looking through your logs, and will get back to you as soon as possible.
  • 0

#3
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi BojanglesWA,
 
Couples of thing to take care of first.

I noticed that you have both Microsoft Security Essentials (MSE) and avast! installed.

Only run 1 Anti Virus program on your computer

The real-time protection of two antivirus programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
As such, please choose only one of them and I will guide you through the process to uninstall the other one. My personal recommendation is to keep MSE, and remove avast! but the decision is yours.


Spybot Search & Destroy

I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.

immunize.JPG




warning.gif!!! uTorrent - P2P Warning !!!

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
USAToday

I would recommend that you uninstall any P2P Programs, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

Now that we are clear with the rules, let's proceed with the actual removal process. :thumbsup:


Remove unwanted programs

Please uninstall the following unwanted programs:

uTorrent
Ace Stream Media 3.0.11
Spybot - Search & Destroy
uTorrentControl2 Toolbar
YouTube Downloader Toolbar v6.0

Note: Both uTorrent and Spybot - Search & Destroy are optional uninstallation.

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
  • Enter control panel in the search box beside Start Button, then tap or click Control Panel.
  • Under View by: select Large Icons, then tap or click Programs and features.
  • Tap or click the program, then tap or click Uninstall.
  • Follow the instructions on screen.
Repeat the above steps for all the other programs to remove.
Reboot the machine once all programs has been uninstalled.


Remove missing Chrome Plugin
  • Open Chrome
  • Copy and paste the following in the address bar and press Enter:

    chrome://plugins
  • You will get a page with all the plugins listed.
  • Press "Disable" on the following Plugins.

    Chrome PDF Viewer
    Google Update
    Native Client
    Shockwave Flash
  • Then press "Enable".
  • Close Chrome.
Remove Chrome Extension

Click the Chrome menu on the browser toolbar.
Click More Tools and select Extensions.
Click the trash can icon beside the extension:
  • uTorrentControl2
A confirmation dialog appears, click Remove.

Remove Opera Extension

Click top left Opera and in the drop down box click on Extensions
To remove individual extensions click on the X for each item and then OK.
  • AS Magic Player
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 


Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AceUpdater] => C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00b5c678-2864-11e3-b920-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00b5c698-2864-11e3-b920-001e101f8aaa} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00eb3970-43af-11e3-8abc-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {014ef0ce-f66f-11e3-9bbf-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {041e290b-25aa-11e3-a192-001e101f4e71} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {04c598fc-04ef-11e3-b19e-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06704a4e-a129-11e3-898c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06704a86-a129-11e3-898c-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06ef27cd-a359-11e3-a17e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06ef280c-a359-11e3-a17e-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0b253673-052a-11e3-9f5b-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0c87834e-3c7e-11e3-991e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0c878386-3c7e-11e3-991e-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0e2ab04e-c889-11e3-b675-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {113641cc-194a-11e4-a562-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {15ed514e-a8e8-11e3-b392-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {15ed5184-a8e8-11e3-b392-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {16a480cd-515b-11e3-948b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {1fc9ddce-b74b-11e3-b706-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {1fc9de03-b74b-11e3-b706-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {28ea79f0-6244-11e3-9bd0-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2c63bbce-4632-11e4-aa8d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2c63bc05-4632-11e4-aa8d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2e165bf5-27f3-11e3-ab70-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {30b49d76-6458-11e4-90bf-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {35f5bf6f-4cd5-11e4-b3e6-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5bb04e-a446-11e3-9f09-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5bb087-a446-11e3-9f09-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5f2283-54df-11e3-bf43-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5f2290-54df-11e3-bf43-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {41c82a6f-681b-11e4-a28d-5404a6747a63} - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4202ecce-9f4e-11e3-8297-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4202ed05-9f4e-11e3-8297-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {429003cf-25fb-11e3-b94a-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {42900404-25fb-11e3-b94a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {42fbfaef-253d-11e4-9020-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43692003-8c03-11e3-a314-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43692010-8c03-11e3-a314-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43b73073-4c54-11e4-9167-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43b7308c-4c54-11e4-9167-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {482a4e6a-f319-11e2-8c5a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4b996d08-6c0c-11e3-853e-5404a6747a63} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4ba894a2-8a3b-11e4-8e4d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {56aef4e6-8a3a-11e4-a429-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {56aef4f4-8a3a-11e4-a429-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5854d84f-0529-11e3-99e4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {592b28ce-975d-11e3-ab25-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {592b2905-975d-11e3-ab25-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5c124b21-59b2-11e3-aa19-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5cfdb94f-25ca-11e3-8f71-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5cfdb991-25ca-11e3-8f71-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {60419b4e-515c-11e3-b82f-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {60419b85-515c-11e3-b82f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {65f19ce5-0e21-11e4-afdc-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {65f19cf4-0e21-11e4-afdc-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a10b54e-a452-11e3-9ac6-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a10b584-a452-11e3-9ac6-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a629a76-515a-11e3-bf6f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f1c934e-5e68-11e3-a851-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f1c9383-5e68-11e3-a851-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f86b18c-2384-11e3-8fc2-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7670f95f-0495-11e3-9ee5-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7aba186f-250f-11e3-90cf-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7f84974e-a153-11e3-b4a0-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7f849786-a153-11e3-b4a0-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {86074ef6-a39f-11e3-a60d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {88b7c3ed-253b-11e4-9350-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {8c1b2086-80d3-11e4-9ee5-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {8c1b2094-80d3-11e4-9ee5-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {931197fe-2512-11e4-8c08-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9673b64e-eac1-11e3-9a4c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9673b687-eac1-11e3-9a4c-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {96895a51-d8fd-11e3-bec4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9ea215ce-6243-11e3-bad9-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9f7641ce-519d-11e4-915b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9f764207-519d-11e4-915b-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a6747cce-befa-11e3-8dc4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a6747d02-befa-11e3-8dc4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a7d545a2-4be2-11e2-80c4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a7d545b2-4be2-11e2-80c4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a8e492aa-644a-11e3-97c8-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {aa657ace-253c-11e4-ada3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {ac620bd3-f66f-11e3-afe9-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {acc310ce-d361-11e3-a0c3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {acc31108-d361-11e3-a0c3-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {af41c173-608b-11e4-b043-001e101f2c0e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {baf3d595-4996-11e2-9b15-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {baf3d5a1-4996-11e2-9b15-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {c2e2d075-20f4-11e3-851c-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbb5a34c-c889-11e3-9791-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbb5a36f-c889-11e3-9791-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbc1cefa-2961-11e4-8a49-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cc6b9cce-59af-11e3-a26d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cc6b9d04-59af-11e3-a26d-5404a6747a63} - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cdc1bccf-64b9-11e3-8f2a-806e6f6e6963} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d881ce4e-7f0b-11e3-9071-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d881ce88-7f0b-11e3-9071-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d9547e65-96ca-11e3-819d-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d9547e74-96ca-11e3-819d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {db2c01fe-0bbf-11e3-b868-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dca56f4d-9941-11e3-b33a-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dca56f8a-9941-11e3-b33a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dcc058ce-a39e-11e3-b207-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c026-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c032-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c03e-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e43531ce-f7d6-11e3-b6a4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e4353202-f7d6-11e3-b6a4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e54479ce-64a8-11e3-8b50-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e5447a10-64a8-11e3-8b50-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e69c57e5-9720-11e3-8e48-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e69c57f4-9720-11e3-8e48-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {ee15254e-a152-11e3-8079-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {eefb1ff4-f4bc-11e2-8d42-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {efa25cce-d8fc-11e3-9268-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {f32947f6-5e75-11e3-bb02-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {f7927979-6819-11e4-a033-001e101fb45e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fbf12f03-d560-11e2-836f-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fbf12f0f-d560-11e2-836f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fda29065-608a-11e4-9002-74de2bf06d33} - F:\AutoRun.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-558300477-696560046-2245731031-1000 - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKU\S-1-5-21-558300477-696560046-2245731031-1000 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: YouTube Downloader Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> No File
Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
FF Plugin HKU\S-1-5-21-558300477-696560046-2245731031-1000: @acestream.net/acestreamplugin,version=3.0.11 -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-04] (Innovative Digital Technologies)
CHR Extension: (uTorrentControl2) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2014-06-17] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3072253&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
OPR Extension: (AS Magic Player) - C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-06-17]
U3 a9evaaog; C:\Windows\system32\Drivers\a9evaaog.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 GPU-Z; \??\C:\Users\ASUS\AppData\Local\Temp\GPU-Z.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-05-30 07:17 - 2013-08-31 09:25 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\PriceGong
2016-05-30 07:17 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Conduit
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A [112]
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8 [123]
AlternateDataStreams: C:\ProgramData\TEMP:D6255023 [128]

C:\Program Files\uTorrentControl2

Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.
 
 
In your next reply, please include the following:
  • Which Anti-Virus program would you like to keep?
  • Any issue with the uninstallation?
  • FRST fixlog

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Re-opened per user's request
  • 0

#6
BojanglesWA

BojanglesWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I have removed the programs you requested I remove.  I also removed Avast as that virus protector has been virtually dormant for some time.  

 

I do not have Chrome installed on my computer so I was unable to carry out the removal of plugins and extensions.  The extension AS Magic Player did not show up under Opera Extensions.  When I navigated to the Extension page it informed me there were no extensions installed.

 

The "Help" screens no longer appear but now the C drive is being filled with garbage which in turn is slowing down the computer.  Am I right in assuming Windows 7 is no longer supported by Microsoft?  If so, should I be receiving system updates?  I have received updates the last two mornings when I first turn on the computer.

 

I am not sure If I did things correctly concerning the FRST program.  The log follows.

 

===============================================================================================================================================

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-06-2016
Ran by ASUS (2016-06-09 13:45:49) Run:1
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AceUpdater] => C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\ASUS\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00b5c678-2864-11e3-b920-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00b5c698-2864-11e3-b920-001e101f8aaa} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {00eb3970-43af-11e3-8abc-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {014ef0ce-f66f-11e3-9bbf-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {041e290b-25aa-11e3-a192-001e101f4e71} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {04c598fc-04ef-11e3-b19e-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06704a4e-a129-11e3-898c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06704a86-a129-11e3-898c-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06ef27cd-a359-11e3-a17e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {06ef280c-a359-11e3-a17e-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0b253673-052a-11e3-9f5b-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0c87834e-3c7e-11e3-991e-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0c878386-3c7e-11e3-991e-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {0e2ab04e-c889-11e3-b675-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {113641cc-194a-11e4-a562-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {15ed514e-a8e8-11e3-b392-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {15ed5184-a8e8-11e3-b392-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {16a480cd-515b-11e3-948b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {1fc9ddce-b74b-11e3-b706-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {1fc9de03-b74b-11e3-b706-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {28ea79f0-6244-11e3-9bd0-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2c63bbce-4632-11e4-aa8d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2c63bc05-4632-11e4-aa8d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {2e165bf5-27f3-11e3-ab70-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {30b49d76-6458-11e4-90bf-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {35f5bf6f-4cd5-11e4-b3e6-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5bb04e-a446-11e3-9f09-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5bb087-a446-11e3-9f09-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5f2283-54df-11e3-bf43-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {3a5f2290-54df-11e3-bf43-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {41c82a6f-681b-11e4-a28d-5404a6747a63} - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4202ecce-9f4e-11e3-8297-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4202ed05-9f4e-11e3-8297-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {429003cf-25fb-11e3-b94a-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {42900404-25fb-11e3-b94a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {42fbfaef-253d-11e4-9020-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43692003-8c03-11e3-a314-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43692010-8c03-11e3-a314-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43b73073-4c54-11e4-9167-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {43b7308c-4c54-11e4-9167-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {482a4e6a-f319-11e2-8c5a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4b996d08-6c0c-11e3-853e-5404a6747a63} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {4ba894a2-8a3b-11e4-8e4d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {56aef4e6-8a3a-11e4-a429-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {56aef4f4-8a3a-11e4-a429-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5854d84f-0529-11e3-99e4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {592b28ce-975d-11e3-ab25-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {592b2905-975d-11e3-ab25-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5c124b21-59b2-11e3-aa19-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5cfdb94f-25ca-11e3-8f71-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {5cfdb991-25ca-11e3-8f71-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {60419b4e-515c-11e3-b82f-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {60419b85-515c-11e3-b82f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {65f19ce5-0e21-11e4-afdc-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {65f19cf4-0e21-11e4-afdc-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a10b54e-a452-11e3-9ac6-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a10b584-a452-11e3-9ac6-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6a629a76-515a-11e3-bf6f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f1c934e-5e68-11e3-a851-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f1c9383-5e68-11e3-a851-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {6f86b18c-2384-11e3-8fc2-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7670f95f-0495-11e3-9ee5-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7aba186f-250f-11e3-90cf-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7f84974e-a153-11e3-b4a0-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {7f849786-a153-11e3-b4a0-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {86074ef6-a39f-11e3-a60d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {88b7c3ed-253b-11e4-9350-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {8c1b2086-80d3-11e4-9ee5-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {8c1b2094-80d3-11e4-9ee5-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {931197fe-2512-11e4-8c08-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9673b64e-eac1-11e3-9a4c-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9673b687-eac1-11e3-9a4c-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {96895a51-d8fd-11e3-bec4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9ea215ce-6243-11e3-bad9-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9f7641ce-519d-11e4-915b-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {9f764207-519d-11e4-915b-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a6747cce-befa-11e3-8dc4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a6747d02-befa-11e3-8dc4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a7d545a2-4be2-11e2-80c4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a7d545b2-4be2-11e2-80c4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {a8e492aa-644a-11e3-97c8-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {aa657ace-253c-11e4-ada3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {ac620bd3-f66f-11e3-afe9-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {acc310ce-d361-11e3-a0c3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {acc31108-d361-11e3-a0c3-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {af41c173-608b-11e4-b043-001e101f2c0e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {baf3d595-4996-11e2-9b15-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {baf3d5a1-4996-11e2-9b15-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {c2e2d075-20f4-11e3-851c-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbb5a34c-c889-11e3-9791-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbb5a36f-c889-11e3-9791-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cbc1cefa-2961-11e4-8a49-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cc6b9cce-59af-11e3-a26d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cc6b9d04-59af-11e3-a26d-5404a6747a63} - G:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {cdc1bccf-64b9-11e3-8f2a-806e6f6e6963} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d881ce4e-7f0b-11e3-9071-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d881ce88-7f0b-11e3-9071-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d9547e65-96ca-11e3-819d-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {d9547e74-96ca-11e3-819d-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {db2c01fe-0bbf-11e3-b868-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dca56f4d-9941-11e3-b33a-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dca56f8a-9941-11e3-b33a-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dcc058ce-a39e-11e3-b207-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c026-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c032-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {dd55c03e-970d-11e3-abb3-001e101f79c9} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e43531ce-f7d6-11e3-b6a4-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e4353202-f7d6-11e3-b6a4-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e54479ce-64a8-11e3-8b50-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e5447a10-64a8-11e3-8b50-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e69c57e5-9720-11e3-8e48-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {e69c57f4-9720-11e3-8e48-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {ee15254e-a152-11e3-8079-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {eefb1ff4-f4bc-11e2-8d42-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {efa25cce-d8fc-11e3-9268-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {f32947f6-5e75-11e3-bb02-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {f7927979-6819-11e4-a033-001e101fb45e} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fbf12f03-d560-11e2-836f-74de2bf06d33} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fbf12f0f-d560-11e2-836f-5404a6747a63} - F:\AutoRun.exe
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\MountPoints2: {fda29065-608a-11e4-9002-74de2bf06d33} - F:\AutoRun.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-558300477-696560046-2245731031-1000 - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKU\S-1-5-21-558300477-696560046-2245731031-1000 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: YouTube Downloader Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> No File
Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
FF Plugin HKU\S-1-5-21-558300477-696560046-2245731031-1000: @acestream.net/acestreamplugin,version=3.0.11 -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-04] (Innovative Digital Technologies)
CHR Extension: (uTorrentControl2) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2014-06-17] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3072253&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
OPR Extension: (AS Magic Player) - C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-06-17]
U3 a9evaaog; C:\Windows\system32\Drivers\a9evaaog.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 GPU-Z; \??\C:\Users\ASUS\AppData\Local\Temp\GPU-Z.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-05-30 07:17 - 2013-08-31 09:25 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\PriceGong
2016-05-30 07:17 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Conduit
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A [112]
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8 [123]
AlternateDataStreams: C:\ProgramData\TEMP:D6255023 [128]
 
C:\Program Files\uTorrentControl2
 
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AceUpdater => value not found.
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AceWebExtensionUpdater => value removed successfully.
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully.
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b5c678-2864-11e3-b920-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{00b5c678-2864-11e3-b920-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b5c698-2864-11e3-b920-001e101f8aaa}" => key removed successfully.
HKCR\CLSID\{00b5c698-2864-11e3-b920-001e101f8aaa} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00eb3970-43af-11e3-8abc-001e101fe70e}" => key removed successfully.
HKCR\CLSID\{00eb3970-43af-11e3-8abc-001e101fe70e} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{014ef0ce-f66f-11e3-9bbf-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{014ef0ce-f66f-11e3-9bbf-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{041e290b-25aa-11e3-a192-001e101f4e71}" => key removed successfully.
HKCR\CLSID\{041e290b-25aa-11e3-a192-001e101f4e71} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04c598fc-04ef-11e3-b19e-001e101f3315}" => key removed successfully.
HKCR\CLSID\{04c598fc-04ef-11e3-b19e-001e101f3315} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06704a4e-a129-11e3-898c-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{06704a4e-a129-11e3-898c-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06704a86-a129-11e3-898c-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{06704a86-a129-11e3-898c-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06ef27cd-a359-11e3-a17e-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{06ef27cd-a359-11e3-a17e-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06ef280c-a359-11e3-a17e-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{06ef280c-a359-11e3-a17e-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b253673-052a-11e3-9f5b-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{0b253673-052a-11e3-9f5b-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c87834e-3c7e-11e3-991e-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{0c87834e-3c7e-11e3-991e-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c878386-3c7e-11e3-991e-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{0c878386-3c7e-11e3-991e-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2ab04e-c889-11e3-b675-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{0e2ab04e-c889-11e3-b675-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{113641cc-194a-11e4-a562-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{113641cc-194a-11e4-a562-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ed514e-a8e8-11e3-b392-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{15ed514e-a8e8-11e3-b392-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ed5184-a8e8-11e3-b392-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{15ed5184-a8e8-11e3-b392-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16a480cd-515b-11e3-948b-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{16a480cd-515b-11e3-948b-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc9ddce-b74b-11e3-b706-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{1fc9ddce-b74b-11e3-b706-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc9de03-b74b-11e3-b706-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{1fc9de03-b74b-11e3-b706-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ea79f0-6244-11e3-9bd0-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{28ea79f0-6244-11e3-9bd0-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c63bbce-4632-11e4-aa8d-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{2c63bbce-4632-11e4-aa8d-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c63bc05-4632-11e4-aa8d-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{2c63bc05-4632-11e4-aa8d-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e165bf5-27f3-11e3-ab70-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{2e165bf5-27f3-11e3-ab70-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30b49d76-6458-11e4-90bf-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{30b49d76-6458-11e4-90bf-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f5bf6f-4cd5-11e4-b3e6-001e101f82a7}" => key removed successfully.
HKCR\CLSID\{35f5bf6f-4cd5-11e4-b3e6-001e101f82a7} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a5bb04e-a446-11e3-9f09-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{3a5bb04e-a446-11e3-9f09-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a5bb087-a446-11e3-9f09-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{3a5bb087-a446-11e3-9f09-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a5f2283-54df-11e3-bf43-001e101f8ed0}" => key removed successfully.
HKCR\CLSID\{3a5f2283-54df-11e3-bf43-001e101f8ed0} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a5f2290-54df-11e3-bf43-001e101f8ed0}" => key removed successfully.
HKCR\CLSID\{3a5f2290-54df-11e3-bf43-001e101f8ed0} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41c82a6f-681b-11e4-a28d-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{41c82a6f-681b-11e4-a28d-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4202ecce-9f4e-11e3-8297-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{4202ecce-9f4e-11e3-8297-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4202ed05-9f4e-11e3-8297-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{4202ed05-9f4e-11e3-8297-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429003cf-25fb-11e3-b94a-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{429003cf-25fb-11e3-b94a-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42900404-25fb-11e3-b94a-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{42900404-25fb-11e3-b94a-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42fbfaef-253d-11e4-9020-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{42fbfaef-253d-11e4-9020-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43692003-8c03-11e3-a314-001e101f82a7}" => key removed successfully.
HKCR\CLSID\{43692003-8c03-11e3-a314-001e101f82a7} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43692010-8c03-11e3-a314-001e101f82a7}" => key removed successfully.
HKCR\CLSID\{43692010-8c03-11e3-a314-001e101f82a7} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43b73073-4c54-11e4-9167-001e101f9843}" => key removed successfully.
HKCR\CLSID\{43b73073-4c54-11e4-9167-001e101f9843} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43b7308c-4c54-11e4-9167-001e101f9843}" => key removed successfully.
HKCR\CLSID\{43b7308c-4c54-11e4-9167-001e101f9843} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{482a4e6a-f319-11e2-8c5a-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{482a4e6a-f319-11e2-8c5a-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b996d08-6c0c-11e3-853e-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{4b996d08-6c0c-11e3-853e-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ba894a2-8a3b-11e4-8e4d-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{4ba894a2-8a3b-11e4-8e4d-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56aef4e6-8a3a-11e4-a429-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{56aef4e6-8a3a-11e4-a429-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56aef4f4-8a3a-11e4-a429-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{56aef4f4-8a3a-11e4-a429-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5854d84f-0529-11e3-99e4-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{5854d84f-0529-11e3-99e4-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{592b28ce-975d-11e3-ab25-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{592b28ce-975d-11e3-ab25-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{592b2905-975d-11e3-ab25-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{592b2905-975d-11e3-ab25-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c124b21-59b2-11e3-aa19-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{5c124b21-59b2-11e3-aa19-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfdb94f-25ca-11e3-8f71-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{5cfdb94f-25ca-11e3-8f71-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfdb991-25ca-11e3-8f71-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{5cfdb991-25ca-11e3-8f71-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60419b4e-515c-11e3-b82f-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{60419b4e-515c-11e3-b82f-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60419b85-515c-11e3-b82f-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{60419b85-515c-11e3-b82f-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f19ce5-0e21-11e4-afdc-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{65f19ce5-0e21-11e4-afdc-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f19cf4-0e21-11e4-afdc-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{65f19cf4-0e21-11e4-afdc-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a10b54e-a452-11e3-9ac6-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{6a10b54e-a452-11e3-9ac6-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a10b584-a452-11e3-9ac6-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{6a10b584-a452-11e3-9ac6-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a629a76-515a-11e3-bf6f-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{6a629a76-515a-11e3-bf6f-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f1c934e-5e68-11e3-a851-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{6f1c934e-5e68-11e3-a851-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f1c9383-5e68-11e3-a851-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{6f1c9383-5e68-11e3-a851-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f86b18c-2384-11e3-8fc2-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{6f86b18c-2384-11e3-8fc2-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7670f95f-0495-11e3-9ee5-001e101f3315}" => key removed successfully.
HKCR\CLSID\{7670f95f-0495-11e3-9ee5-001e101f3315} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aba186f-250f-11e3-90cf-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{7aba186f-250f-11e3-90cf-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f84974e-a153-11e3-b4a0-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{7f84974e-a153-11e3-b4a0-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f849786-a153-11e3-b4a0-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{7f849786-a153-11e3-b4a0-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86074ef6-a39f-11e3-a60d-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{86074ef6-a39f-11e3-a60d-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b7c3ed-253b-11e4-9350-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{88b7c3ed-253b-11e4-9350-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1b2086-80d3-11e4-9ee5-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{8c1b2086-80d3-11e4-9ee5-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1b2094-80d3-11e4-9ee5-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{8c1b2094-80d3-11e4-9ee5-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{931197fe-2512-11e4-8c08-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{931197fe-2512-11e4-8c08-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9673b64e-eac1-11e3-9a4c-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{9673b64e-eac1-11e3-9a4c-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9673b687-eac1-11e3-9a4c-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{9673b687-eac1-11e3-9a4c-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96895a51-d8fd-11e3-bec4-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{96895a51-d8fd-11e3-bec4-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ea215ce-6243-11e3-bad9-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{9ea215ce-6243-11e3-bad9-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7641ce-519d-11e4-915b-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{9f7641ce-519d-11e4-915b-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f764207-519d-11e4-915b-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{9f764207-519d-11e4-915b-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6747cce-befa-11e3-8dc4-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{a6747cce-befa-11e3-8dc4-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6747d02-befa-11e3-8dc4-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{a6747d02-befa-11e3-8dc4-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7d545a2-4be2-11e2-80c4-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{a7d545a2-4be2-11e2-80c4-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7d545b2-4be2-11e2-80c4-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{a7d545b2-4be2-11e2-80c4-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8e492aa-644a-11e3-97c8-001e101f82a0}" => key removed successfully.
HKCR\CLSID\{a8e492aa-644a-11e3-97c8-001e101f82a0} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa657ace-253c-11e4-ada3-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{aa657ace-253c-11e4-ada3-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac620bd3-f66f-11e3-afe9-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{ac620bd3-f66f-11e3-afe9-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acc310ce-d361-11e3-a0c3-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{acc310ce-d361-11e3-a0c3-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acc31108-d361-11e3-a0c3-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{acc31108-d361-11e3-a0c3-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af41c173-608b-11e4-b043-001e101f2c0e}" => key removed successfully.
HKCR\CLSID\{af41c173-608b-11e4-b043-001e101f2c0e} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf3d595-4996-11e2-9b15-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{baf3d595-4996-11e2-9b15-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf3d5a1-4996-11e2-9b15-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{baf3d5a1-4996-11e2-9b15-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2e2d075-20f4-11e3-851c-001e101fe70e}" => key removed successfully.
HKCR\CLSID\{c2e2d075-20f4-11e3-851c-001e101fe70e} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb5a34c-c889-11e3-9791-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{cbb5a34c-c889-11e3-9791-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb5a36f-c889-11e3-9791-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{cbb5a36f-c889-11e3-9791-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbc1cefa-2961-11e4-8a49-001e101f2b52}" => key removed successfully.
HKCR\CLSID\{cbc1cefa-2961-11e4-8a49-001e101f2b52} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc6b9cce-59af-11e3-a26d-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{cc6b9cce-59af-11e3-a26d-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc6b9d04-59af-11e3-a26d-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{cc6b9d04-59af-11e3-a26d-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc1bccf-64b9-11e3-8f2a-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{cdc1bccf-64b9-11e3-8f2a-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d881ce4e-7f0b-11e3-9071-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{d881ce4e-7f0b-11e3-9071-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d881ce88-7f0b-11e3-9071-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{d881ce88-7f0b-11e3-9071-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9547e65-96ca-11e3-819d-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{d9547e65-96ca-11e3-819d-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9547e74-96ca-11e3-819d-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{d9547e74-96ca-11e3-819d-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2c01fe-0bbf-11e3-b868-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{db2c01fe-0bbf-11e3-b868-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca56f4d-9941-11e3-b33a-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{dca56f4d-9941-11e3-b33a-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca56f8a-9941-11e3-b33a-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{dca56f8a-9941-11e3-b33a-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcc058ce-a39e-11e3-b207-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{dcc058ce-a39e-11e3-b207-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd55c026-970d-11e3-abb3-001e101f79c9}" => key removed successfully.
HKCR\CLSID\{dd55c026-970d-11e3-abb3-001e101f79c9} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd55c032-970d-11e3-abb3-001e101f79c9}" => key removed successfully.
HKCR\CLSID\{dd55c032-970d-11e3-abb3-001e101f79c9} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd55c03e-970d-11e3-abb3-001e101f79c9}" => key removed successfully.
HKCR\CLSID\{dd55c03e-970d-11e3-abb3-001e101f79c9} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e43531ce-f7d6-11e3-b6a4-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{e43531ce-f7d6-11e3-b6a4-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4353202-f7d6-11e3-b6a4-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{e4353202-f7d6-11e3-b6a4-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e54479ce-64a8-11e3-8b50-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{e54479ce-64a8-11e3-8b50-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5447a10-64a8-11e3-8b50-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{e5447a10-64a8-11e3-8b50-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e69c57e5-9720-11e3-8e48-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{e69c57e5-9720-11e3-8e48-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e69c57f4-9720-11e3-8e48-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{e69c57f4-9720-11e3-8e48-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee15254e-a152-11e3-8079-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{ee15254e-a152-11e3-8079-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eefb1ff4-f4bc-11e2-8d42-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{eefb1ff4-f4bc-11e2-8d42-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa25cce-d8fc-11e3-9268-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{efa25cce-d8fc-11e3-9268-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f32947f6-5e75-11e3-bb02-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{f32947f6-5e75-11e3-bb02-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7927979-6819-11e4-a033-001e101fb45e}" => key removed successfully.
HKCR\CLSID\{f7927979-6819-11e4-a033-001e101fb45e} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbf12f03-d560-11e2-836f-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{fbf12f03-d560-11e2-836f-74de2bf06d33} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbf12f0f-d560-11e2-836f-5404a6747a63}" => key removed successfully.
HKCR\CLSID\{fbf12f0f-d560-11e2-836f-5404a6747a63} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fda29065-608a-11e4-9002-74de2bf06d33}" => key removed successfully.
HKCR\CLSID\{fda29065-608a-11e4-9002-74de2bf06d33} => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value not found.
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value not found.
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found. 
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} => key not found. 
HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully.
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => key not found. 
HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value not found.
HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value not found.
HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => key not found. 
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => value not found.
HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => key not found. 
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.11 => key not found. 
C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc <==== ATTENTION => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully.
C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx => moved successfully
"HKU\S-1-5-21-558300477-696560046-2245731031-1000\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully.
"C:\Users\ASUS\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx" => not found.
C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim => moved successfully
a9evaaog => service not found.
cpuz135 => service removed successfully.
ewusbnet => service removed successfully.
GPU-Z => service removed successfully.
HSPADataCardusbmdm => service removed successfully.
HSPADataCardusbnmea => service removed successfully.
HSPADataCardusbser => service removed successfully.
hwdatacard => service removed successfully.
hwusbdev => service removed successfully.
massfilter => service removed successfully.
VGPU => service removed successfully.
C:\Users\ASUS\AppData\LocalLow\PriceGong => moved successfully
C:\Users\ASUS\AppData\LocalLow\Conduit => moved successfully
"C:\ProgramData\TEMP" => ":0441DB7A" ADS not found.
"C:\ProgramData\TEMP" => ":2B9555D8" ADS not found.
"C:\ProgramData\TEMP" => ":D6255023" ADS not found.
"C:\Program Files\uTorrentControl2" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:49:20 ====
 
Thanks

  • 0

#7
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi BojanglesWA,
 

I do not have Chrome installed on my computer so I was unable to carry out the removal of plugins and extensions.

 
From the log, it does seem like Chrome is installed on your machine. Could you navigate to C:\Program Files\Google\Chrome\Application and double click on Chrome.exe. If you are able to locate and open Chrome, please follow the instruction as per my previous post. 
 

The "Help" screens no longer appear but now the C drive is being filled with garbage which in turn is slowing down the computer.

 
Glad to hear that, but could you be more specified with regards to C drive being filled with garbage? 
 
Can you run this command for me?


batfile.gif Run Command Prompt
  • Press the WindowsKey.png on your keyboard.
  • In the search box type in cmd and wait until it appears.
  • Right-click on the batfile.gifcmd.exe and select RunAsAdmin.jpg Run as Administrator to start command prompt.
  • Type in the following command: dir c:\ > %userprofile%\Desktop\result.txt and press enter.
  • You will find the a result.txt in your Desktop.
  • Copy and paste that in your next reply.

Am I right in assuming Windows 7 is no longer supported by Microsoft?

 
No, Windows 7 is still being supported by Microsoft. You can read about the product lifecycle from Microsoft website.
 
 

I am not sure If I did things correctly concerning the FRST program.

 
You have done well, now, let's move on to the next set of fixes.
 
 
 


adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
I will be needing a new set of log, so run it again.


FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • Are you able to locate Chrome. If so, are you able to remove those extensions?
  • Result.txt log from command prompt
  • AdwCleaner scan log
  • FRST log
  • FRST Addition log

  • 0

#8
BojanglesWA

BojanglesWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

The problem I had with "garbage" filling my C drive has also stopped.

 

Between your first and last post I did surprisingly (to me) find Chrome installed and promptly un-installed it, so I am still unable to carry out your request.  I will not, in future, un-install or remove anything from the C drive.

 

Following is a problem that I forgot to mention in my previous post. I do not know if it is related to the other problem, I just know that it has only developed since the help screens began opening up. I have Office 2007 installed.  Now, I am unable to load my Word documents and Excel spreadsheets by double clicking them.  I have to load the program (Word or Excel) and open the required document or spreadsheet from within the program itself.  If I dc the doc or spreadsheet it attempts to install Office 10 which I do not have.  A screen opens up, eventually requesting the registration key for Office 10.  I have tried "Open with" and attempted to associate the Excel or Word that I have installed but this has no effect, it still loads the Office 10 setup program.  I have entered a search for office 2010 with no result.  If I do a search for offfice 10, the same office 2010  setup screen appears that opens up when I dc my Word or doc etc

 

Anyway I have run the scans that you requested, they appear below in the order that they were completed.

 

================================================================================================================================================

 

 Volume in drive C has no label.
 Volume Serial Number is 1C9C-04D6
 
 Directory of c:\
 
07/05/12  06:28    <DIR>          AMD
11/06/09  04:42                24 autoexec.bat
11/06/09  04:42                10 config.sys
01/03/14  07:12    <DIR>          Downloads
29/05/16  17:33    <DIR>          Eudora Storage
09/06/16  13:53    <DIR>          FRST
14/10/12  07:21    <DIR>          Mott Stuff
21/08/14  16:23    <DIR>          PerfLogs
09/06/16  13:52    <DIR>          Program Files
26/02/14  13:50    <DIR>          Users
09/06/16  13:52    <DIR>          Windows
               2 File(s)             34 bytes
               9 Dir(s)   8,605,544,448 bytes free
 
===============================================================================================================================================
 
# AdwCleaner v5.119 - Logfile created 11/06/2016 at 06:44:40
# Updated 30/05/2016 by Xplode
# Database : 2016-06-10.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : ASUS - ASUS-PC
# Running from : C:\Users\ASUS\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\Application Data\apn
Folder Found : C:\ProgramData\Application Data\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Public\Documents\iWin
Folder Found : C:\Users\ASUS\AppData\Local\Conduit
Folder Found : C:\Users\ASUS\AppData\Local\PackageAware
Folder Found : C:\Users\ASUS\AppData\LocalLow\.acestream
Folder Found : C:\Users\ASUS\AppData\Roaming\.acestream
Folder Found : C:\Users\ASUS\AppData\Roaming\acestream
Folder Found : C:\Users\ASUS\AppData\Roaming\AceWebExtension
Folder Found : C:\Users\ASUS\AppData\Local\Chromium\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
 
***** [ Files ] *****
 
File Found : C:\Users\ASUS\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pacgpkgadgmibnhpdidcnfafllnmeomc_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKCU\Software\Classes\acestream
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Classes\acestream
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\onekit
Key Found : HKCU\Software\TornTv Downloader
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\1ClickDownload
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Conduit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\onekit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\TornTv Downloader
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\PriceGong
Key Found : HKU\S-1-5-18\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7605CA87-5F99-44CE-AB61-95EB8E12702D}
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7605CA87-5F99-44CE-AB61-95EB8E12702D}
 
***** [ Web browsers ] *****
 
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [7232 bytes] - [11/06/2016 06:44:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7305 bytes] ##########
 
===============================================================================================================================================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-06-2016
Ran by ASUS (administrator) on ASUS-PC (11-06-2016 07:01:12)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files\Opera\38.0.2220.29\opera.exe
(Opera Software) C:\Program Files\Opera\38.0.2220.29\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\38.0.2220.29\opera.exe
(Opera Software) C:\Program Files\Opera\38.0.2220.29\opera.exe
(Opera Software) C:\Program Files\Opera\38.0.2220.29\opera.exe
(Opera Software) C:\Program Files\Opera\38.0.2220.29\opera.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [829280 2012-05-23] (AppEx Networks Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-10] (Qualcomm Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A6970E0-0856-4DEE-A1D5-3C633A26A53E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6D1B9051-2004-4011-B1E7-B808F56FC03C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A30F1158-07FB-487C-B653-A992B13B10E9}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A755F62C-B4EB-4810-8718-9F6B99F71AD8}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\S-1-5-21-558300477-696560046-2245731031-1000 -> {7605CA87-5F99-44CE-AB61-95EB8E12702D} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-05-17] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin HKU\S-1-5-21-558300477-696560046-2245731031-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/sport/0/football/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-30]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.bbc.com/sport/0/football/"
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-08-07] (Advanced Micro Devices, Inc.) [File not signed]
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S4 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [156512 2012-06-23] (AppEx Networks Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-08-03] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-08-03] (Raxco Software, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-08-23] (Duplex Secure Ltd.)
U3 aspz5ub9; C:\Windows\system32\Drivers\aspz5ub9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 06:49 - 2016-06-11 06:49 - 00007384 _____ C:\Users\ASUS\Desktop\AdwCleaner[S1].txt
2016-06-11 06:43 - 2016-06-11 06:44 - 00000000 ____D C:\AdwCleaner
2016-06-11 06:42 - 2016-06-11 06:42 - 03677248 _____ C:\Users\ASUS\Desktop\AdwCleaner.exe
2016-06-11 06:39 - 2016-06-11 06:39 - 00000683 _____ C:\Users\ASUS\Desktop\result.txt
2016-06-09 18:12 - 2016-06-10 17:57 - 00181173 _____ C:\Users\ASUS\Desktop\Colfinance Shares.xlsx
2016-06-09 13:53 - 2016-06-09 13:53 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-06-09 13:45 - 2016-06-11 07:01 - 00000000 ____D C:\FRST
2016-06-09 13:45 - 2016-06-11 06:50 - 00000000 ____D C:\Users\ASUS\Desktop\FRST-OlderVersion
2016-06-07 07:10 - 2016-06-07 07:33 - 00000000 ____D C:\Windows\system32\MRT
2016-06-07 05:55 - 2016-06-07 05:55 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-07 05:08 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-06-07 05:06 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-06-07 05:03 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-06-07 05:01 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-06-06 10:54 - 2016-04-23 23:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-06 10:54 - 2016-04-23 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-06 10:54 - 2016-04-23 11:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-06 10:54 - 2016-04-23 11:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-06 10:54 - 2016-04-23 11:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-06 10:54 - 2016-04-23 11:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-06 10:54 - 2016-04-23 11:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-06 10:54 - 2016-04-23 10:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-06 10:54 - 2016-04-23 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-06 10:54 - 2016-04-23 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-06 10:54 - 2016-04-23 10:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-06 10:54 - 2016-04-23 10:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-06 10:54 - 2016-04-23 10:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-06 10:54 - 2016-04-23 10:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-06 10:54 - 2016-04-23 10:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-06 10:54 - 2016-04-23 10:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-06 10:54 - 2016-04-23 10:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-06 10:54 - 2016-04-23 10:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-06 10:54 - 2016-04-23 10:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-06 10:54 - 2016-04-23 10:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-06 10:54 - 2016-04-23 10:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-06 10:54 - 2016-04-23 10:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-06 10:54 - 2016-04-23 10:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-06 10:54 - 2016-04-23 10:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-06 10:54 - 2016-04-23 10:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-06 10:53 - 2016-04-23 11:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-06 10:53 - 2016-04-23 11:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-06 10:53 - 2016-04-23 11:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-06 10:53 - 2016-04-23 11:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-06 10:53 - 2016-04-23 11:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-06 10:53 - 2016-04-23 10:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-06 10:53 - 2016-04-23 10:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-06 10:53 - 2016-04-23 10:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-06 10:53 - 2016-04-23 10:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-06 10:53 - 2016-04-23 10:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-06 10:48 - 2015-11-11 01:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-06-06 10:48 - 2015-11-11 01:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-06-06 10:48 - 2015-11-11 01:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-06-06 10:46 - 2016-04-14 20:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-06-06 10:46 - 2016-04-09 11:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-06-06 10:35 - 2015-07-31 00:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-06 10:17 - 2013-11-26 15:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-06-06 09:58 - 2015-12-09 04:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-06-06 08:53 - 2015-02-04 09:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-06-05 09:56 - 2016-06-05 09:56 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-06-05 09:56 - 2016-06-05 09:56 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-06-05 08:42 - 2016-06-05 08:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-06-05 08:42 - 2016-06-05 08:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-06-05 08:42 - 2016-06-05 08:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-06-05 08:42 - 2016-06-05 08:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-06-05 08:42 - 2016-06-05 08:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-06-05 08:42 - 2016-06-05 08:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-06-05 08:42 - 2016-06-05 08:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-06-05 08:42 - 2016-06-05 08:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-06-05 08:42 - 2016-06-05 08:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-06-05 08:40 - 2016-06-05 08:40 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-06-05 08:39 - 2016-06-05 08:39 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-05 08:39 - 2016-06-05 08:39 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2016-06-05 08:35 - 2016-06-05 08:35 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-06-05 08:35 - 2016-06-05 08:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-06-05 08:31 - 2016-06-05 08:31 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-06-05 08:22 - 2015-07-30 20:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-05 08:04 - 2016-06-05 08:04 - 00000000 ____D C:\Program Files\MSXML 4.0
2016-06-04 11:25 - 2015-07-16 00:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-06-04 11:25 - 2015-07-16 00:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-06-04 11:25 - 2015-07-16 00:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-06-04 11:24 - 2013-04-12 20:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-06-04 11:22 - 2016-04-09 13:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-04 11:22 - 2016-02-04 00:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-06-04 11:22 - 2015-07-11 00:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-06-04 11:22 - 2015-07-11 00:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-06-04 11:22 - 2015-07-11 00:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2016-06-04 11:22 - 2013-07-03 10:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-06-04 11:22 - 2013-07-03 10:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-06-04 11:22 - 2013-02-12 10:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2016-06-04 11:22 - 2013-02-12 10:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2016-06-04 11:22 - 2012-07-05 02:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2016-06-04 11:20 - 2016-04-09 12:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-04 11:20 - 2016-03-18 05:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-06-04 11:20 - 2016-03-18 05:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-04 11:20 - 2016-03-18 05:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-06-04 11:20 - 2016-03-18 05:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 05:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 04:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-06-04 11:20 - 2016-03-18 04:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 04:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 04:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-04 11:20 - 2016-03-18 04:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-04 11:20 - 2016-02-09 16:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-06-04 11:20 - 2016-02-05 01:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-06-04 11:20 - 2016-01-07 01:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-06-04 11:20 - 2015-11-12 01:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-06-04 11:20 - 2015-11-12 01:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-06-04 11:20 - 2015-08-06 00:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-06-04 11:20 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-06-04 11:20 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-06-04 11:20 - 2015-07-02 03:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-06-04 11:20 - 2015-07-02 03:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-06-04 11:20 - 2015-06-12 00:57 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-06-04 11:20 - 2015-06-12 00:15 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-06-04 11:20 - 2015-06-12 00:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-06-04 11:20 - 2012-11-02 12:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2016-06-04 11:19 - 2016-04-06 17:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-06-04 11:19 - 2016-02-13 01:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-04 11:19 - 2016-02-13 01:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-04 11:19 - 2016-02-13 01:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-06-04 11:19 - 2016-02-13 01:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-04 11:19 - 2016-02-13 01:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-04 11:19 - 2016-02-13 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-04 11:19 - 2016-02-13 01:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-04 11:19 - 2016-02-13 01:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-04 11:19 - 2016-02-13 01:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-04 11:19 - 2016-02-13 01:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-04 11:19 - 2016-02-13 01:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-06-04 11:19 - 2014-11-11 09:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-06-04 11:19 - 2013-10-19 08:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2016-06-04 11:18 - 2015-06-16 04:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-04 11:18 - 2015-06-16 04:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-04 11:18 - 2015-06-16 04:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-04 11:18 - 2015-06-16 04:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-04 11:18 - 2015-06-16 04:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-04 11:18 - 2015-06-16 04:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-04 11:18 - 2015-06-16 04:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2016-06-04 11:16 - 2014-03-04 16:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2016-06-04 11:16 - 2013-10-12 09:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-06-04 11:16 - 2013-10-12 09:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2016-06-04 11:16 - 2013-10-12 08:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2016-06-04 11:16 - 2013-10-12 08:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2016-06-04 11:15 - 2014-08-12 08:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-06-04 11:14 - 2016-02-04 01:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-06-04 11:14 - 2016-02-04 01:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-06-04 11:14 - 2016-02-04 01:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-06-04 11:08 - 2015-10-13 23:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-06-04 11:08 - 2015-10-13 23:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-06-04 11:07 - 2014-09-04 12:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-06-04 11:06 - 2016-04-09 13:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-04 11:06 - 2016-01-08 00:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-06-04 11:06 - 2015-11-04 01:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-06-04 11:06 - 2015-10-13 11:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-06-04 11:06 - 2015-03-04 11:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-06-04 11:06 - 2015-03-04 11:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-06-04 11:06 - 2013-05-13 10:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-06-04 11:06 - 2013-05-13 10:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-06-04 11:06 - 2013-04-26 11:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-06-04 11:05 - 2016-03-16 06:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-06-04 11:05 - 2016-03-16 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-06-04 11:05 - 2015-01-17 09:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-06-04 11:04 - 2016-01-22 13:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-06-04 11:04 - 2016-01-22 13:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-06-04 11:04 - 2015-08-07 00:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-04 11:04 - 2015-08-07 00:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-04 11:04 - 2014-06-18 08:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2016-06-04 11:04 - 2012-07-05 04:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-06-04 11:04 - 2012-07-05 04:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-06-04 11:04 - 2012-07-05 04:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-06-04 11:04 - 2012-06-06 12:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2016-06-04 11:03 - 2016-01-22 13:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-06-04 11:03 - 2016-01-22 13:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-06-04 11:03 - 2015-04-18 09:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-04 11:02 - 2015-11-04 01:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-06-04 11:02 - 2015-04-13 10:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-06-04 11:01 - 2015-12-09 04:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-06-04 11:01 - 2014-04-05 09:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-06-04 11:01 - 2014-04-05 09:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-06-04 11:01 - 2013-11-26 18:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-06-04 11:00 - 2014-06-19 05:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-06-04 11:00 - 2014-06-19 05:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2016-06-04 11:00 - 2014-06-19 05:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2016-06-04 10:59 - 2016-03-07 01:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-06-04 10:59 - 2016-03-07 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-06-04 10:59 - 2016-02-06 01:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-04 10:59 - 2016-02-06 01:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-04 10:59 - 2016-02-06 01:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-04 10:59 - 2016-02-06 00:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-04 10:59 - 2016-02-06 00:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-04 10:59 - 2015-11-06 02:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-06-04 10:59 - 2015-11-05 16:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-06-04 10:59 - 2015-02-03 10:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-06-04 10:59 - 2014-12-19 09:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-06-04 10:59 - 2014-12-12 00:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-06-04 10:59 - 2014-10-25 08:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2016-06-04 10:59 - 2013-10-12 09:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-06-04 10:59 - 2013-10-12 09:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-06-04 10:59 - 2013-07-26 08:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2016-06-04 10:59 - 2012-09-26 05:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2016-06-04 10:58 - 2015-11-14 05:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-06-04 10:58 - 2015-11-14 05:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-06-04 10:58 - 2015-11-14 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-06-04 10:58 - 2015-02-18 14:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-06-04 10:58 - 2014-07-17 08:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2016-06-04 10:58 - 2014-07-17 08:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-06-04 10:58 - 2014-07-17 08:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-06-04 10:58 - 2014-07-17 08:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2016-06-04 10:58 - 2014-07-17 08:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2016-06-04 10:58 - 2014-07-17 08:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-06-04 10:58 - 2013-10-12 09:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-06-04 10:58 - 2012-05-14 11:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-06-04 10:58 - 2012-04-26 11:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2016-06-04 10:58 - 2012-04-26 11:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2016-06-04 10:57 - 2016-04-09 13:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-06-04 10:57 - 2016-04-09 13:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-04 10:57 - 2016-04-09 13:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-04 10:57 - 2016-04-09 13:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-04 10:57 - 2016-04-09 13:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-04 10:57 - 2016-04-09 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-06-04 10:57 - 2016-04-09 12:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-06-04 10:57 - 2016-04-09 12:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-06-04 10:57 - 2016-04-09 12:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-04 10:57 - 2016-04-09 12:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-06-04 10:57 - 2016-04-09 12:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-06-04 10:57 - 2016-04-09 12:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-06-04 10:57 - 2016-04-09 12:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-04 10:57 - 2016-04-09 12:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-04 10:57 - 2016-04-09 12:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-04 10:57 - 2016-04-09 12:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-06-04 10:57 - 2016-04-09 12:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-04 10:57 - 2016-04-09 12:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-04 10:57 - 2016-04-09 12:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-04 10:57 - 2016-03-24 05:42 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-06-04 10:57 - 2016-03-24 05:39 - 00534816 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-06-04 10:57 - 2016-03-24 05:39 - 00470704 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-06-04 10:57 - 2016-03-24 05:39 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-04 10:57 - 2016-03-24 05:39 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-04 10:56 - 2015-07-15 09:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-06-04 10:55 - 2015-12-09 04:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-06-04 10:55 - 2015-12-09 04:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-06-04 10:55 - 2015-12-09 04:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-06-04 10:55 - 2015-12-09 04:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-06-04 10:55 - 2015-12-09 04:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-06-04 10:55 - 2015-12-09 04:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-06-04 10:55 - 2015-12-09 04:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-06-04 10:55 - 2015-12-09 04:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-06-04 10:55 - 2015-12-09 04:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-06-04 10:55 - 2015-12-09 04:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-06-04 10:55 - 2015-12-09 04:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-06-04 10:55 - 2015-12-09 04:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-06-04 10:55 - 2015-12-09 04:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-06-04 10:55 - 2015-06-02 06:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-06-04 10:55 - 2015-02-25 10:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-06-04 10:55 - 2014-12-06 10:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-06-04 10:55 - 2014-01-29 09:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-06-04 10:55 - 2013-07-12 17:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2016-06-04 10:55 - 2013-07-12 17:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2016-06-04 10:55 - 2013-06-26 05:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-06-04 10:55 - 2012-11-29 05:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-06-04 10:55 - 2012-11-29 05:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-06-04 10:55 - 2012-11-29 05:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-06-04 10:55 - 2012-10-03 23:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2016-06-04 10:55 - 2012-10-03 23:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2016-06-04 10:54 - 2016-04-09 13:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-04 10:54 - 2016-04-09 13:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-06-04 10:54 - 2016-04-09 13:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-04 10:54 - 2016-02-09 16:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-06-04 10:54 - 2016-02-09 16:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-06-04 10:54 - 2016-02-09 16:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-06-04 10:54 - 2016-02-09 16:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-06-04 10:54 - 2016-02-09 16:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-06-04 10:54 - 2015-07-15 09:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-06-04 10:54 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-06-04 10:54 - 2015-02-03 10:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-06-04 10:54 - 2015-02-03 10:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-06-04 10:53 - 2015-02-03 10:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-06-04 10:53 - 2015-02-03 10:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-06-04 10:53 - 2015-02-03 10:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-06-04 10:53 - 2015-02-03 10:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-06-04 10:53 - 2015-02-03 10:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-06-04 10:53 - 2015-02-03 10:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-06-04 10:51 - 2014-12-08 09:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-06-04 10:50 - 2015-04-25 00:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-06-04 10:50 - 2014-10-14 08:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-06-04 09:55 - 2016-06-11 07:01 - 00010766 _____ C:\Users\ASUS\Desktop\FRST.txt
2016-06-04 09:54 - 2016-06-11 06:50 - 01735680 _____ (Farbar) C:\Users\ASUS\Desktop\FRST.exe
2016-06-04 06:11 - 2016-06-04 06:11 - 00000000 __SHD C:\found.000
2016-06-03 13:49 - 2016-06-03 13:49 - 00002154 _____ C:\Windows\epplauncher.mif
2016-06-03 13:48 - 2016-06-03 13:48 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-03 13:48 - 2016-06-03 13:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-01 05:48 - 2016-06-01 11:02 - 00516832 _____ C:\Windows\ntbtlog.txt
2016-05-30 07:32 - 2016-06-10 21:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-30 07:32 - 2016-06-05 07:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-30 07:32 - 2016-05-30 07:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-30 07:32 - 2016-05-30 07:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-30 07:17 - 2016-06-09 18:18 - 00000000 ____D C:\Program Files\Google
2016-05-29 05:16 - 2016-05-29 05:16 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-28 16:58 - 2016-05-28 16:58 - 00000000 ____D C:\Users\ASUS\Tracing
2016-05-28 16:57 - 2016-05-28 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-28 16:57 - 2016-05-28 16:57 - 00000000 ____D C:\Program Files\Common Files\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 06:40 - 2009-07-14 11:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-11 06:40 - 2009-07-14 11:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-11 06:38 - 2010-11-21 04:01 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-11 06:38 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2016-06-11 06:32 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-10 19:36 - 2012-09-24 00:31 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000UA.job
2016-06-10 10:36 - 2012-09-24 00:31 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000Core.job
2016-06-09 23:46 - 2014-11-29 07:26 - 00000000 ____D C:\Program Files\Opera
2016-06-09 18:12 - 2015-02-17 17:37 - 00000000 ____D C:\Users\ASUS\Desktop\Col Finance
2016-06-09 13:52 - 2012-07-23 06:35 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-06-09 13:52 - 2012-07-23 06:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-09 13:47 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Temp
2016-06-09 13:46 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\Local\CRE
2016-06-09 07:51 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\Local\Conduit
2016-06-09 07:50 - 2012-07-23 06:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-09 07:46 - 2015-03-10 01:51 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\.ACEStream
2016-06-09 07:46 - 2015-03-10 01:49 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\ACEStream
2016-06-09 07:17 - 2012-05-07 06:25 - 00000000 ___RD C:\Users\ASUS
2016-06-08 21:49 - 2009-07-14 09:04 - 00000478 _____ C:\Windows\win.ini
2016-06-08 15:26 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
2016-06-08 13:02 - 2012-10-21 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-07 08:47 - 2012-05-07 06:38 - 00111520 _____ C:\Users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-07 08:44 - 2009-07-14 11:33 - 00433856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-07 08:36 - 2010-11-21 07:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-07 08:36 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-07 07:10 - 2012-05-12 02:06 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-07 06:28 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-06-07 06:22 - 2012-10-21 20:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-07 04:31 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-06 06:08 - 2012-08-23 21:49 - 00000000 ____D C:\Program Files\DAEMON Tools Pro
2016-06-05 10:26 - 2009-07-14 11:52 - 00000000 ____D C:\Program Files\Windows Defender
2016-06-05 10:01 - 2012-10-21 20:21 - 00000000 ____D C:\Program Files\Microsoft Works
2016-06-04 22:47 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\Dism
2016-05-30 07:32 - 2014-02-27 03:43 - 00000000 ____D C:\Users\ASUS\AppData\Local\Adobe
2016-05-29 17:33 - 2012-10-24 01:19 - 00000000 ____D C:\Eudora Storage
2016-05-29 15:16 - 2012-05-12 09:43 - 00000000 ___RD C:\Program Files\Skype
2016-05-28 17:00 - 2012-05-12 09:44 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
2016-05-28 16:57 - 2012-05-12 09:43 - 00000000 ____D C:\ProgramData\Skype
2016-05-28 16:56 - 2014-08-04 12:37 - 00000000 ____D C:\Users\ASUS\AppData\Local\Skype
2016-05-27 18:44 - 2015-04-28 15:24 - 00000000 ____D C:\Users\ASUS\AppData\Local\Sid Meier's Starships
2016-05-27 18:44 - 2012-10-19 21:06 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2016-05-27 18:24 - 2012-12-07 08:42 - 00000000 ____D C:\Users\ASUS\AppData\Local\ElevatedDiagnostics
2016-05-24 16:15 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2012-05-08 09:14 - 2012-10-26 09:29 - 0084480 _____ () C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 16:44 - 2014-02-27 16:44 - 0000000 ___SH () C:\Users\ASUS\AppData\Local\LumaEmu
2014-08-21 16:20 - 2015-05-10 05:34 - 0007606 _____ () C:\Users\ASUS\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-08 12:10
 
==================== End of FRST.txt ============================
 
===============================================================================================================================================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-06-2016
Ran by ASUS (2016-06-11 07:02:18)
Running from C:\Users\ASUS\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-05-06 23:25:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-558300477-696560046-2245731031-500 - Administrator - Disabled)
ASUS (S-1-5-21-558300477-696560046-2245731031-1000 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-558300477-696560046-2245731031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-558300477-696560046-2245731031-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BF9D2E61-64C4-64EA-6AF7-29EB5A110C26}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
Bonus Content - Better Homes and Gardens® Fabrics (HKLM\...\{D2F30ACB-8DA1-11ED-34E4-2C7BE568D0E3}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Bradbury® Wallpaper (HKLM\...\{FBF29764-A6E8-8082-3ED0-E767CF26A99D}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Eldorado Stone (HKLM\...\{F9E7E2BF-10F7-7D31-9526-136365321015}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Event Planning (HKLM\...\{9D0D342B-211E-E5F2-C161-BC504E3499D2}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Exterior Fireplaces (HKLM\...\{B0D9C297-2389-9F62-3A20-66864463FBD0}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Kitchen Accessories (HKLM\...\{F928923A-C355-5FF7-0EAE-C631F39EF90E}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Kitchen Appliances (HKLM\...\{65F12BCC-5B8A-A9C3-A1FB-F59CD2033321}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Landscape Statuary (HKLM\...\{742E294C-A323-3EB5-A76C-19D1806799EB}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Landscaping Tools (HKLM\...\{68825CF8-75DA-A51C-854F-CE3BC91CD3F2}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Mohawk® (HKLM\...\{37CA3B93-D5C3-3225-E238-C7356BD0B834}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Patio Furniture (HKLM\...\{B6AC6BEE-6D2A-AF5D-B44F-DDA7B369203D}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Pools (HKLM\...\{AAF5C2E6-80D6-6846-0A4D-9A1D77AB7B97}) (Version: 0.0.0.0 - Chief Architect Inc)
Bonus Content - Rec-Room Items (HKLM\...\{6849D65C-1FA1-1C54-3BB7-D6AE84E034F6}) (Version: 0.0.0.0 - Chief Architect Inc)
calibre (HKLM\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Caribbean (HKLM\...\Caribbean_is1) (Version:  - )
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Eudora (HKLM\...\{5BD8AA37-E312-4EB0-8F0C-C5FE7A273ADA}) (Version: 7.0 - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Family Tree Maker 2011 (HKLM\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (Version: 20.0.368 - Ancestry.com) Hidden
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.3.1.218 - Foxit Corporation)
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mount&Blade With Fire and Sword (HKLM\...\Mount&Blade With Fire and Sword) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 38.0.2220.29 (HKLM\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime (HKLM\...\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}) (Version: 7.1 - Apple Computer, Inc.)
QuickTime (Version: 7.1 - Apple Computer, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Wasteland 2 (HKLM\...\1207665783_is1) (Version: 2.4.0.18 - GOG.com)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YTD YouTube Downloader & Converter 3.6 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
Zuma's Revenge (HKLM\...\Zuma's Revenge) (Version:  - islandGirl)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-558300477-696560046-2245731031-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09C21DD1-A01E-43E5-B4FB-13F3BFCB844D} - System32\Tasks\Opera scheduled Autoupdate 1417221472 => C:\Program Files\Opera\launcher.exe [2016-06-07] (Opera Software)
Task: {34F26152-3454-436F-9130-6F79BBD4DDA1} - System32\Tasks\{9F978C64-5F3D-4B60-A9D4-350B413F461C} => pcalua.exe -a "C:\Program Files\Smart Bro\uninst.exe"
Task: {3C9D0BF4-2DDC-46BF-870D-2A604DCFBF52} - System32\Tasks\{E0FAF554-60D5-4462-8016-DB615F6F3090} => pcalua.exe -a "D:\Games\Armed Assault QG 108 Revansh\wmfdist_xp64.exe" -d "D:\Games\Armed Assault QG 108 Revansh"
Task: {45874A7D-D065-44E2-82FD-F0AB870CE8DF} - System32\Tasks\{09DD72D6-890D-4DAF-8C33-11F68D6994BE} => C:\Program Files\Vacation Quest 2 Australia Full\VacationQuestAustralia.exe
Task: {5C236FE5-23DC-4DBD-861C-95502AE4A169} - System32\Tasks\{A4435656-43A1-4E09-A01E-4CB368B9ED6A} => pcalua.exe -a H:\setup.exe -d H:\
Task: {6EAC7F7A-C79E-49ED-BDD5-5179E535E76C} - System32\Tasks\{34A1EB8E-E960-4509-8D98-FE5C7E0EB95E} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {78938F2C-F85F-4D18-8A17-8AC9802636CA} - System32\Tasks\{508230A9-31A8-4D7D-BFDE-6E8BCB0769B5} => C:\Program Files\Family Tree Maker 2011\FTM.exe
Task: {7B3E194B-067B-4FA8-BF39-3AA9ED3DB660} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000Core => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.)
Task: {7F329F5E-9CFA-413D-999D-4ED54D5AC6A9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8052578E-B3ED-493E-8A9C-B5EC74141BE8} - System32\Tasks\{1470EA81-4A9E-4CCB-864D-09A010316710} => pcalua.exe -a "C:\Users\ASUS\Downloads\ARMA\Armed Assault QG 108 Revansh.exe" -d C:\Users\ASUS\Downloads\ARMA
Task: {80B9291C-B2D9-49A8-8250-BAE4E24DE161} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic\iologovernor.exe [2014-04-30] (iolo technologies, LLC)
Task: {8D2D9FEE-3B48-4AA3-8476-FA3B5729F3FA} - System32\Tasks\{E4A51B5C-57AE-4F85-A360-76737913B1BF} => pcalua.exe -a "D:\Games\ZZ_Storage\Sport\ifa manager 14\Redist\VCRedist\vcredist_x86.exe" -d "D:\Games\ZZ_Storage\Sport\ifa manager 14"
Task: {8EC8577D-60FE-4A6C-80D7-031B5A2BACD9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000UA => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.)
Task: {B7D1938A-15FF-4448-8865-A71730933655} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {C004A64A-C29F-467D-8A0C-B223329815CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-30] (Adobe Systems Incorporated)
Task: {D7FC9CB3-A999-4A93-BA08-9D57AE28E7C2} - System32\Tasks\{1256E85A-642A-4D6D-A189-342226ED8C15} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Task: {E7D084C6-6454-4A28-B5C9-822A42445700} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-30] (Adobe Systems Incorporated)
Task: {E8CC58B6-08AD-460C-95BA-69ADD1435860} - System32\Tasks\{0F0D6D35-A39D-45D6-A989-1532B6E9FF90} => pcalua.exe -a "C:\Program Files\ProtectDisc Driver Installer\uninstall_v10.exe"
Task: {FFED9814-2541-4E1C-9865-5392DC920DF4} - System32\Tasks\{314CBA95-CCCE-42E5-BCF0-E4AE3B769228} => D:\Games\Rail Nation\RailNation.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000Core.job => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558300477-696560046-2245731031-1000UA.job => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-05-07 06:27 - 2008-07-24 09:19 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2016-06-09 23:46 - 2016-06-07 12:41 - 67942952 _____ () C:\Program Files\Opera\38.0.2220.29\opera.dll
2016-06-09 23:46 - 2016-06-07 12:41 - 02203176 _____ () C:\Program Files\Opera\38.0.2220.29\libglesv2.dll
2016-06-09 23:46 - 2016-06-07 12:41 - 00087080 _____ () C:\Program Files\Opera\38.0.2220.29\libegl.dll
2012-08-23 22:00 - 2012-08-23 22:28 - 00109568 _____ () C:\Program Files\DAEMON Tools Pro\BRD.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7761 more sites.
 
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-558300477-696560046-2245731031-1000\...\123simsen.com -> www.123simsen.com
 
There are 7767 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:04 - 2016-06-09 13:46 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-558300477-696560046-2245731031-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CDEF3E8A-54C4-4D2D-89EC-59905A3AFCF7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7C2D49A0-9381-4CD2-BA22-2DD7A14AFB37}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{C9629475-F62A-41A3-8D11-8C3A4F0DF81E}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{B413855B-B673-496B-86F3-85714764F12B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E472B956-7C55-4E42-874A-77346067182D}] => (Block) %ProgramFiles%\Iceberg Interactive\goodlife\TGL.exe
FirewallRules: [TCP Query User{7906CA4D-814F-45D6-AB36-17F966B62F31}D:\games\arma ii combined operation\arma ii combined operations\arma2.exe] => (Block) D:\games\arma ii combined operation\arma ii combined operations\arma2.exe
FirewallRules: [UDP Query User{ABAFF686-10E7-4024-A76A-C51B5FF6E28E}D:\games\arma ii combined operation\arma ii combined operations\arma2.exe] => (Block) D:\games\arma ii combined operation\arma ii combined operations\arma2.exe
FirewallRules: [{1B928952-1C05-4938-B0F0-03B105D2AC94}] => (Allow) D:\Games\Supreme Ruler 2020 Gold\SupremeRuler2020GC.exe
FirewallRules: [{1B43D979-FDE4-4643-92AA-C44D54ADEABC}] => (Allow) D:\Games\Supreme Ruler 2020 Gold\SupremeRuler2020GC.exe
FirewallRules: [TCP Query User{BE145DE1-DE9A-4FE2-95D8-0B59FE92BE19}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{86584C0A-959B-40DB-AE61-659435FA217D}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{2C8DCD64-F4EC-4D6D-A637-7D320EB2904E}] => (Allow) D:\Games\FM13\FIFA Manager 13\Manager13.exe
FirewallRules: [{BC1C4CD8-D2F4-4C46-B967-C71061C5A756}] => (Allow) D:\Games\FM13\FIFA Manager 13\Manager13.exe
FirewallRules: [{56EBAF9C-5F61-4292-8E9D-BD7065DB1A01}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CF3E8EC-91A3-43D2-863A-06B978EC6AA0}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F7F98353-E1FE-4D76-ACB7-60120003BDCA}D:\games\shadowrun returns\shadowrun.exe] => (Block) D:\games\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{CB7FC062-871E-4DA1-97A9-103B8C6EF538}D:\games\shadowrun returns\shadowrun.exe] => (Block) D:\games\shadowrun returns\shadowrun.exe
FirewallRules: [{CE26B391-CCE0-4029-AB97-CC305546E230}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4F4B0E3-2CD9-40B6-B088-0A4CB566E51B}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC8A4162-FEAD-4FCD-8C11-8BB22BF545FB}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\PCM.exe
FirewallRules: [{1D26D032-C550-4C9E-BCE4-19C446AE0ACE}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\PCM.exe
FirewallRules: [{A676A126-626B-4C2A-BDA6-935586396895}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\Autorun\Exe\Autorun.exe
FirewallRules: [{907EFC3B-1B32-4D17-896E-70B8A04577A6}] => (Allow) D:\Games\Pro Cycling Manager - Season 2014\Autorun\Exe\Autorun.exe
FirewallRules: [TCP Query User{7B58C1A8-9D46-44B8-ABFC-10BC09492402}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Allow) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [UDP Query User{74E8B457-E59A-434F-A5DA-007B0974388C}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Allow) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [TCP Query User{95622287-E958-4D57-9580-B3088ED06AC2}D:\games\saints row iv - game of the century edition\saintsrowiv.exe] => (Block) D:\games\saints row iv - game of the century edition\saintsrowiv.exe
FirewallRules: [UDP Query User{7D39B5C6-7970-4C6A-8001-E1BCC9A31589}D:\games\saints row iv - game of the century edition\saintsrowiv.exe] => (Block) D:\games\saints row iv - game of the century edition\saintsrowiv.exe
FirewallRules: [{14C0F1AB-390B-42F6-95F2-5F9EF78CC291}] => (Allow) C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{26290BE1-FCC3-46DA-A66B-7152DFA3A00C}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{6DB9C866-2B47-4ECD-8BF3-A75E2FF93445}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{3F30A9EC-A9ED-403F-A3FA-BC423756B85F}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{91C82AC4-6DCC-4AC6-ABA0-F99B453ABF9C}] => (Allow) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{D5EB781F-C717-4DC2-9363-C97CDC5C12AA}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{5F957C55-D9F1-4F37-916A-8C03D3CC2B5E}] => (Block) C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [TCP Query User{72CDFEDD-98E2-4E1C-943F-2285DBEE3415}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Block) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [UDP Query User{8A37A65F-280B-4A14-89C3-5451DC6451F6}D:\games\ghostship aftermath\binaries\win32\udk.exe] => (Block) D:\games\ghostship aftermath\binaries\win32\udk.exe
FirewallRules: [{B37DA6EA-57BA-4EDF-A8C2-1D06ECFC9556}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8773C331-36E0-495A-BF9E-51296DB9076A}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9ADD9AA6-3955-4318-A166-BCA9E75801EB}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{86D1FE45-EDC3-4250-A83E-A50A88E691A4}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{B3C52251-BD63-4F7A-A267-17314ADD8968}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{CB9067EA-64DA-4860-8776-4F9F5BFD22BD}] => (Allow) C:\Program Files\Opera\launcher.exe
FirewallRules: [{4FCFE9B5-F7C8-459F-B1EB-A2CDF4A1E800}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [{C8DB39D7-3603-4D5E-AF3C-9A90B474BBF7}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [{BBED1091-32F7-45A3-B44F-052EC422D8A4}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [{BAC74DB0-7B7A-40BA-96FD-D349D7E2DDF0}] => (Allow) C:\Program Files\Qualcomm\Eudora\Eudora.exe
FirewallRules: [TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{69A37E6E-4341-437B-AA43-4813ABCC8E73}D:\games\republique remastered\republique.exe] => (Block) D:\games\republique remastered\republique.exe
FirewallRules: [UDP Query User{2B7C5CF0-442E-4578-BC2A-F774F3BBAEB3}D:\games\republique remastered\republique.exe] => (Block) D:\games\republique remastered\republique.exe
FirewallRules: [{44FC8069-A7B2-49CF-8D11-BBAE886FC007}] => (Allow) D:\Gamess\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{5A4EACF6-7151-4F20-A0D5-207746AD5EC0}] => (Allow) D:\Gamess\EA GAMES\The Battle for Middle-earth ™\game.dat
 
==================== Restore Points =========================
 
09-06-2016 22:17:13 Windows Update
10-06-2016 01:15:34 Windows Update
10-06-2016 22:01:03 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2016 06:34:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Setup.exe version 14.0.7011.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 604
 
Start Time: 01d1c370933265e6
 
Termination Time: 15
 
Application Path: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
 
Report Id: da2db878-2f63-11e6-8f2d-5404a6747a63
 
Error: (06/11/2016 06:33:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/10/2016 05:54:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2016 11:36:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2016 01:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2016 01:45:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/09/2016 01:45:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/09/2016 01:45:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/09/2016 01:45:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/09/2016 01:45:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (06/10/2016 10:02:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100).
 
Error: (06/10/2016 01:16:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100).
 
Error: (06/09/2016 10:17:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100).
 
Error: (06/09/2016 05:50:09 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/09/2016 01:51:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (06/09/2016 01:51:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (06/09/2016 01:51:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
 
Error: (06/09/2016 01:46:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/09/2016 01:46:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iolo System Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/09/2016 01:46:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 1643.72 MB
Available physical RAM: 748.43 MB
Total Virtual: 3287.44 MB
Available Virtual: 2071.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.83 GB) (Free:7.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (My Storage) (Fixed) (Total:224.26 GB) (Free:70.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#9
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi BojanglesWA,
 

The problem I had with "garbage" filling my C drive has also stopped.

 
Glad to hear your issue is resolved.
 

Now, I am unable to load my Word documents and Excel spreadsheets by double clicking them.

 
It might be due to the conflict between Office 2007 and 2010 that is installed in your machine. Did you previously purchase Office 2007 and installed in your machine? Did you installed Office 2010 on your own after that?
 
 
You have pasted the wrong AdwCleaner log, you pasted the Scan instead of Clean log. Please follow my previous instruction to run the clean mode, instead of the scan mode.
Do it again, and paste the clean log in your next post.


FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CreateRestorePoint:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
U3 aspz5ub9; C:\Windows\system32\Drivers\aspz5ub9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2016-06-09 13:52 - 2012-07-23 06:35 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-06-09 13:52 - 2012-07-23 06:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-09 07:51 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\Local\Conduit
2016-06-09 07:50 - 2012-07-23 06:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-09 07:46 - 2015-03-10 01:51 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\.ACEStream
2016-06-09 07:46 - 2015-03-10 01:49 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\ACEStream
Task: {B7D1938A-15FF-4448-8865-A71730933655} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
FirewallRules: [{56EBAF9C-5F61-4292-8E9D-BD7065DB1A01}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CF3E8EC-91A3-43D2-863A-06B978EC6AA0}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE26B391-CCE0-4029-AB97-CC305546E230}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4F4B0E3-2CD9-40B6-B088-0A4CB566E51B}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B37DA6EA-57BA-4EDF-A8C2-1D06ECFC9556}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8773C331-36E0-495A-BF9E-51296DB9076A}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe

C:\Program Files\Google\Chrome
C:\Users\ASUS\AppData\Local\Google\Chrome
C:\Program Files\Common Files\AV\avast! Antivirus

Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.
 
 
In your next reply, please include the following:
  • AdwCleaner clean log
  • Question on Office 07 and 10
  • FRST fixlog

  • 0

#10
BojanglesWA

BojanglesWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi

 

I do not have/own Office 10 and have never installed it onto my computer.  When I checked the installed programs I was as surprised to find Office 10 there as I was to discover Chrome there.  I have no idea how Office 10 was installed.  I can guarantee you that it was not there a week ago.  In a way it reminds me of an incident that had occurred around 6 months back.  I had switched off the computer before going to bed, also switched off the voltage regulator that it was plugged into.  When I powered up in the morning my browser was open at my on-line shares site (which requires a password obviously) and my Excel spreadsheet was also open.  I thought as I still think now that this was impossible. Prior to this, for a day or two the computer was doing some other peculiar things, such as closing the browser without me doing so, the lights on the computer (power, battery and another) would repeatedly flash on and off, plus one or two smaller things that I cannot recall now.  I had thought that my computer was being manipulated by an outside source. I don't think it makes any difference but for what it is worth; when that incident occurred I was living in the Philippines, and am currently living in Vietnam.

 

================================================================================================================================================

 

# AdwCleaner v5.119 - Logfile created 12/06/2016 at 04:00:27
# Updated 30/05/2016 by Xplode
# Database : 2016-06-10.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : ASUS - ASUS-PC
# Running from : C:\Users\ASUS\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\Application Data\apn
Folder Found : C:\ProgramData\Application Data\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Public\Documents\iWin
Folder Found : C:\Users\ASUS\AppData\Local\Conduit
Folder Found : C:\Users\ASUS\AppData\Local\PackageAware
Folder Found : C:\Users\ASUS\AppData\LocalLow\.acestream
Folder Found : C:\Users\ASUS\AppData\Roaming\.acestream
Folder Found : C:\Users\ASUS\AppData\Roaming\acestream
Folder Found : C:\Users\ASUS\AppData\Roaming\AceWebExtension
Folder Found : C:\Users\ASUS\AppData\Local\Chromium\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
 
***** [ Files ] *****
 
File Found : C:\Users\ASUS\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pacgpkgadgmibnhpdidcnfafllnmeomc_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKCU\Software\Classes\acestream
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Classes\acestream
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\onekit
Key Found : HKCU\Software\TornTv Downloader
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\1ClickDownload
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Conduit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\onekit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\TornTv Downloader
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\PriceGong
Key Found : HKU\S-1-5-18\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7605CA87-5F99-44CE-AB61-95EB8E12702D}
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7605CA87-5F99-44CE-AB61-95EB8E12702D}
 
***** [ Web browsers ] *****
 
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [7384 bytes] - [11/06/2016 06:44:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [7305 bytes] - [12/06/2016 04:00:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7378 bytes] ##########
 
=============================================================================================================================================
 
Fix result of Farbar Recovery Scan Tool (x86) Version:10-06-2016
Ran by ASUS (2016-06-12 04:39:47) Run:2
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
U3 aspz5ub9; C:\Windows\system32\Drivers\aspz5ub9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2016-06-09 13:52 - 2012-07-23 06:35 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-06-09 13:52 - 2012-07-23 06:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-09 07:51 - 2012-05-10 21:20 - 00000000 ____D C:\Users\ASUS\AppData\Local\Conduit
2016-06-09 07:50 - 2012-07-23 06:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-09 07:46 - 2015-03-10 01:51 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\.ACEStream
2016-06-09 07:46 - 2015-03-10 01:49 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\ACEStream
Task: {B7D1938A-15FF-4448-8865-A71730933655} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
FirewallRules: [{56EBAF9C-5F61-4292-8E9D-BD7065DB1A01}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CF3E8EC-91A3-43D2-863A-06B978EC6AA0}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE26B391-CCE0-4029-AB97-CC305546E230}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4F4B0E3-2CD9-40B6-B088-0A4CB566E51B}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B37DA6EA-57BA-4EDF-A8C2-1D06ECFC9556}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8773C331-36E0-495A-BF9E-51296DB9076A}] => (Allow) C:\Users\ASUS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe
 
C:\Program Files\Google\Chrome
C:\Users\ASUS\AppData\Local\Google\Chrome
C:\Program Files\Common Files\AV\avast! Antivirus
 
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found. 
aspz5ub9 => service not found.
C:\Program Files\Spybot - Search & Destroy => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\ASUS\AppData\Local\Conduit => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Users\ASUS\AppData\Roaming\.ACEStream => moved successfully
C:\Users\ASUS\AppData\Roaming\ACEStream => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B7D1938A-15FF-4448-8865-A71730933655}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7D1938A-15FF-4448-8865-A71730933655}" => key removed successfully.
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56EBAF9C-5F61-4292-8E9D-BD7065DB1A01} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CF3E8EC-91A3-43D2-863A-06B978EC6AA0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE26B391-CCE0-4029-AB97-CC305546E230} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4F4B0E3-2CD9-40B6-B088-0A4CB566E51B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B37DA6EA-57BA-4EDF-A8C2-1D06ECFC9556} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8773C331-36E0-495A-BF9E-51296DB9076A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31A18A99-C562-4A0A-BE82-C484736179E7}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6A23D3B3-A9E3-4725-8660-78617D09E75E}C:\users\asus\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully.
"C:\Program Files\Google\Chrome" => not found.
C:\Users\ASUS\AppData\Local\Google\Chrome => moved successfully
C:\Program Files\Common Files\AV\avast! Antivirus => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 416.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 04:41:28 ====

  • 0

Advertisements


#11
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi BojanglesWA,
 
 

In a way it reminds me of an incident that had occurred around 6 months back.  I had switched off the computer before going to bed, also switched off the voltage regulator that it was plugged into.  When I powered up in the morning my browser was open at my on-line shares site (which requires a password obviously) and my Excel spreadsheet was also open.

 
It is possible that you had hibernate/sleep your machine instead of shutting down hence, your programs are opened when turned your machine back on.
 

When I checked the installed programs I was as surprised to find Office 10 there as I was to discover Chrome there.  I have no idea how Office 10 was installed.

 
 
Since you did not install Office 10, it is possible that the conflict between Office 07 and 10 caused you the issue when opening the files. So please navigate to the install programs again and uninstall the following programs:
  • Microsoft Office Professional 2010
  • Service Pack 2 for Microsoft Office 2010
  • Google Chrome
Once you have uninstalled the programs, please reboot your machine. And then try to open your excel/word documents and see if the issue still exist.
 
 
 
 
JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
 
I would like to apologize for my mistake in my previous instruction given.
 
The reason I kept asking for the AdwCleaner clean log, and you wasn't able to provide is because I gave the wrong set of instruction.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
 
 
In your next reply, please include the following:
  • Any issue with the uninstallation?
  • Any issue trying to open your excel/word documents after uninstallation of Office 2010?
  • JRT log
  • AdwCleaner clean log
  • MalwareBytes log
  • ESET log

  • 0

#12
BojanglesWA

BojanglesWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

"It is possible that you had hibernate/sleep your machine instead of shutting down hence, your programs are opened when turned your machine back on."

 

 As it appears this is quite valid and would seem an obvious explanation except for two things: 1 I only use my online site while the stock market is ope (closes 3.30pm Philippine time) after which I log out. I would have run more programs on the computer after that time.  2.  As previously mentioned the computer is connected to the voltage control box which is turned off when I go to bed, so even had the computer hibernating, there would be no power going to it.  Yes this is a laptop computer but the battery is no longer functioning

 

When I un-installed Office 10, Office 7 became unusable.  I had to reinstall Office 7.  I tried to associate the Excel and Word files with Excel and Word respectively, there was an attempt to locate certain files which it could not locate, I did not take note of what it was searching for.  I tried to open Excel and Word from the start menu but this produced the same results.

 

I have a problem completing a full scan using the ESET Online Scanner.  It scans through 130000 plus file then becomes unresponsive and shuts down.  I receive an error message

 

stating "EOS_V2 has stopped working.  I have tried three times to complete this scan and each time it shuts down somewhere around the same place.  The first scan showed 4 threats

 

and the second and third scan showed 6 threats up until the time it sopped.

 

The other log files are shown below.

 

===============================================================================================================================================

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x86 
Ran by ASUS (Administrator) on 13/06/16 at  5:36:22.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 15 
 
Successfully deleted: C:\ProgramData\apn (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\ytd video downloader (Folder) 
Successfully deleted: C:\ProgramData\ytd video downloader (Folder) 
Successfully deleted: C:\Users\ASUS\AppData\Local\cre (Folder) 
Successfully deleted: C:\Users\ASUS\AppData\Local\packageaware (Folder) 
Successfully deleted: C:\Users\ASUS\AppData\Roaming\acewebextension (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LVX0W3W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR47O9SI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQTWVS48 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBA1H7NS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LVX0W3W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR47O9SI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQTWVS48 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBA1H7NS (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7605CA87-5F99-44CE-AB61-95EB8E12702D} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/06/16 at  5:40:09.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================================================================================================
 
# AdwCleaner v5.119 - Logfile created 13/06/2016 at 05:46:29
# Updated 30/05/2016 by Xplode
# Database : 2016-06-12.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : ASUS - ASUS-PC
# Running from : C:\Users\ASUS\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\Users\Public\Documents\iWin
Folder Found : C:\Users\ASUS\AppData\LocalLow\.acestream
Folder Found : C:\Users\ASUS\AppData\Local\Chromium\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
 
***** [ Files ] *****
 
File Found : C:\Users\ASUS\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pacgpkgadgmibnhpdidcnfafllnmeomc_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKCU\Software\Classes\acestream
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Classes\acestream
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\onekit
Key Found : HKCU\Software\TornTv Downloader
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\1ClickDownload
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\Conduit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\onekit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\TornTv Downloader
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKU\S-1-5-21-558300477-696560046-2245731031-1000\Software\AppDataLow\Software\PriceGong
Key Found : HKU\S-1-5-18\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Web browsers ] *****
 
[C:\Users\ASUS\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [7384 bytes] - [11/06/2016 06:44:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [7457 bytes] - [12/06/2016 04:00:27]
C:\AdwCleaner\AdwCleaner[S3].txt - [5628 bytes] - [13/06/2016 05:46:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5701 bytes] ##########
===============================================================================================================================================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/06/16
Scan Time: 06:04
Logfile: log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.12.04
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ASUS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262027
Time Elapsed: 27 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi BojanglesWA,
 
 

Yes this is a laptop computer but the battery is no longer functioning

 
It does not matter whether the power is plugged in when you hibernate. The state is saved, and reloaded when you start back your machine. For more information regarding Hibernate, sleep and so on, you can read here.
 

I tried to open Excel and Word from the start menu but this produced the same results.

 
Is there any specific error that you encounter when you try to open the document or excel file?
 

stating "EOS_V2 has stopped working.

 
 
Let's try with another scanner.

Scan with BitDefender Online Scanner

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please run a free on line scan with BitDefender Online Scanner.

  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

You have posted the wrong log for AdwCleaner. You have posted the Scan log instead of the Clean log. Please re-read the instruction I have posted in Post #11 for AdwCleaner as the instruction is different from performing a Scan.

In your next reply, please include the following:

  • BitDefender log
  • AdwCleaner clean log

  • 0

#14
BojanglesWA

BojanglesWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
QuickScan 32-bit v0.9.9.118
---------------------------
Scan date:  Wed Jun 15 05:17:42 2016
Machine ID: 1C9C04D6
 
 
 
No infection found.
-------------------
 
 
 
Processes
---------
            AppEx Accelerator                        1964    C:\Program Files\AMD Quick Stream
 
\AppexAcceleratorUI.exe
            DAEMON Tools Pro                         3352    C:\Program Files\DAEMON Tools Pro
 
\DTShellHlp.exe
            GrooveMonitor Utility                    1956    C:\Program Files\Microsoft Office
 
\Office12\GrooveMonitor.exe
            Internet Explorer                         572    C:\Program Files\Internet Explorer
 
\iexplore.exe
            Internet Explorer                        1352    C:\Program Files\Internet Explorer
 
\iexplore.exe
            Internet Explorer                        3552    C:\Program Files\Internet Explorer
 
\iexplore.exe
            Internet Explorer                        2268    C:\Program Files\Internet Explorer
 
\iexplore.exe
            iolo System component                     860    C:\Program Files\iolo\Common\Lib
 
\ioloServiceManager.exe
            iolo System Mechanic                     1312    C:\Program Files\iolo\System Mechanic
 
\ioloGovernor.exe
            Microsoft Malware Protection             1148    C:\Program Files\Microsoft Security 
 
Client\MpCmdRun.exe
            Microsoft Malware Protection             1828    C:\Program Files\Microsoft Security 
 
Client\MpCmdRun.exe
            Microsoft Malware Protection              832    C:\Program Files\Microsoft Security 
 
Client\MsMpEng.exe
            Microsoft Security Client                1948    C:\Program Files\Microsoft Security 
 
Client\msseces.exe
            Microsoft® Windows® Operating System     1656    C:\Windows\explorer.exe
            Microsoft® Windows® Operating System     1208    C:\Windows\servicing
 
\TrustedInstaller.exe
            Microsoft® Windows® Operating System     1320    C:\Windows\System32\conhost.exe
            Microsoft® Windows® Operating System      372    C:\Windows\System32\csrss.exe
            Microsoft® Windows® Operating System      468    C:\Windows\System32\csrss.exe
            Microsoft® Windows® Operating System      532    C:\Windows\System32\lsass.exe
            Microsoft® Windows® Operating System      540    C:\Windows\System32\lsm.exe
            Microsoft® Windows® Operating System      516    C:\Windows\System32\services.exe
            Microsoft® Windows® Operating System      280    C:\Windows\System32\smss.exe
            Microsoft® Windows® Operating System     1696    C:\Windows\System32\spoolsv.exe
            Microsoft® Windows® Operating System     2016    C:\Windows\System32\taskeng.exe
            Microsoft® Windows® Operating System     1752    C:\Windows\System32\taskhost.exe
            Microsoft® Windows® Operating System      460    C:\Windows\System32\wininit.exe
            Microsoft® Windows® Operating System      600    C:\Windows\System32\winlogon.exe
            Microsoft® Windows® Operating System     2408    C:\Windows\System32\WUDFHost.exe
            Opera crash-reporter                     3620    C:\Program Files\Opera
 
\38.0.2220.29\opera_crashreporter.exe
            Opera Internet Browser                   3612    C:\Program Files\Opera
 
\38.0.2220.29\opera.exe
            Opera Internet Browser                   3712    C:\Program Files\Opera
 
\38.0.2220.29\opera.exe
            Opera Internet Browser                   3772    C:\Program Files\Opera
 
\38.0.2220.29\opera.exe
            Opera Internet Browser                   3780    C:\Program Files\Opera
 
\38.0.2220.29\opera.exe
            Opera Internet Browser                   4072    C:\Program Files\Opera
 
\38.0.2220.29\opera.exe
            Skype Click to Call                      1992    C:\Program Files\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
            Skype Click to Call                       292    C:\Program Files\Skype\Toolbars
 
\PNRSvc\SkypeC2CPNRSvc.exe
(verified)  Microsoft® Windows® Operating System     1628    C:\Windows\System32\dwm.exe
(verified)  Microsoft® Windows® Operating System      696    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1328    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1824    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1468    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1068    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1024    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      996    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      960    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2584    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2828    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      780    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     3856    C:\Windows\System32\svchost.exe
 
 
Network activity
----------------
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 103.229.206.85
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 23.23.170.207
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 23.99.125.55
Process iexplore.exe (1352) connected on port 443 (HTTP over SSL) --> 104.244.42.72
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 192.229.145.72
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 221.133.8.227
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 221.133.8.227
Process iexplore.exe (1352) connected on port 80 (HTTP) --> 37.59.67.149
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 108.161.188.218
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 94.31.29.154
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.203.42
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.203.42
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.246.93.227
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.246.93.227
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 195.210.5.5
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.199.98
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.199.98
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 195.210.5.5
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 74.125.200.95
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 74.125.200.95
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.32.174.154
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.32.174.154
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.122.64.216
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.122.64.216
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 108.161.188.192
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.192.150.64
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.192.150.64
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.203.104
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.203.104
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 184.84.53.188
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.241
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.241
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.241
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.12.208.170
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.12.208.170
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 216.58.221.237
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 216.58.221.237
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 216.58.199.98
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 216.58.199.98
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 23.111.9.32
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.12.208.170
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.12.208.170
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 175.41.131.229
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 23.21.75.160
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 23.21.75.160
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 175.41.131.229
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.230.151.244
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.230.151.244
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.12.208.170
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.12.208.170
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 184.84.62.182
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 184.84.62.182
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 204.2.197.202
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 115.112.2.29
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 175.41.129.220
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 115.112.2.29
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 175.41.129.220
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 115.112.2.31
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 115.112.2.31
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 115.112.2.31
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 115.112.2.31
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 46.137.215.114
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 46.137.215.114
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 199.96.57.6
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.84.224.159
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.84.224.159
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.197.102
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.197.102
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 111.221.29.13
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 111.221.29.13
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.221.98
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 216.58.221.98
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 108.174.10.10
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 108.174.10.10
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 111.221.29.13
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 111.221.29.13
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 61.213.187.244
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 173.241.248.143
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 173.241.248.143
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 106.10.198.33
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 210.176.156.45
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 210.176.156.45
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 217.147.88.169
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.251.136.223
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.251.136.223
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 184.84.62.182
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.64.118.111
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.64.118.111
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 202.214.2.11
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 199.187.193.130
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 199.187.193.130
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 184.84.62.182
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 72.34.250.75
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 151.101.76.166
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 151.101.76.166
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 115.112.2.22
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 115.112.2.22
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 103.40.110.93
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.254.239.28
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.254.239.28
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 37.48.113.10
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 50.97.236.98
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.192.130.19
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 50.97.236.98
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.192.130.19
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 184.84.62.182
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 184.84.62.182
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 185.94.180.126
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 185.94.180.126
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.16.24.235
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 31.13.95.3
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 31.13.95.3
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 63.251.252.12
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.122.61.190
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.122.61.190
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.69.230.115
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.191.8.37
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.206.87.167
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.69.230.115
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.191.8.37
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.206.87.167
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.68.146.185
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.246.112.159
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.246.112.159
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.68.146.185
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 63.251.88.51
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.73.178.249
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 46.105.114.230
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 54.251.254.168
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 54.251.254.168
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 103.229.205.254
Process iexplore.exe (2268) connected on port 443 (HTTP over SSL) --> 103.229.205.254
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.76.180.114
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 52.76.180.114
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 103.40.110.164
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 103.40.110.164
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 31.13.95.3
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 31.13.95.3
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.206.87.167
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.231.114.122
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.231.114.122
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.206.87.167
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 70.42.33.242
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.122.61.190
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 104.122.61.190
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 103.229.205.254
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.229.149.138
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 54.229.149.138
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 192.229.145.72
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 192.229.145.72
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 107.22.251.129
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 107.22.251.129
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 107.178.243.85
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 107.178.243.85
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 203.114.28.29
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 203.114.28.29
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 117.18.237.245
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 117.18.237.245
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 117.18.237.245
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 117.18.237.245
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 180.210.232.25
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 180.210.232.25
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 203.77.189.23
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 203.77.189.23
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 37.153.96.63
Process iexplore.exe (2268) connected on port 80 (HTTP) --> 37.153.96.63
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 23.97.64.11
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 23.97.64.11
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 104.211.224.23
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 104.211.224.23
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 191.232.37.200
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 191.232.37.200
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 138.91.83.37
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 138.91.83.37
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 74.125.200.95
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 74.125.200.95
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 216.58.203.2
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 216.58.203.2
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 74.125.130.154
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 115.112.2.38
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 74.125.130.154
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 115.112.2.38
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.203.2
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.226
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.129
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.129
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.129
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.212
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.212
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.239.32.57
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.239.32.57
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.241
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.241
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 31.13.95.36
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 31.13.95.12
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 31.13.95.12
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.226
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.237
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.237
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 74.125.200.95
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 74.125.200.95
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.212
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.212
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.129
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.129
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.221.129
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.237
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.232
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.232
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.232
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.232
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.232
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 199.27.79.193
Process iexplore.exe (3552) connected on port 80 (HTTP) --> 199.27.79.193
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 221.133.8.232
Process iexplore.exe (3552) connected on port 443 (HTTP over SSL) --> 216.58.203.2
 
Process wininit.exe (460) listens on ports: 49152 (RPC)
Process services.exe (516) listens on ports: 49156 (RPC)
Process lsass.exe (532) listens on ports: 49155 (RPC)
Process svchost.exe (780) listens on ports: 135 (RPC)
Process svchost.exe (960) listens on ports: 49153 (RPC)
Process svchost.exe (1068) listens on ports: 49154 (RPC)
 
 
Autoruns and critical files
---------------------------
            Adobe® Flash® Player Installer/Uninstal  C:\Windows\system32\Macromed\Flash
 
\FlashUtil32_21_0_0_242_pepper.exe
            Adobe® Flash® Player Update Service      C:\Windows\system32\Macromed\Flash
 
\FlashPlayerUpdateService.exe
            AppEx Accelerator                        C:\Program Files\AMD Quick Stream
 
\AppexAcceleratorUI.exe
            Eudora                                   c:\program files\qualcomm\eudora\eushlext.dll
            Facebook Update                          C:\Users\ASUS\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe
            GrooveMonitor Utility                    C:\Program Files\Microsoft Office
 
\Office12\GrooveMonitor.exe
            GrooveShellExtensions Module             C:\Program Files\Microsoft Office
 
\Office12\GrooveShellExtensions.dll
            Microsoft Security Client                C:\Program Files\Microsoft Security Client
 
\msseces.exe
            Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe
 
 
Browser plugins
---------------
            Bitdefender QuickScan                    C:\Windows\Downloaded Program Files\qsax.dll
            Facebook Video Calling Plugin            C:\Users\ASUS\AppData\Local\Facebook\Video
 
\Skype\npFacebookVideoCalling.dll
            Foxit Reader Plugin for Mozilla          C:\Program Files\Foxit Software\Foxit Reader
 
\plugins\npFoxitReaderPlugin.dll
            GrooveShellExtensions Module             C:\Program Files\Microsoft Office
 
\Office12\GrooveShellExtensions.dll
            Internet Explorer                        C:\Windows\system32\IEFRAME.dll
            Java Deployment Toolkit 8.0.310.13       C:\Program Files\Java\jre1.8.0_31\bin
 
\dtplugin\npDeployJava1.dll
            Java™ Platform SE 8 U31               c:\program files\java\jre1.8.0_31\bin
 
\jp2ssv.dll
            Java™ Platform SE 8 U31               C:\Program Files\Java\jre1.8.0_31\bin
 
\plugin2\npjp2.dll
            Java™ Platform SE 8 U31               c:\program files\java\jre1.8.0_31\bin\ssv.dll
            Microsoft® Windows® Operating System     C:\Windows\system32\mswsock.dll
            Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
            VLC Web Plugin                           C:\Program Files\VideoLAN\VLC\npvlc.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\napinsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\pnrpnsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll
 
 
Scan
----
MD5: 8021025c39505885ba69eadabfe9b3ff  C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
MD5: 8b54edabb6908a48d510f4b35789cec8  C:\Program Files\ATI Technologies\ATI.ACE\Fuel
 
\Fuel.Service.exe
MD5: 64504ead0e3da85a8c63d687c1e1be55  C:\Program Files\BCL Technologies\easyConverter SDK 
 
3\Common\becldr.exe
MD5: 8669be94f63944e4f899c3950b520241  C:\Program Files\Common Files\Macrovision Shared\FLEXnet 
 
Publisher\FNPLicensingService.exe
MD5: 4b7032306356e351d99834c709f653f6  C:\Program Files\Common Files\microsoft shared\ink
 
\tiptsf.dll
MD5: 2424231bbd703a677d115c29983b4293  C:\Program Files\Common Files\microsoft shared
 
\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b  C:\Program Files\Common Files\Microsoft Shared
 
\OFFICE12\ODSERV.EXE
MD5: 47dd6580125e440af76a4ea0247b8652  C:\Program Files\DAEMON Tools Pro\BRD.dll
MD5: b497fa74eb7c83fb5d2f6deb9a58fabd  C:\Program Files\DAEMON Tools Pro\DTCommonRes.dll
MD5: 9e86c875c63ff6fc2e7a88963a980167  C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
MD5: 97a1db685fa22dca777cf49e3b39cfad  C:\Program Files\DAEMON Tools Pro\DTShl32.dll
MD5: a452eebab03eb2cc02153a338bdc0cf9  C:\Program Files\DAEMON Tools Pro\Engine.dll
MD5: 4de1ebb2314e2f10ac9ec83138193f8b  C:\Program Files\DAEMON Tools Pro\ImgEngine.dll
MD5: 1a02fc0f35e1236136a2af0bae2d1a0e  C:\Program Files\Foxit Software\Foxit Reader\plugins
 
\npFoxitReaderPlugin.dll
MD5: 9989ca661c7cb540648500294ad5ab6e  C:\Program Files\Internet Explorer\ieproxy.dll
MD5: b25ce25490e325612cec6088fc02f926  C:\Program Files\Internet Explorer\IEShims.dll
MD5: 455fbe995e8e809da3ebb78c447202d9  C:\Program Files\Internet Explorer\iexplore.exe
MD5: 937dc2777ae786cd19d7722515c8c77c  C:\Program Files\Internet Explorer\sqmapi.dll
MD5: 2438075d5803aea9c175ed410d0af1e5  C:\Program Files\iolo\common\Lib\Corvus.dll
MD5: 32e1227cca0036b7768d08db04b0412a  C:\Program Files\iolo\common\Lib\fbembed.dll
MD5: 6b23c9d7d8ff6b9ded9677cbef4aff8b  C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
MD5: d8e45ba1ca1b1efdd9a89452f0c0c72a  C:\Program Files\iolo\common\Lib
 
\Res_55FD1D5A7AEF4DA38FAFA71B2A52FFC7.dll
MD5: 5f7a2596c96ff7a5c0c4715893b841ed  C:\Program Files\iolo\common\Lib\WWSDK.dll
MD5: ad78b0b319156d0e119c91a8e714ed32  C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
MD5: 284f7dee5debf97d8e0b2d9936a5834f  C:\Program Files\iolo\System Mechanic\pl_rsrc_english.dll
MD5: b66b4d28d7d0c6322ff235c782cd6b76  C:\Program Files\Java\jre1.8.0_31\bin\dtplugin
 
\npDeployJava1.dll
MD5: da41fc2ea6e979d147258ab053e2d136  c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
MD5: 225d76851efc6144b4bad941b3e8989d  C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
MD5: 7c15112aeb2a24a7b21fa7a534c083c5  c:\program files\java\jre1.8.0_31\bin\ssv.dll
MD5: 1a29329d4abdb7d765a9ed2bfe39a515  C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
MD5: 123271bd5237ab991dc5c21fdf8835eb  C:\Program Files\Microsoft Office
 
\Office12\GrooveAuditService.exe
MD5: 533aecd1b5356870ae2d905b4d3b42b7  C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
MD5: 0e34b7bb1fcf22bcc1e394d16f9e992b  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
MD5: 30efebdc960a482e3e188b9960b286e2  C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
MD5: 30db64d316f502558db2380f7343c9fd  C:\Program Files\Microsoft Office
 
\Office12\GrooveShellExtensions.dll
MD5: d8c2b95bc2353e1f18850d6b8f5dba13  C:\Program Files\Microsoft Office
 
\Office12\GrooveSystemServices.dll
MD5: 207204af80505af51271fe164b56f662  C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
MD5: 2193920c394971fc2e39f05ab2b8b2b7  C:\Program Files\Microsoft Security Client\EppManifest.dll
MD5: e975f1b314d73f511c530de77bd51fb3  C:\Program Files\Microsoft Security Client\mpclient.dll
MD5: 68232d2aac188e3e1a4c3f1da430d72e  C:\Program Files\Microsoft Security Client\MpCmdRun.exe
MD5: a0ce93285f0ebb1a6b27a4f669c4e23b  C:\Program Files\Microsoft Security Client\MpCommu.dll
MD5: 0a1beba238c7ebc72c382d2f921a5747  C:\Program Files\Microsoft Security Client\MpOAv.dll
MD5: 6a55dfa7452694186d1d690da4880d8d  C:\Program Files\Microsoft Security Client\mprtp.dll
MD5: d98c4e92de557e845965391b0652a7d2  C:\Program Files\Microsoft Security Client\mpsvc.dll
MD5: dc8b329d6b4026d2d6e957bc79336022  C:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: ee4223fee8ab8b9202fca18036f157ae  C:\Program Files\Microsoft Security Client\msseces.exe
MD5: f36d4743bcb636f1779e7cb36e950525  C:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: 9ab0a1753a53e4ca7b98b9ae67014157  C:\Program Files\Microsoft Security Client\shellext.dll
MD5: c7183b520415c38a5d021b6657ec7c23  C:\Program Files\Opera\38.0.2220.29\D3DCompiler_47.dll
MD5: e8354eef41a1dc16ff05c007c02f5ff1  C:\Program Files\Opera\38.0.2220.29\libegl.dll
MD5: 7b8326e9c998b67cfff2526437c19c0f  C:\Program Files\Opera\38.0.2220.29\libglesv2.dll
MD5: bb2949d4690822e25166022c263a1639  C:\Program Files\Opera\38.0.2220.29\opera.exe
MD5: f295838fa2d0326789fa5a92a3a81c94  C:\Program Files\Opera\38.0.2220.29\opera_crashreporter.exe
MD5: f8a465b37d33a1d2a65608ad0c8c90e6  c:\program files\qualcomm\eudora\eushlext.dll
MD5: cc465ecbc1700b2d91e152ed9165994a  C:\Program Files\RosettaStoneLtdServices
 
\RosettaStoneDaemon.exe
MD5: c8d931d734fc0097478ce2583a75c4df  C:\Program Files\Skype\Toolbars\AutoUpdate
 
\SkypeC2CAutoUpdateSvc.exe
MD5: 8e1cc0517de17df83cf80bfce9f0c000  C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
MD5: 9a66a87bbc0ec4463042959b7c0d4ac1  C:\Program Files\Skype\Updater\Updater.exe
MD5: c7794a997cec29173a4401f3ae16c51f  C:\Program Files\VideoLAN\VLC\npvlc.dll
MD5: 082cf481f659fae0de51ad060881eb47  C:\Program Files\Windows Defender\mpsvc.dll
MD5: 3b40d3a61aa8c21b88ae57c58ab3122e  C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 3839f669151f711084fea3e89f5bdbfc  C:\Program Files\WinRAR\rarext.dll
MD5: 73bec955547a8940b08189d2ce7b2260  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition 
 
Updates\{3E2B49BE-A2EC-49CB-A2BD-02C9B7F56294}\mpengine.dll
MD5: 2a3fb4c98f139038e23330d2439db8a4  C:\Users\ASUS\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe
MD5: 3cd19649b2c3023d65e67c056457a2bc  C:\Users\ASUS\AppData\Local\Facebook\Video\Skype
 
\npFacebookVideoCalling.dll
MD5: 368b2bee3f88bfb883d2c74a258de6f6  C:\Windows\AppPatch\AcLayers.DLL
MD5: 56940b50ab0e5923822f47b0e4463885  C:\Windows\Downloaded Program Files\qsax.dll
MD5: a8c362018efc87beb013ee28f29c0863  C:\Windows\ehome\ehRecvr.exe
MD5: 40d777b7a95e00593eb1568c68514493  C:\Windows\explorer.exe
MD5: f13ec8a783e0cb0d6dc26a3ca848b7b8  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
MD5: 3e9213a2a050bf429e91898c90f8b4e3  C:\Windows\Microsoft.NET\Framework\v3.0\Windows 
 
Communication Foundation\infocard.exe
MD5: 2c49b175aee1d4364b91b531417fe583  C:\Windows\servicing\TrustedInstaller.exe
MD5: b57053cd59114d36952461ee638d3784  C:\Windows\system32\acppage.dll
MD5: 9a39a2a5f443a756c568c6ed5748afe4  C:\Windows\System32\Actioncenter.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc  C:\Windows\system32\actxprxy.dll
MD5: 039567aa833ddac96e85880204516424  C:\Windows\system32\ADVAPI32.dll
MD5: 8b794ae6d5c7d42092804bc39a2eb8f6  c:\windows\system32\AEPIC.dll
MD5: ce5d4f72018f177fbc3fc3cd588253c2  C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 6b161e30f521f4bb32ad9b933333c3ff  C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: f24a627e532c544f5ba1ebc4a842d735  C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: c67582e0a1f8e2deee17084683ba94b1  C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 72dfa87ce0c57fdd2a1519e41cdd353c  C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: aae238d6b60f7449b8c47f6c2dac1fa1  C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: ecf8ac040b83c2fa66fd4f9def36564b  C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: b42fba78b96e30ac9eeaaddc80174158  C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 8c3fcad8c6f46f7cf16645f5f4a53333  C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3461e2e021a2dab210e01b9df6f5b4e3  C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: d5d3983a13937fc7ef315e925e119e93  C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 37d39e5a14a898522c9a56548b3cfeb4  C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 48fa99f3f2564a3e8a8fc13abe6519d1  C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: f2451f46b283203df1935a805a52f2e2  C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: a9bf766989037710ee871f00ff840a04  C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 51a6f21cbe0ef6b939a94a6254aaad0c  C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: 334c79b24c6fdd30c14036b669e0fa82  C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: bfcda7c82ad801f98f0dc60ce581914b  C:\Windows\system32\api-ms-win-core-processenvironment-l1-1
 
-0.dll
MD5: afdfc2b4e930fc382abca7cbf502f4a2  C:\Windows\system32\api-ms-win-core-processthreads-l1-1-
 
0.dll
MD5: 1ead16d830880e74829947b1d187f802  C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 35c2b5fb7c69ebffb04c1576d8c346b8  C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29d109c7994c3acdea0fdf4de0f9cba2  C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 49035ec0aea16b676f4ab6af3ceebbc9  C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: ebecfb8a153f846e7ebd22c00919028b  C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: 718bdb579ac99123e20452a0a8c409c6  C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 16de72d651ff85b43c09752481bd7165  C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: d4e7f0d5b35903f70e9cb330c1c692f8  C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba  C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6  C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904  C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7  C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756  C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866  C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85  C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43  C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7  C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
MD5: f51470bd01277ff327d7cb3f9bff6d81  C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84  C:\Windows\system32\apphelp.dll
MD5: 8333787d8fca460c0dd70436464a8a8d  C:\Windows\System32\appidsvc.dll
MD5: 530195da0d84d9855020f2b80d6b267f  c:\windows\system32\appinfo.dll
MD5: d94e699220451be0a3416943fd5a12ba  C:\Windows\system32\aticfx32.dll
MD5: ad7b5c93f2f111619a1d187e18acfcce  C:\Windows\system32\atidxx32.dll
MD5: 87f8e98fcd859d2f0c291dcf9f1a5543  C:\Windows\system32\atiesrxx.exe
MD5: c9e87229d5e3b981e1b033c7d5cb3c17  C:\Windows\system32\atiu9pag.dll
MD5: 1f7cbdd1031c25df4e8075afad248d91  C:\Windows\system32\atiuxpag.dll
MD5: 50b8937a81360d16a5c772302bd32cfe  C:\Windows\System32\audioses.dll
MD5: c1619a13b10cac5038bf7129f57d8de3  c:\windows\system32\audiosrv.dll
MD5: 7b4277f9e9f48d5d8e6aea341f8048e8  C:\Windows\system32\authui.dll
MD5: 6e30d02aac9cac84f421622e3a2f6178  c:\windows\system32\axinstsv.dll
MD5: 5e7c5de85af978495c3a9a0b720b9811  C:\Windows\system32\basesrv.DLL
MD5: 67c1b58706b47eeba4e117ac197289e6  C:\Windows\system32\BatMeter.dll
MD5: bc4b0beed6a4325c57bc24a8ff277682  C:\Windows\system32\bcryptprimitives.dll
MD5: 1e2bac209d184bb851e1a187d8a29136  c:\windows\system32\bfe.dll
MD5: f45ed8c4f9af862cd9992849b5203c11  C:\Windows\system32\bitsigd.dll
MD5: 0552a8684bf7566f744d5b19ff6aec6b  c:\windows\system32\bitsperf.dll
MD5: 72910f1deb838e6e08a9017bfb7d4f0b  C:\Windows\system32\BROWCLI.DLL
MD5: 3daa727b5b0a45039b0e1c9a211b8400  c:\windows\system32\browser.dll
MD5: e3d5e244807ad655787fcd25477cc1bc  C:\Windows\System32\bthprops.cpl
MD5: 7a6986dd659b96398a11af5173892715  C:\Windows\system32\Cabinet.dll
MD5: 319c6b309773d063541d01df8ac6f55f  C:\Windows\System32\certprop.dll
MD5: 3ffaea12666e565ff51bf2fca674f543  C:\Windows\system32\CFGMGR32.dll
MD5: 33a60554882fdf59cda3e1806370bba1  C:\Windows\System32\CLFS.sys
MD5: ae9898d5600a232cd8ae3298692162e5  C:\Windows\system32\CLUSAPI.DLL
MD5: ad7b9c14083b52bc532fba5948342b98  C:\Windows\system32\cmd.exe
MD5: 50ba656134f78af64e4dd3c8b6fefd7e  C:\Windows\system32\cngaudit.dll
MD5: d1de1eafde97be41cf6585027ff3e732  C:\Windows\system32\comdlg32.dll
MD5: 761d6906de888cf832606cfcdc9e7c47  C:\Windows\System32\conhost.exe
MD5: 5225dad8684a316587b5f0ac56b50b59  C:\Windows\system32\credssp.dll
MD5: 108c2cfa5527458c096a699929ecbd80  C:\Windows\system32\credui.dll
MD5: 74264b7f57a16d25cb581c07964d324a  C:\Windows\system32\CRYPT32.dll
MD5: 3f6179fcec6473f79ffa75b6ed7c7e11  C:\Windows\system32\CRYPTBASE.dll
MD5: 3baa4bae71460c5ceb40d5e9339a61bc  C:\Windows\system32\cryptnet.dll
MD5: b54fd1991e659fd61ef1d34ec27aaecd  C:\Windows\system32\CRYPTSP.dll
MD5: 49474b3e37969af4b5c076f42b623aff  c:\windows\system32\cryptsvc.dll
MD5: b7d2bb84c590f0ae9da51dbb065a780e  C:\Windows\system32\CRYPTUI.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47  C:\Windows\system32\cscapi.dll
MD5: 57a51217581614de07f30e34d6bb4993  C:\Windows\System32\CSCDLL.dll
MD5: cf4274ceea9f7791fb7fc40a066bc2c7  C:\Windows\system32\cscobj.dll
MD5: 15f93b37f6801943360d9eb42485d5d3  c:\windows\system32\cscsvc.dll
MD5: 3ec541c196de18ed9a0d0ac82a694d4c  C:\Windows\System32\cscui.dll
MD5: ce0731e4b4236639f57c975376d55252  C:\Windows\system32\CSRSRV.dll
MD5: 342271f6142e7c70805b8a81e1ba5f5c  C:\Windows\System32\csrss.exe
MD5: 14800bd31701a5047ac3145bb1e698ae  C:\Windows\system32\d2d1.dll
MD5: 3c1936a12c62254f914a01bbc6a8dc69  C:\Windows\system32\d3d10_1.dll
MD5: d4212ab475a3b25ec4df574536c3edc5  C:\Windows\system32\d3d10_1core.dll
MD5: 6de66fe7c526637e74cd066461c7c871  C:\Windows\system32\d3d11.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6  C:\Windows\system32\d3d9.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8  c:\windows\system32\dbghelp.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63  c:\windows\system32\dhcpcore.dll
MD5: 990a58a0b01720e419b55efc5ff387f8  C:\Windows\System32\dhcpcore6.dll
MD5: ecf036299aa554b5e0455262857b39d0  C:\Windows\system32\diagperf.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9  C:\Windows\system32\DNSAPI.dll
MD5: 100103c6535c66265267f5eea5f5846e  C:\Windows\System32\dnsext.dll
MD5: 33ef4861f19a0736b11314aad9ae28d0  c:\windows\system32\dnsrslvr.dll
MD5: 366ba8fb4b7bb7435e3b9eacb3843f67  C:\Windows\System32\dot3svc.dll
MD5: 8ec04ca86f1d68da9e11952eb85973d6  c:\windows\system32\dps.dll
MD5: 0c0df0f05baea320fa301f34e256e08b  C:\Windows\system32\dpx.dll
MD5: 1b133875b8aa8ac48969bd3458afe9f5  C:\Windows\system32\drivers\1394ohci.sys
MD5: cea80c80bed809aa0da6febc04733349  C:\Windows\system32\drivers\ACPI.sys
MD5: 1efbc664abff416d1d07db115dcb264f  C:\Windows\system32\drivers\acpipmi.sys
MD5: 93b49fa857f7036a4eff32371f6e7391  C:\Windows\system32\drivers\afd.sys
MD5: ff258424f0b2ef25eb98f04ee386e6e3  C:\Windows\system32\DRIVERS\amdiox86.sys
MD5: e7f4d42d8076ec60e21715cd11743a0d  C:\Windows\system32\drivers\amdsata.sys
MD5: 146459d2b08bfdcbfa856d9947043c81  C:\Windows\system32\drivers\amdxata.sys
MD5: b5872633edc12faf07fdaa6912627e75  C:\Windows\system32\DRIVERS\appexDrv.sys
MD5: c7f5cae0b450be875eee0e6ddfa771fe  C:\Windows\system32\drivers\appid.sys
MD5: 9b8c87c27a166ce84be6eddba3854527  C:\Windows\system32\DRIVERS\athr.sys
MD5: 434192d027a6a11e32e1c74c7c43e1ed  C:\Windows\system32\drivers\AtihdW73.sys
MD5: 6617fed21c91e821e3d00484741b302f  C:\Windows\system32\DRIVERS\atikmdag.sys
MD5: 0cd80c1abe5507b4adbfc8338e3698e0  C:\Windows\system32\DRIVERS\atikmpag.sys
MD5: 8f2da3028d5fcbd1a060a3de64cd6506  C:\Windows\system32\DRIVERS\bowser.sys
MD5: be167ed0fdb9c1fa1133953c18d5a6c9  C:\Windows\system32\DRIVERS\cdrom.sys
MD5: fae0008ab5bf34e41ec95a8087e94454  C:\Windows\System32\Drivers\cng.sys
MD5: cbe8c58a8579cfe5fccf809e6f114e89  C:\Windows\system32\DRIVERS\CompositeBus.sys
MD5: 3c2177a897b4ca2788c6fb0c3fd81d4b  C:\Windows\system32\drivers\csc.sys
MD5: f024449c97ec1e464aaffda18593db88  C:\Windows\System32\Drivers\dfsc.sys
MD5: 2a958ef85db1b61ffca65044fa4bce9e  C:\Windows\system32\drivers\dmvsc.sys
MD5: a3f684b866a7d89ae396276ce7afd416  C:\Windows\system32\drivers\drmkaud.sys
MD5: 4b21d102e49e9d44c478d6766a7fcbe5  C:\Windows\System32\drivers\dxgkrnl.sys
MD5: da8b28199b46b72502d5a3f75d446254  C:\Windows\system32\drivers\ElRawDsk.sys
MD5: 8a73e79089b282100b9393b644cb853b  C:\Windows\System32\DRIVERS\fvevol.sys
MD5: 9036377b8a6c15dc2eec53e489d159b5  C:\Windows\system32\DRIVERS\HDAudBus.sys
MD5: a5ef29d5315111c80a5c1abad14c8972  C:\Windows\system32\drivers\HdAudio.sys
MD5: 10c19f8290891af023eaec0832e1eb4d  C:\Windows\system32\drivers\hidusb.sys
MD5: 487569e5da56a5a432ff8af6d3599cf9  C:\Windows\system32\drivers\HTTP.sys
MD5: 0c4e035c7f105f1299258c90886c64c5  C:\Windows\System32\drivers\hwpolicy.sys
MD5: a3cae5d281db4cff7cff8233507ee5ad  C:\Windows\system32\drivers\iaStorV.sys
MD5: 4bd7134618c1d2a27466a099062547bf  C:\Windows\system32\drivers\IPMIDrv.sys
MD5: 9e3ced91863e6ee98c24794d05e27a71  C:\Windows\system32\DRIVERS\kbdhid.sys
MD5: 37507b2f0ea8c2a7cfe120e6ee2128b5  C:\Windows\System32\Drivers\ksecdd.sys
MD5: d94d58a52bfc1352e82ebecade518b6d  C:\Windows\System32\Drivers\ksecpkg.sys
MD5: bad9c0366134ba181514e9263c8ce606  C:\Windows\System32\drivers\mountmgr.sys
MD5: 7f7fd183aefc2f302ef1bf1cfccb82ce  C:\Windows\system32\DRIVERS\MpFilter.sys
MD5: 2d699fb6e89ce0d8da14ecc03b3edfe0  C:\Windows\system32\drivers\mpio.sys
MD5: 6430a074f6e32176fbef2deb110ae952  C:\Windows\system32\drivers\mrxdav.sys
MD5: c04d36b97bcee4a83ec34325a3424768  C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 84d65385a4df3577c9ca697b67dfce26  C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 8758312ae2602620e6c972f527ec64ed  C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 012c5f4e9349e711e11e0f19a8589f0a  C:\Windows\system32\drivers\msahci.sys
MD5: 55055f8ad8be27a64c831322a780a228  C:\Windows\system32\drivers\msdsm.sys
MD5: cb7a9abb12b8415bce5d74994c7ba3ae  C:\Windows\system32\drivers\msiscsi.sys
MD5: 9804fb2e46077f2977552347dfca7e05  C:\Windows\system32\drivers\ndis.sys
MD5: d8a65dafb3eb41cbb622745676fcd072  C:\Windows\system32\DRIVERS\ndisuio.sys
MD5: 38fbe267e7e6983311179230facb1017  C:\Windows\system32\DRIVERS\ndiswan.sys
MD5: 280122ddcf04b378edd1ad54d71c1e54  C:\Windows\System32\DRIVERS\netbt.sys
MD5: bfd3b47a46bf2bb6bb0cec7127ee929e  C:\Windows\system32\DRIVERS\NisDrvWFP.sys
MD5: af2eec9580c1d32fb7eaf105d9784061  C:\Windows\system32\drivers\nvraid.sys
MD5: 9283c58ebaa2618f93482eb5dabcec82  C:\Windows\system32\drivers\nvstor.sys
MD5: 3f34a1b4c5f6475f320c275e63afce9b  C:\Windows\System32\drivers\partmgr.sys
MD5: 673e55c3498eb970088e812ea820aa8f  C:\Windows\system32\drivers\pci.sys
MD5: 40c611622882c3fcafeb845c1e12a10f  C:\Windows\system32\DRIVERS\PDFsFilter.sys
MD5: aebc369f7dc72ab3f5b9bdf34fa0d43f  C:\Windows\system32\drivers\peauth.sys
MD5: d528bc58a489409ba40334ebf96a311b  C:\Windows\system32\DRIVERS\rdbss.sys
MD5: 23dae03f29d253ae74c44f99e515f9a1  C:\Windows\System32\DRIVERS\RDPCDD.sys
MD5: b973fcfc50dc1434e1970a146f7e3885  C:\Windows\System32\drivers\rdpdr.sys
MD5: eac76854c359d2534b25296ae425410d  C:\Windows\System32\drivers\rdpvideominiport.sys
MD5: 518395321dc96fe2c9f0e96ac743b656  C:\Windows\System32\drivers\rdyboost.sys
MD5: fb3ca58c5447432b8e10c0df3d4d2a1b  C:\Windows\system32\DRIVERS\Rt86win7.sys
MD5: 05d860da1040f111503ac416ccef2bca  C:\Windows\system32\drivers\sbp2port.sys
MD5: 0693b5ec673e34dc147e195779a4dcf6  C:\Windows\System32\DRIVERS\scfilter.sys
MD5: 6d4ccaedc018f1cf52866bbbaa235982  C:\Windows\system32\drivers\sffp_sd.sys
MD5: 0022cfff1a41e5ce3a764050a7ddf22a  C:\Windows\System32\Drivers\sptd.sys
MD5: e4c2764065d66ea1d2d3ebc28fe99c46  C:\Windows\System32\DRIVERS\srv.sys
MD5: 03f0545bd8d4c77fa0ae1ceedfcc71ab  C:\Windows\System32\DRIVERS\srv2.sys
MD5: be6bd660caa6f291ae06a718a4fa8abc  C:\Windows\System32\DRIVERS\srvnet.sys
MD5: dcaffd62259e0bdb433dd67b5bb37619  C:\Windows\system32\drivers\storvsc.sys
MD5: f2ad8960812fd111e20e84659ef19d43  C:\Windows\System32\drivers\synth3dvsc.sys
MD5: 5579dd18546999f5d0ec39d018726c6b  C:\Windows\System32\drivers\tcpip.sys
MD5: cca24162e055c3714ce5a88b100c64ed  C:\Windows\System32\drivers\tcpipreg.sys
MD5: 1cb91b2bd8f6dd367dfc2ef26fd751b2  C:\Windows\system32\drivers\tdpipe.sys
MD5: 2c2c5afe7ee4f620d69c23c0617651a8  C:\Windows\system32\drivers\tdtcp.sys
MD5: bb8817d0508dd5ea69c770c8def5ab67  C:\Windows\system32\DRIVERS\tdx.sys
MD5: 04dbf4b01ea4bf25a9a3e84affac9b20  C:\Windows\system32\DRIVERS\termdd.sys
MD5: 052306fd76793d5d5ab5d9891fd1adbb  C:\Windows\system32\drivers\terminpt.sys
MD5: 6c5139e4283249518f7743d7043775b3  C:\Windows\System32\DRIVERS\tssecsrv.sys
MD5: fd1d6c73e6333be727cbcc6054247654  C:\Windows\System32\drivers\tsusbflt.sys
MD5: 01246f0baad7b68ec0f472aa41e33282  C:\Windows\system32\drivers\TsUsbGD.sys
MD5: 045acb987c650d8186c6b4a692223860  C:\Windows\system32\drivers\tsusbhub.sys
MD5: b2fa25d9b17a68bb93d58b0556e8c90d  C:\Windows\system32\DRIVERS\tunnel.sys
MD5: ee43346c7e4b5e63e54f927babbb32ff  C:\Windows\system32\DRIVERS\udfs.sys
MD5: d295bed4b898f0fd999fcfa9b32b071b  C:\Windows\system32\DRIVERS\umbus.sys
MD5: 7abbdc3b08950992d218fa1e52d52a96  C:\Windows\System32\drivers\UMDF\WpdFs.dll
MD5: af77716205c97e902e6c5b78dece2cca  C:\Windows\system32\drivers\usb8023x.sys
MD5: 7e72e7d7e0757d59481d530fd2b0bfae  C:\Windows\system32\DRIVERS\usbccgp.sys
MD5: 2352ab5f9f8f097bf9d41d5a4718a041  C:\Windows\system32\drivers\usbcir.sys
MD5: cfbce999c057d78979a181c9c60f208e  C:\Windows\system32\DRIVERS\usbehci.sys
MD5: 9d22aad9ac6a07c691a1113e5f860868  C:\Windows\system32\DRIVERS\usbhub.sys
MD5: 144da53294922a84ffaa3d90b1453745  C:\Windows\system32\drivers\USBSTOR.SYS
MD5: de014425522610bedca3821bb8c0f1d5  C:\Windows\System32\Drivers\usbvideo.sys
MD5: 5461686cca2fda57b024547733ab42e3  C:\Windows\system32\drivers\vhdmp.sys
MD5: c2f2911156fdc7817c52829c86da494e  C:\Windows\system32\drivers\vmbus.sys
MD5: d4d77455211e204f370d08f4963063ce  C:\Windows\system32\drivers\VMBusHID.sys
MD5: 7fa7f2e249a5dcbb7970630e15e1f482  C:\Windows\system32\drivers\vms3cap.sys
MD5: 472af0311073dceceaa8fa18ba2bdf89  C:\Windows\system32\drivers\vmstorfl.sys
MD5: 4c63e00f2f4b5f86ab48a58cd990f212  C:\Windows\system32\drivers\volmgr.sys
MD5: f497f67932c6fa693d7de2780631cfe7  C:\Windows\system32\drivers\volsnap.sys
MD5: 3c3c78515f5ab448b022bdf5b8ffdd2e  C:\Windows\system32\DRIVERS\wanarp.sys
MD5: 25944d2cc49e0a6c581d02a74b7d6645  C:\Windows\system32\drivers\Wdf01000.sys
MD5: a67e5f9a400f3bd1be3d80613b45f708  C:\Windows\system32\DRIVERS\WinUsb.sys
MD5: e714a1c0354636837e20ccbf00888ee7  C:\Windows\system32\drivers\WudfPf.sys
MD5: 1023ee888c9b47178c5293ed5336ab69  C:\Windows\system32\DRIVERS\WUDFRd.sys
MD5: ee29fcc244c8033e2f748d863dcbf378  C:\Windows\System32\drt.dll
MD5: aa3b91b70e79bce70ad3b190789b9574  C:\Windows\System32\drttransport.dll
MD5: 497e59d9f01c6f247e72222a61835119  C:\Windows\system32\dwmcore.dll
MD5: 754afc50022c95da7c86b7020db78136  C:\Windows\system32\dwmredir.dll
MD5: fdb73e2ffdee1f28d1af3b80e3f0fe99  C:\Windows\system32\DWrite.dll
MD5: d4f264fe23f8953d840904418220c15e  C:\Windows\system32\dxgi.dll
MD5: addb05c93272a62606599b24730bd645  C:\Windows\system32\dxp.dll
MD5: 9a892b3439884c62b04718f0303a49e9  C:\Windows\system32\eapphost.dll
MD5: 91f434ff6606ed9bdc6a05d651b69553  C:\Windows\system32\efslsaext.dll
MD5: 1060d60cca69a8136a87dbe3c8f4a467  C:\Windows\system32\EhStorAPI.dll
MD5: 256503028879103e9741a276fa24d65d  c:\windows\system32\ESENT.dll
MD5: 65eed8b27b02573948434b583dacfb39  C:\Windows\system32\EVR.dll
MD5: 5cb2886338c82e388f68557e2745200f  C:\Windows\system32\explorerframe.dll
MD5: 1e8d06aae74fed674c1156b3fea911c2  C:\Windows\system32\FaultRep.dll
MD5: f34cfada6c48daa41b996d24c7d8d3ca  C:\Windows\system32\fdPnp.dll
MD5: 674611721264013db169ec12afc9c3b6  C:\Windows\system32\fdssdp.dll
MD5: de6f4b7e62fde776f3de8e5fb5a05c48  C:\Windows\system32\fdwsd.dll
MD5: 23d3f12ca9deb6ef02dedc621ec661ac  c:\windows\system32\fntcache.dll
MD5: d0481fb85beedd30a0884be327880f80  C:\Windows\System32\framedynos.dll
MD5: e6d90dc604f407b3b5e0fd285e46b2a0  C:\Windows\system32\FVEAPI.dll
MD5: c87f28a34b3840f4b40011d170b1a159  C:\Windows\system32\FVECERTS.dll
MD5: f0d0e883ebbdc7615dc9edea0ffb2817  C:\Windows\System32\fwpuclnt.dll
MD5: 126f8331bd023178c7f0ef2f5ede16b3  C:\Windows\System32\FXSMON.DLL
MD5: 967ea5b213e9984cbe270205df37755b  C:\Windows\system32\fxssvc.exe
MD5: 19bc13711ac403feb830522e4831701b  C:\Windows\System32\gameux.dll
MD5: c84d6b9a0ac864d637db8f12ce2123a8  C:\Windows\system32\GDI32.dll
MD5: e897eaf5ed6ba41e081060c9b447a673  c:\windows\system32\gpsvc.dll
MD5: c7952d0a4c43a965a1741916bb134751  C:\Windows\System32\hgcpl.dll
MD5: f059eb4c9c256f62f196eaa439e28f74  C:\Windows\system32\hgprint.dll
MD5: e2f6cc0d191361ee94fea3957653f531  C:\Windows\system32\hidphone.tsp
MD5: 7319102526bd11b45fd66335cf90ca12  C:\Windows\System32\HotStartUserAgent.dll
MD5: 8cd1dee212e52b9c22e66dba44991d32  C:\Windows\system32\HTTPAPI.dll
MD5: 9dc23acf360aea7df55ad7a8d3fbf4e6  C:\Windows\System32\IdListen.dll
MD5: 0b31464b7b2d616bd5f7036673588ec1  C:\Windows\System32\IDStore.dll
MD5: 1d71ff7ed3dac131f25c3d9b975dee3f  C:\Windows\System32\ieapfltr.dll
MD5: 7307c4b6e9dc8611a4eade67b37ba1fe  C:\Windows\system32\IEEtwCollector.exe
MD5: f6e942eacaf8bcdd0585ec37c0aeea1e  C:\Windows\system32\IEFRAME.dll
MD5: 2a60fb02afe1b0c908462f8b82c80416  C:\Windows\system32\iertutil.dll
MD5: ae291d2064c8819550ec5bdb8a3c811b  C:\Windows\system32\IEUI.dll
MD5: b9c54120f46392100478f58f374e5709  c:\windows\system32\ikeext.dll
MD5: e7b9d5ff20ffdd4aae2ef1d1b8c27a37  C:\Windows\system32\imagehlp.dll
MD5: 2d11bc8b460957e62e4420373a0d8bda  C:\Windows\system32\imapi2.dll
MD5: 6eb0b7301e00f717bd68a742d1391faf  C:\Windows\system32\ImgUtil.dll
MD5: 4a8e2f20809cc161107faa94f6cf2685  C:\Windows\system32\IMM32.DLL
MD5: 8ce56e52002f20e5c90da3af536661f6  C:\Windows\system32\Incinerator32.dll
MD5: d27dde7e0444c7f1819f958469eb7d93  C:\Windows\System32\inetpp.dll
MD5: a90dc9abd65db1a8902f361103029952  C:\Windows\system32\IPHLPAPI.DLL
MD5: 4d65a07b795d6674312f879d09aa7663  c:\windows\system32\iphlpsvc.dll
MD5: 53946b69ba0836bd95b03759530c81ec  C:\Windows\System32\ipsecsvc.dll
MD5: 63c5906cdb3851b7fefe0159e4e283c4  C:\Windows\System32\jscript9.dll
MD5: 0060068cc288885e7ffdf18d079ca1dd  C:\Windows\system32\kerberos.DLL
MD5: 4d1bc518ff64eb70f6b9218a6fbfdef6  C:\Windows\system32\kernel32.dll
MD5: 599f7b42e0f91bbb7226b2c584b44a6c  C:\Windows\system32\KERNELBASE.dll
MD5: af75dba674e55221b7a055b0a4345f16  C:\Windows\system32\keyiso.dll
MD5: f3fb146cdbdd26fcd0cf7941c547bee4  C:\Windows\system32\kmddsp.tsp
MD5: 196b4e3f4cccc24af836ce58facbb699  C:\Windows\system32\kmsvc.dll
MD5: a4c85f362ebb7815676f1cd9cfc5ba59  C:\Windows\system32\ksuser.dll
MD5: c1585eaa67c37a05bf6f93726fafc069  c:\windows\system32\l2gpstore.dll
MD5: 6658f4404de03d75fe3ba09f7aba6a30  c:\windows\system32\listsvc.dll
MD5: 55ca01ba19d0006c8f2639b6c045e08b  c:\windows\system32\lmhsvc.dll
MD5: 74af6aa2e8b3180aadae5fe8813cb1cd  C:\Windows\System32\localspl.dll
MD5: 8ea53101ff2b15bdff934b62a8fb326d  C:\Windows\system32\logoncli.dll
MD5: 40f3befcd156b0698280a070047fdeaf  C:\Windows\system32\LPK.dll
MD5: 8b6d57c68e162097118823b526caf15f  C:\Windows\system32\lsasrv.dll
MD5: 910ed0df49a5a02059bb224b99c689d2  C:\Windows\System32\lsass.exe
MD5: 8aea9a37c1a3565a204d37c5e72ab791  C:\Windows\System32\lsm.exe
MD5: 561e13867aea0e9755ceb1eec9d0ec76  C:\Windows\system32\Macromed\Flash
 
\FlashPlayerUpdateService.exe
MD5: a69361c2d172496a291ae2b23df42654  C:\Windows\system32\Macromed\Flash
 
\FlashUtil32_21_0_0_242_pepper.exe
MD5: bfb9ee8ee977efe85d1a3105abef6dd1  C:\Windows\system32\Mcx2Svc.dll
MD5: b049a75bd074fc465d2bce2bf5b15d75  C:\Windows\system32\mf.dll
MD5: 5342dcca8ea8ed193acaad14a5046982  C:\Windows\system32\mfplat.dll
MD5: 243974ec02f7ae49e4179c54624143ab  c:\windows\system32\MMDevAPI.DLL
MD5: 5dce986c8d7e91b455fb3d57bf955a2a  C:\Windows\system32\mp3dmod.dll
MD5: d4191efab91e00fc09257aa5ebaf503b  C:\Windows\System32\MPRAPI.dll
MD5: 9835584e999d25004e1ee8e5f3e3b881  c:\windows\system32\mpssvc.dll
MD5: 938f39b50bafe13d6f58c7790682c010  C:\Windows\system32\MSASN1.dll
MD5: 7f8678c59f188528d60104e697c2361e  C:\Windows\system32\mscms.dll
MD5: 84b460bb65567ed42dd605fa044db370  C:\Windows\system32\MSCTF.dll
MD5: 7069aab8536f29ed7323140973a2894b  C:\Windows\system32\msdmo.dll
MD5: 3a16ea01fcfaab40882db5bfee632322  C:\Windows\system32\MsftEdit.dll
MD5: 63a16c06142dc21b143c1694f0e98fd4  C:\Windows\system32\MSHTML.dll
MD5: d7c4abb0f1ffa371928eed0c7a6e24dc  C:\Windows\system32\msi.dll
MD5: f61a069a5517f85662ed9a6c5ad5445a  C:\Windows\system32\msiexec.exe
MD5: 298fde634538b62ceeec266d8773b21a  C:\Windows\system32\msls31.dll
MD5: 3cc0ef43c256d0a28c908f36ad06963d  C:\Windows\system32\msmpeg2adec.dll
MD5: 7c135c38ec6586f7562cfbc184a514e2  C:\Windows\system32\msmpeg2vdec.dll
MD5: c52ce534397e1d3a442fb4c88a3cbe42  C:\Windows\System32\msonpmon.dll
MD5: 387a8a473ecc5ba02cf453277c1f3274  c:\windows\system32\mspatcha.dll
MD5: c90878913df3dc504790282043db5f4c  C:\Windows\system32\msprivs.DLL
MD5: c5a99a4c0dc9f0f5a95ba0c83d30a549  C:\Windows\System32\mstask.dll
MD5: 56ceed370508f69a1ba04939bd1badda  C:\Windows\system32\msutb.dll
MD5: 4a3c137270473f865fb652ce5eff2d95  C:\Windows\system32\msv1_0.DLL
MD5: 9dc80a8aaaaac397bdab3c67165a824e  C:\Windows\system32\msvcrt.dll
MD5: e94c583cde2348950155f2af2876f34d  C:\Windows\system32\mswsock.dll
MD5: 8007e4c5c9b40fb30f816f6e74284df1  C:\Windows\System32\msxml3.dll
MD5: 121e2e789be080eb86da71f95b611df2  C:\Windows\System32\msxml6.dll
MD5: 45d9f6cd2469cdb6a640dd4bd2b01471  C:\Windows\system32\NCI.dll
MD5: a4cc7227a452c4909f9499d91b184364  C:\Windows\system32\NCObjAPI.DLL
MD5: f11b94dd3c78cc2878206d84e97d6943  C:\Windows\system32\ncrypt.dll
MD5: 140d9f911182357626165ea0beb98c4f  c:\windows\system32\ncsi.dll
MD5: aa11a26692e0db2996caefe9ec61f61f  C:\Windows\system32\ndptsp.tsp
MD5: 6dcfaec6d1334aa6cdf8961db4633cbf  C:\Windows\system32\negoexts.DLL
MD5: 2fca0d2c59a855c54bafa22aa329df0f  C:\Windows\system32\NETAPI32.dll
MD5: 1ff7e4f548c7c372c804938f0d5b36ae  C:\Windows\system32\netcfgx.dll
MD5: e343cabbd8d600abaf3f11625d33b3d0  C:\Windows\system32\netjoin.dll
MD5: c1809b9907adedaf16f50c894100883b  C:\Windows\system32\netlogon.DLL
MD5: eab975db4c2805927fe5bd047d05c9aa  C:\Windows\System32\netshell.dll
MD5: 20b3934db73eaba2b49b7177873cb81f  C:\Windows\system32\netutils.dll
MD5: 3d57ffbad3ed16b63de3879bab0fb56f  C:\Windows\system32\NetworkExplorer.dll
MD5: 50e0dd0a5b8d8bc353578f2f73926697  C:\Windows\System32\nlaapi.dll
MD5: f115c5cd29e512f18bd7138a094b77e5  c:\windows\system32\nlasvc.dll
MD5: d2a937964199f647b1c3bc435712e5d9  c:\windows\system32\nrpsrv.DLL
MD5: ba387e955e890c8a88306d9b8d06bf17  c:\windows\system32\nsisvc.dll
MD5: 387d366cd459d08aebc307a8b12e13e1  C:\Windows\SYSTEM32\ntdll.dll
MD5: eb77db354791a5932ca559b6f6374e95  C:\Windows\system32\ntshrui.dll
MD5: e518b37f8c82a4320732352e4da9bf41  C:\Windows\system32\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa  C:\Windows\system32\oleacc.dll
MD5: 4ce464d543c536b2e039524c93413238  C:\Windows\system32\OLEAUT32.dll
MD5: 9cb43a3626da5d043894d743cab8dea2  C:\Windows\system32\olepro32.dll
MD5: f748f53fe09d21d8ecbb6421e6792024  c:\windows\system32\OneX.DLL
MD5: 08df1b8c9c0754a7069e80a986373f52  C:\Windows\System32\P2P.dll
MD5: 1b0ec94520cab89a9ce1b2da405166af  C:\Windows\System32\P2PCOLLAB.dll
MD5: 1372e8e8fd066002131e3d509275e697  c:\windows\system32\P2PGRAPH.dll
MD5: 52954be460ec6c54c0acb2b3b126ffc6  c:\windows\system32\pcasvc.dll
MD5: 487f44b08efeaf5ad087878357b9403d  C:\Windows\system32\pdh.dll
MD5: 7e82616bee76bf5eaa5b30f681414e21  C:\Windows\system32\perftrack.dll
MD5: 98b3c919c6b9c5f810ff2cafa339822b  C:\Windows\system32\pku2u.DLL
MD5: 414bba67a3ded1d28437eb66aeb8a720  C:\Windows\system32\pla.dll
MD5: 3d6f22551d422f97aacb0bb927e4c846  C:\Windows\System32\pnidui.dll
MD5: e98278865e8daba21cfe5fe4be34210a  C:\Windows\system32\PortableDeviceApi.dll
MD5: 81490fdae27f0082e5cc2dc78dca96fa  C:\Windows\System32\portabledeviceclassextension.dll
MD5: c693e642acfbdd76433af6be3c3eee6f  C:\Windows\System32\portabledeviceconnectapi.dll
MD5: 03cf941d031f30272d3063e5a4d686f5  C:\Windows\System32\PrintIsolationProxy.dll
MD5: c8333f1f77a1b2e25f2202e892caf634  C:\Windows\system32\prnfldr.dll
MD5: fd9692a3d31e021207d3c2a9dddc2be3  c:\windows\system32\profsvc.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a  C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8  c:\windows\system32\provsvc.dll
MD5: 02530b0b7e048dd5ac8d52daeacaeb2b  C:\Windows\System32\QAgent.dll
MD5: 61d57a5d7c6d9afe10e77dae6e1b445e  C:\Windows\system32\qagentRT.dll
MD5: e585445d5021971fae10393f0f1c3961  c:\windows\system32\qmgr.dll
MD5: bd626ef05967d14c772b8096292731a3  C:\Windows\System32\QUtil.dll
MD5: 7ffd52d73352806969d424ef327d10a7  C:\Windows\system32\radardt.dll
MD5: 207cf171b1c6b8ae50c1fbf87363eebc  C:\Windows\System32\raschap.dll
MD5: cb9e04dc05eacf5b9a36ca276d475006  c:\windows\system32\rasmans.dll
MD5: 67f9b5c7e215b48f9256757e9cc09a7b  C:\Windows\system32\rasppp.dll
MD5: b2e1e4a16edd02396f451f915fa3cbfa  C:\Windows\system32\rastapi.DLL
MD5: 2af094c822bd6094f14a8e85fb51d52a  C:\Windows\system32\RESUTILS.DLL
MD5: 3e74e11a72a2318aca5df36c970c5d51  C:\Windows\system32\RPCRT4.dll
MD5: 5997d769cdb108390dcfaebf442bf816  C:\Windows\system32\RpcRtRemote.dll
MD5: 7660f01d3b38aca1747e397d21d790af  c:\windows\system32\rpcss.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159  C:\Windows\System32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859  C:\Windows\system32\samcli.dll
MD5: 795f356f6027fca3fd4ad5f3ccd904b7  C:\Windows\system32\SAMLIB.dll
MD5: 2d366cb2a6f0e4f7676b0cc250202b59  C:\Windows\system32\SAMSRV.dll
MD5: 8124944ec89d6a1815e4e53f5b96aaf4  C:\Windows\system32\scecli.DLL
MD5: b3bc38b886ca53c92d52ef724a9f0d45  C:\Windows\system32\SCESRV.dll
MD5: 3369d021265e369d57317d61fa86dd79  C:\Windows\system32\scext.dll
MD5: 5490a3788cf61248dc3423f279abf876  C:\Windows\system32\schannel.DLL
MD5: a42e7748be906434c5fd17161d168c20  C:\Windows\system32\SCHEDCLI.DLL
MD5: 9060b8d5bcd5f2b019249f85e3d811f3  c:\windows\system32\schedsvc.dll
MD5: 08236c4bce5edd0a0318a438af28e0f7  C:\Windows\System32\SDRSVC.dll
MD5: 38cbffed5fc39cdfe6b4014401ed2629  C:\Windows\system32\seclogon.dll
MD5: f07dbb814dd09acaae456dca10acbefa  C:\Windows\system32\secur32.dll
MD5: 0780a42dbd7d9969f9bf4a19aa4285b5  C:\Windows\System32\services.exe
MD5: 4ae380f39a0032eab7dd953030b26d28  C:\Windows\system32\sessenv.dll
MD5: 10fb16b50affda6d44588f3c445dc273  C:\Windows\system32\SETUPAPI.dll
MD5: f14a9b1778376d0b1788e402ac1f831a  C:\Windows\System32\shacct.dll
MD5: 2c4a87ca8c00e98efdcfa2e8ec9a3503  C:\Windows\System32\shdocvw.dll
MD5: f811b932e3dba308014f8c870f752f16  C:\Windows\system32\shell32.DLL
MD5: 8cc3c111d653e96f3ea1590891491d71  C:\Windows\system32\SHLWAPI.dll
MD5: 414da952a35bf5d50192e28263b40577  c:\windows\system32\shsvcs.dll
MD5: 6bc921ff016a5bd8ec60578acbf3324f  C:\Windows\System32\smss.exe
MD5: 2cfa4569350b7f84f815e9ec34e85766  C:\Windows\system32\SndVolSSO.DLL
MD5: 4b9e4ce667df26ada061aa81e9aa841d  C:\Windows\system32\SPFILEQ.dll
MD5: cd72c6406ba561bed6d42cb145e55307  C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll
MD5: 629181c26a78eb66b0b4e774e5ac2882  C:\Windows\System32\SPOOLSS.DLL
MD5: 866a43013535dc8587c258e43579c764  C:\Windows\System32\spoolsv.exe
MD5: 971a36c4827ad1ae2a54e6407478921a  C:\Windows\system32\SPP.dll
MD5: 8e4b58e12b3fa65ed1462846906e0b59  C:\Windows\system32\SPPC.DLL
MD5: cf87a1de791347e75b98885214ced2b8  C:\Windows\system32\sppsvc.exe
MD5: b0180b20b065d89232a78a40fe56eaa6  C:\Windows\system32\sppuinotify.dll
MD5: ce292c4c10b8db6070f262ea2733f0dc  c:\windows\system32\sqmapi.dll
MD5: 674b0c0f6a448eb185caab9c51d44032  C:\Windows\System32\srchadmin.dll
MD5: 9ab8911144c6ed982189e89752c9975b  C:\Windows\system32\SrClient.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87  C:\Windows\system32\srvcli.dll
MD5: d64af876d53eca3668bb97b51b4e70ab  c:\windows\system32\srvsvc.dll
MD5: 89e783711af91af09e1ef30ef3107446  C:\Windows\system32\SSCORE.DLL
MD5: b96c54cacf98a9065331aec9e3490687  C:\Windows\system32\SSPICLI.DLL
MD5: 01eb167cb5796caf1f4ebaa717e671d8  C:\Windows\system32\SspiSrv.dll
MD5: 912649a1b3f9e6acb3899fbdaba2ed5f  C:\Windows\system32\stobject.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6  C:\Windows\system32\sxs.dll
MD5: 364455805e64882844ee9acb72522830  C:\Windows\system32\sxssrv.DLL
MD5: 2ddea2c345da5bc589efd398f220db0e  C:\Windows\System32\SyncCenter.dll
MD5: d23e615e0969aecc1134e372b0b295d1  C:\Windows\system32\SYNCENG.dll
MD5: 20a20a911cd79a6f6839167149a05668  C:\Windows\system32\syncui.dll
MD5: 4ee25ac85afc3fd67d9f57ecdf566ff2  c:\windows\system32\sysmain.dll
MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e  C:\Windows\system32\SYSNTFY.dll
MD5: 763fecdc3d30c815fe72dd57936c6cd1  C:\Windows\System32\TabSvc.dll
MD5: 613bf4820361543956909043a265c6ac  c:\windows\system32\tapisrv.dll
MD5: 1c3e8371377e988b683797a132effe1b  C:\Windows\system32\taskcomp.dll
MD5: 4f2659160afcca990305816946f69407  C:\Windows\System32\taskeng.exe
MD5: 72e953215cade1a726c04aafdf6b463d  C:\Windows\System32\taskhost.exe
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc  C:\Windows\system32\taskschd.dll
MD5: eafc149cd3bd78c443e31bb157841197  C:\Windows\system32\tbs.dll
MD5: b390c1d825c7687493bede237c6c2f25  C:\Windows\System32\tcpmon.dll
MD5: fcfd4f50419b4bc72e80066da10d2e54  C:\Windows\System32\termsrv.dll
MD5: 672d7c5080acb003343006405da2e621  C:\Windows\system32\thumbcache.dll
MD5: 83c9840cf87a0ca55526327801716d27  C:\Windows\system32\timedate.cpl
MD5: 59a55027d3239bdfb3c06eeda15efcbb  C:\Windows\system32\tspkg.DLL
MD5: c9708c9f3dba3dbfb1d2fee1e9dabad0  C:\Windows\system32\twext.dll
MD5: b804eaa9e037580f96c22537c2ecb62a  C:\Windows\system32\UBPM.dll
MD5: 8b285bdab7735fdfb18e6f7122923b77  C:\Windows\System32\UIAnimation.dll
MD5: d33e95c0a2754061233b58dc41f8094c  C:\Windows\system32\umb.dll
MD5: ec7bc28d207da09e79b3e9faf8b232ca  c:\windows\system32\umpnpmgr.dll
MD5: f87d30e72e03d579a5199ccb3831d6ea  c:\windows\system32\umpo.dll
MD5: 409994a8eaceee4e328749c0353527a0  C:\Windows\System32\umrdp.dll
MD5: 377f0c1ddbfa6a43cb7e7568bc0eced0  C:\Windows\system32\unimdm.tsp
MD5: e675de8cf57d8814218733b3dae896d7  C:\Windows\system32\uniplat.dll
MD5: 954ea9b34f155c844b11f4047a8f6f89  C:\Windows\system32\upnp.dll
MD5: 92447454d422b61098722f3e32fda108  C:\Windows\system32\urlmon.dll
MD5: 923cdd30092db73ec4a0ebcddd16c686  C:\Windows\System32\usbmon.dll
MD5: 4c5a23ae4f5157f579c89736ea5d42ce  C:\Windows\system32\USER32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b  C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223  c:\windows\system32\userinit.exe
MD5: 3553707b119ad5aaf1f31bff5517a093  C:\Windows\system32\USP10.dll
MD5: a12829e9974f57e9b5dbfea7c93190f6  C:\Windows\system32\UXINIT.dll
MD5: c3cd30495687c2a2f66a65ca6fd89be9  C:\Windows\System32\vds.exe
MD5: 80b562b5b59ed850c328dd75f964f3d8  C:\Windows\system32\vpnike.dll
MD5: 13337a3fb17f2242487fd45488ed0485  C:\Windows\system32\VSSAPI.DLL
MD5: 209a3b1901b83aeb8527ed211cce9e4c  C:\Windows\system32\vssvc.exe
MD5: 5ae88135c6a86fcd67ba16afbb1c8389  C:\Windows\system32\wbem\esscli.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a  C:\Windows\system32\wbem\FastProx.dll
MD5: f148865e4ac4f715e322ea06e6e21d84  C:\Windows\system32\wbem\ncprov.dll
MD5: 371e3b05894549113d07cd3081ed55ef  C:\Windows\system32\wbem\repdrvfs.dll
MD5: 585eb475e7af55c9065256e8ffb751a1  C:\Windows\system32\wbem\wbemcore.dll
MD5: b350509b6c9296529bc464c60feeaef1  C:\Windows\system32\wbem\wbemess.dll
MD5: 701c9eb15e1e23d22f7c7184c0506673  C:\Windows\system32\wbem\wmidcprv.dll
MD5: 3cde2911462fec80064a409c07710c06  C:\Windows\system32\wbem\wmiprvsd.dll
MD5: 704314fd398c81d5f342caa5df7b7f21  C:\Windows\system32\wbemcomn.dll
MD5: 691e3285e53dca558e1a84667f13e15a  C:\Windows\system32\wbengine.exe
MD5: 34eee0dfaadb4f691d6d5308a51315dc  c:\windows\system32\wcncsvc.dll
MD5: f0016853fa3f38f55fd868ff74c0359b  C:\Windows\system32\wdiasqmmodule.dll
MD5: b787a7c9b6cd553649f4148ca1add394  C:\Windows\system32\wdigest.DLL
MD5: d205c24a9d069049fe2df2a1b38726a7  C:\Windows\system32\wdmaud.drv
MD5: a399514d3b28c9a3453a486bbaaff1c7  c:\windows\system32\WDSCORE.dll
MD5: 55c70654420dbf429604fd567e6f3cd3  C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0  C:\Windows\system32\webio.dll
MD5: db846eeca70ee9d2e2ff31147c57b0f4  C:\Windows\system32\webservices.dll
MD5: 4f8ccd3e7d9f17a7c60fa0ae2466cacf  C:\Windows\System32\wer.dll
MD5: 1869bd251211fb6275067372a45682d6  C:\Windows\System32\werconcpl.dll
MD5: 241e015dd809cfb23242f890b1fc575b  c:\windows\system32\wevtsvc.dll
MD5: 019c372b1a9da73a22d0d35a4d40f5c9  C:\Windows\system32\wfapigp.dll
MD5: e2d56ae1d40e3725084054cd8e9cfbb1  C:\Windows\system32\wiarpc.dll
MD5: e1fb3706030fb4578a0d72c2fc3689e4  c:\windows\system32\wiaservc.dll
MD5: fc415b303b1ecf80b5f130a1f7203d02  C:\Windows\System32\win32spl.dll
MD5: 525b93b761dccb2d33a58ed603178228  C:\Windows\system32\windowscodecs.dll
MD5: 62a6eb5771580cae445804389f3f7432  C:\Windows\system32\windowscodecsext.dll
MD5: ca9f7888b524d8100b977c81f44c3234  C:\Windows\system32\WINHTTP.dll
MD5: 8ef022e16150bfafc7dbb795c43c6ba2  C:\Windows\system32\WININET.dll
MD5: b5c5dcad3899512020d135600129d665  C:\Windows\System32\wininit.exe
MD5: 52449fd429d6053b78ae564def303870  C:\Windows\System32\winlogon.exe
MD5: d5aefad57c08349a4393d987df7c715d  C:\Windows\system32\winmm.dll
MD5: 81c0fa250ef6dc1c6b3fa2bce81d6c2e  C:\Windows\system32\WinSATAPI.dll
MD5: 9419abf3163b6f0e3ad3dd2b381c879f  c:\windows\system32\WinSCard.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8  C:\Windows\system32\winspool.drv
MD5: 090ff4d4a003291d7579a81089d06981  C:\Windows\system32\winsrv.DLL
MD5: fd67683fba9b2c4bb551780bd8846f64  C:\Windows\system32\WINSTA.dll
MD5: d5ec42139d6a6158cf188975c50b6a60  C:\Windows\system32\WINTRUST.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202  C:\Windows\system32\wkscli.dll
MD5: 58405e4f68ba8e4057c6e914f326aba2  c:\windows\system32\wkssvc.dll
MD5: 3c9035085141162416a0dd34dbf3f3c1  c:\windows\system32\WLANMSM.DLL
MD5: 20c06a50dfc097e134bc6fa8444ca9bc  c:\windows\system32\WLANSEC.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152  C:\Windows\system32\WLDAP32.dll
MD5: 749f9795f01c35eebe100a87d82b9681  c:\windows\system32\wlgpclnt.dll
MD5: 633c2c060cf857099f6c4f8d75c952b1  C:\Windows\system32\wls0wndh.dll
MD5: 907281ed4ad35d41b29ffdc211ebad80  c:\windows\system32\WMI.dll
MD5: d412b1b72c5ab020218e9a047d90ca05  C:\Windows\system32\WMsgAPI.dll
MD5: 0f416e23dd2eb4debe70608020cfd283  C:\Windows\system32\wmvcore.dll
MD5: aa53356d60af47eacc85bc617a4f3f66  c:\windows\system32\wpdbusenum.dll
MD5: 735263da17bf5baf9ccd483843bf9d5a  C:\Windows\system32\wpdshserviceobj.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9  C:\Windows\system32\WS2_32.dll
MD5: a8cdf3768604ff95b54669e20053d569  C:\Windows\system32\wscapi.dll
MD5: 7fd5532c142db6c9cc47aa4dcf71fdec  C:\Windows\System32\wscui.cpl
MD5: 73f6c5223f7e9b5780dd4a6c30fcf569  C:\Windows\system32\wsdapi.dll
MD5: a8eb761de499242becf153b2b34f020e  C:\Windows\System32\WSDMon.dll
MD5: 81f08948a0f1475894c99d4d19a158a8  C:\Windows\System32\wshqos.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc  C:\Windows\system32\WsmSvc.dll
MD5: 6357e2b68753a1f5cf4a68a25c4fd14a  C:\Windows\System32\wsnmp32.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968  C:\Windows\system32\WTSAPI32.dll
MD5: 8c7af1c5ed43f6a19d14de7d04cf2d28  C:\Windows\system32\wuapi.dll
MD5: e51b294dc4a0a944dde468356cfbb4ac  c:\windows\system32\wuaueng.dll
MD5: 311a281f5199ec39711017530dc06b64  C:\Windows\System32\WUDFHost.exe
MD5: 9fbcfd7e88a7ace0e94456504895dd7f  c:\windows\system32\WUDFPlatform.dll
MD5: 8d1e1e529a2c9e9b6a85b55a345f7629  c:\windows\system32\wudfsvc.dll
MD5: 8549e6abf8b270cc10c31b480239e116  C:\Windows\system32\WUDFx.dll
MD5: e869ddbe1c64becea0ff26c2bee6385c  C:\Windows\System32\wups.dll
MD5: cbaa2dcabbf06bd02ba43ef846fecd88  C:\Windows\winsxs\x86_microsoft-windows-
 
servicingstack_31bf3856ad364e35_6.1.7601.18766_none_0b32a93025b365c1\cbscore.dll
MD5: fa31237caa39949ccb6944ab5c279389  C:\Windows\winsxs\x86_microsoft-windows-
 
servicingstack_31bf3856ad364e35_6.1.7601.18766_none_0b32a93025b365c1\DrUpdate.dll
MD5: 816e8c4e2b88d0cbb01ec761e76680c7  C:\Windows\winsxs\x86_microsoft-windows-
 
servicingstack_31bf3856ad364e35_6.1.7601.18766_none_0b32a93025b365c1\wcp.dll
MD5: 3cf6b86afe9203e8ece06e2e06ba0393  C:\Windows\winsxs\x86_microsoft-windows-
 
servicingstack_31bf3856ad364e35_6.1.7601.18766_none_0b32a93025b365c1\wrpint.dll
MD5: 5ff5e12f28725d14caa3b408848adffc  C:\Windows\WinSxS
 
\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
MD5: 58788565442368b0615ddaf1d452b843  C:\Windows\WinSxS\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
MD5: 885e18b2d0a445fb637850282530eb72  C:\Windows\WinSxS\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
MD5: c861ee277cd4e2d914740000161956ef  C:\Windows\WinSxS
 
\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll
 
 
No file uploaded.
 
Scan finished - communication took 3 sec
Total traffic - 0.02 MB sent, 2.13 KB recvd
Scanned 912 files and modules - 112 seconds
 
==============================================================================
 
 
============================================================================================================================================
 
# AdwCleaner v5.200 - Logfile created 15/06/2016 at 04:57:04
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-14.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : ASUS - ASUS-PC
# Running from : C:\Users\ASUS\Desktop\adwcleaner_5.200.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
============================================================================================================================================
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C2].txt - [829 bytes] - [15/06/2016 04:57:04]
C:\AdwCleaner\AdwCleaner[S4].txt - [1104 bytes] - [15/06/2016 04:50:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [974 bytes] ##########

  • 0

#15
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi BojanglesWA,

 

Is there any other issue you would like to raise?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP