Here are the files you requested Thank you again
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by pc user (administrator) on AIDRIAN (13-06-2016 17:07:45)
Running from C:\Users\pc user\Downloads
Loaded Profiles: pc user (Available Profiles: pc user & Guest)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Seablue\Seablue\chrome.exe" "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\Seablue\protect\protect.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-23] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-10] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [623520 2011-02-01] (Zbshareware Lab)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [uTorrent] => C:\Users\pc user\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9862184 2016-04-01] ()
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [BingSvc] => C:\Users\pc user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-22] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Evvtion] => regsvr32.exe "C:\Users\pc user\AppData\Local\Evvtion\AddonCommsType.dll" <===== ATTENTION
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\AASearchCompanion.exe
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-10] (Valve Corporation)
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Policies\Explorer: []
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {1180c521-0d24-11e6-82fd-c03fd54840db} - "E:\Setup.exe"
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {909d08ed-2ee4-11e6-8307-c03fd54840db} - "E:\Setup.exe"
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {909d09e6-2ee4-11e6-8307-c03fd54840db} - "E:\Setup.exe"
HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {e04aa14c-cbf7-11e5-82e7-c03fd54840db} - "E:\Setup.exe" /s
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
Startup: C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-08-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F3FAD69-C692-42CA-BF6B-5EBF143A0722}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{969DE3D7-5BB4-46AE-8537-24CFCA16E09F}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-857764097-2768608196-515561602-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-857764097-2768608196-515561602-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-857764097-2768608196-515561602-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\pc user\AppData\Roaming\BrowserExtensions\Coupons64.dll => No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF SelectedSearchEngine: Yahoo! Powered
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! Powered
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-04-01] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Soda PDF 3D Reader -> C:\Program Files (x86)\Soda PDF 3D Reader\np-previewer.dll [2015-03-06] (LULU SOFTWARE LIMITED)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-04] (Apple Inc.)
FF SearchPlugin: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\bing-.xml [2015-11-22]
FF SearchPlugin: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\yahoo! powered.xml [2016-06-12]
FF SearchPlugin: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo! powered.xml [2016-06-12]
FF Extension: Bing Search - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\Extensions\
[email protected] [2015-11-22]
FF Extension: CeuTTTHePricoe - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\Extensions\
[email protected] [2015-12-23] [not signed]
FF Extension: PSFactoryBuffer - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\Extensions\{14FF0F3D-8FCD-778F-D0A8-D76E1FF8B3FA} [2015-11-25] [not signed]
FF Extension: "Extension Ball - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@23CF0DB7E7561D1197B45A39688A1A0123CF.xpi [2016-01-06] [not signed]
FF Extension: Bing Search - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\
[email protected] [2015-11-22]
FF Extension: CeuTTTHePricoe - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\
[email protected] [2015-12-23] [not signed]
FF Extension: PSFactoryBuffer - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{14FF0F3D-8FCD-778F-D0A8-D76E1FF8B3FA} [2015-12-23] [not signed]
FF Extension: Start Page - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{3c59c791-aeec-44bb-af60-ff112eea18e3} [2016-06-11]
FF Extension: Slick Savings - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{51aa69f8-8825-4def-916a-a766c5e3c0fd} [2016-06-11]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension
FF Extension: Soda PDF 3D Reader Creator - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension [2016-02-08] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!23CF0DB7E7561D1197B45A39688A1A0123CF.js [2015-12-23] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\23CF0DB7E7561D1197B45A39688A1A0123CF [2015-12-23] <==== ATTENTION
Chrome:
=======
CHR HomePage: Default -> hxxps://ph.search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFBJFhdUw1HDFERdg0VVQ5DQhhCIg4OTFwUFAUXIVxcWFxCExNBNARaUUtXUUEeGGlxR1dMc1BPIU1dBWkDTlJRIVQ="
CHR StartupUrls: Default -> "hxxps://ph.search.yahoo.com/?type=715483&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://ph.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=715483&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03]
CHR Extension: (New Tab Helper 72) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmchalhobbejlbnkgkldeblaeijamhb [2016-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Extension Ball) - C:\Users\pc user\AppData\Local\Extension Ball\Component [2016-06-09]
CHR Profile: C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Search) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-12-23]
CHR Extension: (Google Slides) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-23]
CHR Extension: (Google Sheets) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Skype) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Yahoo Web) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-12-23]
CHR Extension: (Gmail) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-857764097-2768608196-515561602-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-05-14] (Macrovision Europe Ltd.) [File not signed]
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [784152 2015-03-06] (LULU SOFTWARE LIMITED)
R2 Seablue_protect; C:\ProgramData\Seablue\protect\protect.exe [302976 2016-05-13] ()
S2 Seablue_update; C:\Program Files (x86)\Seablue\Seablue\bin\Seablue_server.exe [492416 2016-05-13] ()
S2 SODA Manager; C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe [868688 2015-01-29] (LULU Software Limited)
S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1860888 2015-03-06] (LULU SOFTWARE LIMITED)
R2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [623384 2015-03-06] (LULU SOFTWARE LIMITED)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ADSafeSvc; C:\Program Files (x86)\ADSafe\ADSafeSvc.exe [X]
S2 UnsignedThemes; C:\Windows\unsignedthemes.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-23] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-23] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2015-12-23] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-16] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [40256 2014-09-27] (NVIDIA Corporation)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
S3 SDGame; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-10] (Synaptics Incorporated)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\PCUSER~1\AppData\Local\Temp\gkernel.sys [X]
S1 jflthvvb; \??\C:\Windows\system32\drivers\jflthvvb.sys [X]
S1 tdegpfsf; \??\C:\Windows\system32\drivers\tdegpfsf.sys [X]
S2 uxstyle; \??\C:\Windows\system32\Drivers\uxstyle.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-13 17:07 - 2016-06-13 17:07 - 00000000 ____D C:\Users\pc user\Downloads\FRST-OlderVersion
2016-06-13 17:06 - 2016-06-13 17:06 - 01610816 _____ (Malwarebytes) C:\Users\pc user\Downloads\JRT (2).exe
2016-06-13 17:06 - 2016-06-13 17:06 - 00002232 _____ C:\Users\pc user\Desktop\JRT.txt
2016-06-13 17:06 - 2016-06-13 16:59 - 00025862 _____ C:\Users\pc user\Desktop\AdwCleaner[C1].txt
2016-06-13 17:06 - 2016-06-13 16:58 - 00029889 _____ C:\Users\pc user\Desktop\AdwCleaner[S2].txt
2016-06-13 17:04 - 2016-06-13 17:04 - 01610816 _____ (Malwarebytes) C:\Users\pc user\Downloads\JRT (1).exe
2016-06-13 17:02 - 2016-06-13 17:03 - 01610816 _____ (Malwarebytes) C:\Users\pc user\Downloads\JRT.exe
2016-06-13 16:57 - 2016-06-13 16:59 - 00000000 ____D C:\AdwCleaner
2016-06-13 16:56 - 2016-06-13 16:56 - 03677248 _____ C:\Users\pc user\Downloads\adwcleaner_5.119.exe
2016-06-12 22:23 - 2016-06-13 15:23 - 00000296 _____ C:\Windows\Tasks\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}.job
2016-06-12 22:23 - 2016-06-12 22:23 - 00003442 _____ C:\Windows\System32\Tasks\pc userDermaCratonsV2
2016-06-12 22:23 - 2016-06-12 22:23 - 00002634 _____ C:\Windows\System32\Tasks\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}
2016-06-12 22:23 - 2016-06-12 22:23 - 00000000 ____D C:\Users\pc user\AppData\Roaming\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}
2016-06-12 22:22 - 2016-06-12 22:23 - 00000000 ____D C:\Users\pc user\AppData\Local\DermaCratons
2016-06-12 22:22 - 2016-06-12 22:22 - 00001204 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-06-12 22:20 - 2016-06-12 22:21 - 00000000 ____D C:\Users\pc user\Downloads\Neighbors.2.Sorority.Rising.2016.HC.HDRip.XViD.AC3-ETRG
2016-06-12 22:08 - 2016-06-12 23:33 - 00000000 ____D C:\Users\pc user\Downloads\Begin Again 2013 720p HDRip x264 AAC-JYK
2016-06-12 20:43 - 2016-06-12 20:44 - 05200384 _____ (AVAST Software) C:\Users\pc user\Downloads\aswmbr.exe
2016-06-12 20:41 - 2016-06-13 17:07 - 00024229 _____ C:\Users\pc user\Downloads\FRST.txt
2016-06-12 20:40 - 2016-06-13 17:07 - 00000000 ____D C:\FRST
2016-06-12 20:39 - 2016-06-13 17:07 - 02385408 _____ (Farbar) C:\Users\pc user\Downloads\FRST64.exe
2016-06-12 15:03 - 2016-06-12 15:24 - 333274881 ____R C:\Users\pc user\Downloads\[HorribleSubs] Naruto Shippuuden - 464 [720p].mkv
2016-06-11 18:38 - 2016-06-11 18:38 - 00000000 ____D C:\Users\pc user\Desktop\Kung Fu Panda 3 2016 1080p WEB-DL x264 AAC-JYK
2016-06-11 15:41 - 2016-06-11 15:41 - 00348160 _____ C:\~wtFAFC.tmp
2016-06-10 23:39 - 2016-06-10 23:40 - 00050593 _____ C:\Users\pc user\Downloads\dirtygrandpa2016bdripx264-geckos-english-84119.zip
2016-06-10 22:52 - 2016-06-10 22:51 - 2037866461 ____N C:\Users\pc user\Desktop\Captain.America.Civil.War.2016.1080p.HDTC.FardaDownload_ir.mkv
2016-06-09 23:02 - 2016-06-10 23:40 - 00000000 ____D C:\Users\pc user\Downloads\Dirty Grandpa (2016) [1080p] [YTS.AG]
2016-06-09 23:02 - 2016-06-09 23:02 - 00034682 _____ C:\Users\pc user\Downloads\Dirty Grandpa (2016) [1080p] [YTS.AG].torrent
2016-06-09 22:57 - 2016-06-10 05:18 - 00000000 ____D C:\Users\pc user\Downloads\Zootopia 2016 1080p HDRip x264 AC3-JYK
2016-06-09 22:54 - 2016-06-10 03:52 - 00000000 ____D C:\Users\pc user\Downloads\Dr.Seuss.The.Lorax.2012.DVDRip.LiNE.XviD.AC3.HQ.Hive-CM8
2016-06-08 23:35 - 2016-06-11 15:08 - 00000000 ____D C:\Users\pc user\AppData\Local\Chromium
2016-06-08 23:34 - 2016-06-09 17:04 - 00000000 ____D C:\Users\pc user\AppData\Roaming\DVDVideoSoft
2016-06-08 23:32 - 2016-06-12 23:23 - 00000000 ____D C:\Users\pc user\AppData\Local\{4F9079CC-6B38-1574-06A0-309C22C8CC04}
2016-06-02 12:02 - 2016-06-02 12:02 - 00296840 _____ C:\Windows\Minidump\060216-6781-01.dmp
2016-06-02 12:00 - 2016-06-02 12:00 - 00001694 _____ C:\Windows\Tasks\SeablueBrowserUpdateUA.job
2016-06-02 12:00 - 2016-06-02 12:00 - 00001686 _____ C:\Windows\Tasks\SeablueCheckTask.job
2016-06-02 12:00 - 2016-06-02 12:00 - 00000580 _____ C:\Windows\Tasks\SeablueBrowserUpdateCore.job
2016-06-01 10:46 - 2016-06-03 10:16 - 341076731 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 726 [720p].mkv
2016-06-01 09:02 - 2016-06-01 10:38 - 341104549 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 730 [720p].mkv
2016-05-30 07:36 - 2016-05-30 09:51 - 341669673 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 715 [720p].mkv
2016-05-29 16:31 - 2016-05-31 07:46 - 341641647 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 718 [720p].mkv
2016-05-29 16:28 - 2016-06-01 10:24 - 341386103 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 722 [720p].mkv
2016-05-24 12:59 - 2016-06-11 15:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-05-23 18:06 - 2016-05-23 18:56 - 560083477 _____ C:\Users\pc user\Downloads\[HorribleSubs] Naruto Shippuuden - 461 [1080p].mkv
2016-05-22 13:54 - 2016-05-22 13:54 - 00000000 ___RD C:\Users\pc user\Documents\Scanned Documents
2016-05-22 13:54 - 2016-05-22 13:54 - 00000000 ____D C:\Users\pc user\Documents\Fax
2016-05-19 21:29 - 2016-05-19 21:29 - 00014744 _____ C:\Windows\System32\Tasks\SeablueBrowserUpdateUA
2016-05-19 21:29 - 2016-05-19 21:29 - 00014738 _____ C:\Windows\System32\Tasks\SeablueCheckTask
2016-05-19 21:29 - 2016-05-19 21:29 - 00003804 _____ C:\Windows\System32\Tasks\SeablueBrowserUpdateCore
2016-05-19 21:29 - 2016-05-19 21:29 - 00000000 ____D C:\Users\Public\Documents\Seablue
2016-05-19 21:29 - 2016-05-19 21:29 - 00000000 ____D C:\ProgramData\Seablue
2016-05-19 21:18 - 2016-06-13 16:53 - 00000000 ____D C:\Program Files (x86)\Seablue
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-13 17:05 - 2015-05-14 05:16 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-857764097-2768608196-515561602-1001
2016-06-13 17:04 - 2014-03-18 18:17 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 17:04 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-06-13 17:03 - 2015-05-14 05:28 - 00000000 ____D C:\Users\pc user\AppData\Roaming\uTorrent
2016-06-13 17:01 - 2016-02-14 15:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-13 17:01 - 2015-08-06 22:28 - 00004962 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AIDRIAN-pc user Aidrian
2016-06-13 17:00 - 2016-05-05 18:21 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-06-13 17:00 - 2015-07-16 10:27 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 17:00 - 2015-07-07 19:51 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-06-13 17:00 - 2015-05-15 09:30 - 00000000 ___DO C:\Users\pc user\OneDrive
2016-06-13 17:00 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 16:59 - 2015-11-11 10:09 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-06-13 16:59 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-13 16:57 - 2015-07-16 10:27 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 16:06 - 2015-05-14 06:54 - 00000000 ____D C:\Users\pc user\AppData\Roaming\vlc
2016-06-13 15:32 - 2016-05-05 18:21 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-06-13 02:00 - 2015-05-14 08:46 - 00000000 ____D C:\Users\pc user\AppData\Local\Adobe
2016-06-12 22:23 - 2015-11-03 10:42 - 00000464 __RSH C:\ProgramData\ntuser.pol
2016-06-12 22:22 - 2015-11-03 10:41 - 00001228 _____ C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-06-12 18:34 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 18:34 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-11 15:34 - 2016-04-03 19:32 - 00000000 ____D C:\Users\pc user\Downloads\Kung Fu Panda 3 2016 1080p WEB-DL x264 AAC-JYK
2016-06-11 15:07 - 2015-08-05 23:11 - 00000000 ____D C:\Program Files\Rainmeter
2016-06-10 23:22 - 2015-06-30 21:14 - 00000000 ___RD C:\Users\pc user\Desktop\College stuff
2016-06-09 18:10 - 2015-11-22 19:06 - 00000000 ____D C:\Users\pc user\AppData\Roaming\Skype
2016-06-09 11:11 - 2015-05-14 05:11 - 00000000 ____D C:\Users\pc user\AppData\Local\Packages
2016-06-09 07:57 - 2016-01-06 20:51 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-09 07:05 - 2015-11-25 19:34 - 00000000 ____D C:\Users\pc user\AppData\Local\Evvtion
2016-06-09 07:01 - 2015-12-23 08:30 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-09 03:12 - 2015-05-14 05:11 - 00000000 ____D C:\Users\pc user
2016-06-09 00:32 - 2015-11-03 11:42 - 00000195 _____ C:\Users\pc user\AppData\Roaming\WB.CFG
2016-06-02 12:02 - 2016-02-01 00:24 - 00000000 ____D C:\Windows\Minidump
2016-05-31 16:02 - 2015-06-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-27 01:37 - 2015-11-22 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 21:18 - 2015-05-23 10:55 - 00000000 ____D C:\Users\pc user\AppData\Roaming\GarenaPlus
2016-05-26 21:18 - 2015-05-23 10:54 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-05-26 21:17 - 2016-05-07 08:57 - 00000000 ____D C:\Program Files (x86)\GarenaLoLPH
2016-05-19 21:29 - 2016-04-05 21:16 - 00002127 _____ C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 12:45 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2016-05-10 13:28 - 2016-05-10 13:28 - 0045270 _____ () C:\Users\pc user\AppData\Roaming\room_v3.dat
2015-11-03 11:42 - 2016-06-09 00:32 - 0000195 _____ () C:\Users\pc user\AppData\Roaming\WB.CFG
2015-05-14 05:16 - 2015-05-14 05:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-19 09:36 - 2015-06-19 09:36 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Files to move or delete:
====================
C:\Windows\Tasks\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}.job
Some files in TEMP:
====================
C:\Users\pc user\AppData\Local\Temp\ADSafe.30619-10.exe
C:\Users\pc user\AppData\Local\Temp\ADSafe.30619-12.exe
C:\Users\pc user\AppData\Local\Temp\AutoUI.exe
C:\Users\pc user\AppData\Local\Temp\BaiduAn.Setup.0528.4.0.0.8029_1050123308.exe
C:\Users\pc user\AppData\Local\Temp\HY_Setup_duba04.exe
C:\Users\pc user\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\pc user\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\pc user\AppData\Local\Temp\libeay32.dll
C:\Users\pc user\AppData\Local\Temp\msvcr120.dll
C:\Users\pc user\AppData\Local\Temp\PH_160505to160506.exe
C:\Users\pc user\AppData\Local\Temp\PH_160506to160519.exe
C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16908.217_78223_Silence.exe
C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_72545_Silence.exe
C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_72547_Silence.exe
C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_72549_Silence.exe
C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.2.17063.223_73589_Silence.exe
C:\Users\pc user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\pc user\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\pc user\AppData\Local\Temp\sqlite3.dll
C:\Users\pc user\AppData\Local\Temp\TwinklyUgandan.dll
C:\Users\pc user\AppData\Local\Temp\uninst.exe
C:\Users\pc user\AppData\Local\Temp\WebCompanionInstaller.exe
C:\Users\pc user\AppData\Local\Temp\ytb.exe
C:\Users\pc user\AppData\Local\Temp\{096F62AF-3705-4BBF-8D36-0E500F0EC071}.dll
C:\Users\pc user\AppData\Local\Temp\{0A311363-F5A7-48F2-A442-E2549B328F2D}.dll
C:\Users\pc user\AppData\Local\Temp\{166F6336-9F04-4764-9B56-665A6F45A61E}.dll
C:\Users\pc user\AppData\Local\Temp\{19CAB985-2C95-47FA-B8B3-63FA5FDE5A27}.dll
C:\Users\pc user\AppData\Local\Temp\{1F384ADB-89D0-4461-B6CC-7287549980F8}.dll
C:\Users\pc user\AppData\Local\Temp\{23646C90-F133-44A3-A5DC-BF922814B163}.dll
C:\Users\pc user\AppData\Local\Temp\{284B205E-FC56-4605-8A27-AC968F4BBDEB}.dll
C:\Users\pc user\AppData\Local\Temp\{2B1531AC-D465-44C6-B86D-E4BC5D314244}.dll
C:\Users\pc user\AppData\Local\Temp\{2CD5E6B6-FFEA-41A0-B566-D4C8EE6EDAF1}.dll
C:\Users\pc user\AppData\Local\Temp\{2E986700-C5DD-4B65-9073-BF002E4E3134}.dll
C:\Users\pc user\AppData\Local\Temp\{33875205-CAFF-4B35-95BB-FD968C4A2446}.dll
C:\Users\pc user\AppData\Local\Temp\{35576FB5-A863-4522-88B7-28B6FAFAF56E}.dll
C:\Users\pc user\AppData\Local\Temp\{36A01A3E-ECE0-4C3D-BB13-5E3637718BAB}.dll
C:\Users\pc user\AppData\Local\Temp\{3A7CA92D-CBDC-4460-A724-94DF3C19D6E8}.dll
C:\Users\pc user\AppData\Local\Temp\{419EFC88-9BC1-47CD-A518-EE95102E0342}.dll
C:\Users\pc user\AppData\Local\Temp\{466DFD1B-9DD6-4CD9-B683-4171018E3BCA}.dll
C:\Users\pc user\AppData\Local\Temp\{4AE1FD6D-5E83-4BF2-B0D1-E91D627F25A5}.dll
C:\Users\pc user\AppData\Local\Temp\{59E09975-09D9-4446-8D36-11D137FC51D5}.dll
C:\Users\pc user\AppData\Local\Temp\{6468A887-34EB-49B3-A2A4-2B34EDC49A4B}.dll
C:\Users\pc user\AppData\Local\Temp\{64DAE3FD-36A3-4DB6-8DB6-91856F38007B}.dll
C:\Users\pc user\AppData\Local\Temp\{6DAA8633-B042-47E0-8584-82F4FCC14253}.dll
C:\Users\pc user\AppData\Local\Temp\{70D43CC8-1AA4-4851-90A7-5AA9257E6CB4}.dll
C:\Users\pc user\AppData\Local\Temp\{7705897A-9999-4EE8-B90E-7AE313339D8B}.dll
C:\Users\pc user\AppData\Local\Temp\{79732A6E-4A25-40C5-B325-7A1D15EED688}.dll
C:\Users\pc user\AppData\Local\Temp\{7B437477-0543-42F3-B29D-144FE738EC33}.dll
C:\Users\pc user\AppData\Local\Temp\{7C429103-5581-4007-841A-DE17FE1934C4}.dll
C:\Users\pc user\AppData\Local\Temp\{7CC2989D-B051-47F6-9C17-0D4E9DAECC5A}.dll
C:\Users\pc user\AppData\Local\Temp\{879BFDF9-A88A-44E9-B451-549970E66ABE}.dll
C:\Users\pc user\AppData\Local\Temp\{979842C1-2DCB-4362-B3BB-93CE323F731A}.dll
C:\Users\pc user\AppData\Local\Temp\{A1A30823-57F9-4498-B524-0CAF1821D694}.dll
C:\Users\pc user\AppData\Local\Temp\{AA89F54D-298A-4126-B852-3ED0BB41F8EC}.dll
C:\Users\pc user\AppData\Local\Temp\{AE6916DB-D0D8-4FA5-B95D-2834EF29926A}.dll
C:\Users\pc user\AppData\Local\Temp\{B3006AB4-8DDC-4A51-BEF1-D9B567F208CD}.dll
C:\Users\pc user\AppData\Local\Temp\{B8FD3891-EE2B-479E-9BF4-DCDF1D2AC3B3}.dll
C:\Users\pc user\AppData\Local\Temp\{B905C6C0-0831-4DA1-A4CF-CF6BBB965DD9}.dll
C:\Users\pc user\AppData\Local\Temp\{C2B64548-0962-40AA-9A1F-DD9AD0ECFE52}.dll
C:\Users\pc user\AppData\Local\Temp\{C6D01889-62D4-45B2-A707-DBA1D80AF5D9}.dll
C:\Users\pc user\AppData\Local\Temp\{C865E543-1881-4F03-8DE3-49BBE406DB20}.dll
C:\Users\pc user\AppData\Local\Temp\{D8BED6D6-D66A-46F7-A081-ED7169548C2A}.dll
C:\Users\pc user\AppData\Local\Temp\{E26C1BB4-CE9E-4EB1-9E66-F44EB1FC41C3}.dll
C:\Users\pc user\AppData\Local\Temp\{E2E09D9B-29AE-46B9-A2C1-A803BE9885A3}.dll
C:\Users\pc user\AppData\Local\Temp\{E7154392-98A3-48FF-A88A-89AB015FF5B2}.dll
C:\Users\pc user\AppData\Local\Temp\{E7A6D082-8E10-4985-B0D4-13A8C3F59E62}.dll
C:\Users\pc user\AppData\Local\Temp\{F01BAC7F-D52E-4CAD-BF60-AC136621CFE8}.dll
C:\Users\pc user\AppData\Local\Temp\{F4099261-07CB-488A-9DB9-312211F0448F}.dll
C:\Users\pc user\AppData\Local\Temp\{F6D7CC8F-AD87-4628-8241-8E2EC1116FB7}.dll
C:\Users\pc user\AppData\Local\Temp\{F7BB008E-D64F-4F30-8DFB-292804A73D1F}.dll
C:\Users\pc user\AppData\Local\Temp\{FB30BD43-66F6-414A-837F-54E14B12275C}.dll
C:\Users\pc user\AppData\Local\Temp\{FD61FAAA-E081-4B07-A1BF-4D33761374BE}.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-07 06:52
==================== End of FRST.txt ============================