Jump to content

Adobe Flash Player Virus?


Recommended Posts

Hi all,

 

I have uninstalled adobe flash player from my computer. However, when i start my computer there is still adobe_flash_player.exe running in the background as shown in photo. When I open the file location, the exe file was not seen in there (hidden files option is ticked). I occasionally get a Internet explorer popup under that same process which says Message from webpage <<<<<<Are you sure you do not want the voucher?">>>>>> 

 

30996386127809907389.jpg

Any help please?

 

Thanks! 

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

RogueKiller V10.11.2.0 [Oct 20 2015] by Adlice Software





 

Operating System : Windows 10 (10.0.10240) 64 bits version

Started in : Normal mode

User : WAIHOE [Administrator]

Started from : C:\Users\wai\Downloads\RogueKiller.exe

Mode : Scan -- Date : 10/24/2015 01:56:16

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA THNSNH128GMCT +++++

--- User ---

[MBR] 92a747b20f356620c75760b234f32e51

[bSP] 399d4b37cffff427858313eab2bc7bab : Empty|VT.Unknown MBR Code

Partition table:

0 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB

1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 100 MB

2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB

3 - Basic data partition | Offset (sectors): 1288192 | Size: 121018 MB

4 - [sYSTEM][MAN-MOUNT]  | Offset (sectors): 249135104 | Size: 450 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: WDC WD10EZEX-21M2NA0 +++++

--- User ---

[MBR] b779f06ce091b7effa2e50c8d9456c2f

[bSP] 598090bd3efda4a5e3bc556a204da81a : Empty|VT.Unknown MBR Code

Partition table:

0 - Basic data partition | Offset (sectors): 2048 | Size: 669734 MB

1 - Basic data partition | Offset (sectors): 1371619328 | Size: 267227 MB

2 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1918902038 | Size: 16898 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01

Ran by WAIHOE (administrator) on WAIHOE (24-10-2015 01:52:10)

Running from C:\Users\wai\Downloads

Loaded Profiles: WAIHOE (Available Profiles: WAIHOE)

Platform: Windows 10 Home (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe

(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Abobe Systems Incorporated) C:\ProgramData\Adobe\adobe_flash_player.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2014-11-19] (Realtek Semiconductor)

HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2538328 2015-05-24] (Juniper Networks, Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3779496 2015-10-19] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

HKLM\...\Policies\Explorer\Run: [Adobe Flash Player] => C:\ProgramData\Adobe\adobe_flash_player.exe [112640 2015-08-20] (Abobe Systems Incorporated)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Run: [baiduYunGuanjia] => C:\Users\wai\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe [4962072 2015-05-07] ()

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Run: [Office Timeline Performance Helper] => C:\Program Files (x86)\Office Timeline\Current\OfficeTimelineStartup.exe [13056 2014-12-19] (OfficeTimeline LLC)

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-07-10] (Microsoft Corporation)

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-21] (Tonec Inc.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File

ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Set FUJIFILM PC AutoSave to stby.lnk [2015-10-06]

ShortcutTarget: Set FUJIFILM PC AutoSave to stby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.)

Startup: C:\Users\wai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-06]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy: Restriction - Chrome <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{d6e23bb5-62e4-4330-b72e-ec37a18af02a}: [DhcpNameServer] 192.168.1.254

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm

SearchScopes: HKU\S-1-5-21-845403622-1957151774-1695624280-1001 -> {A342AF88-3A18-4BB1-A512-A28FC84CF325} URL = 

SearchScopes: HKU\S-1-5-21-845403622-1957151774-1695624280-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-11] (Oracle Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-11] (Oracle Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-22] (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-22] (Oracle Corporation)

DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab

DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)

 

FireFox:

========

FF ProfilePath: C:\Users\wai\AppData\Roaming\Mozilla\Firefox\Profiles\dhnz65ea.default-1445615839227

FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-11] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-11] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\3.8.0.51\npbdyy.dll [No File]

FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\wai\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2015-05-07] (Baidu.com, Inc.)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-22] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

FF Plugin HKU\S-1-5-21-845403622-1957151774-1695624280-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.48C\npAliSSOLogin.dll [No File]

FF Plugin HKU\S-1-5-21-845403622-1957151774-1695624280-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.48C\npwangwang.dll [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-15] (Apple Inc.)

FF HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\wai\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\wai\AppData\Roaming\IDM\idmmzcc5 [2015-10-24] [not signed]

FF HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\wai\AppData\Roaming\IDM\idmmzcc5

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxp://google.com.sg/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()

CHR Profile: C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Replace Favicon) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-10-23]

CHR Extension: (Google Docs) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]

CHR Extension: (Google Drive) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

CHR Extension: (Session Manager) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-03-24]

CHR Extension: (YouTube) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Facebook Chat Layout) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\boihdhneeghabgieifcfinfempokflon [2015-06-15]

CHR Extension: (Google Search) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhapiedbmffnpkahkcjdjpikmodjipmd [2014-09-21]

CHR Extension: (Pixlr-o-matic) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-03-15]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]

CHR Extension: (Google Docs Offline) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]

CHR Extension: (AdBlock) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-14]

CHR Extension: (TiltShiftMaker) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2015-10-01]

CHR Extension: (DarkOrbit) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfellpkdddmaldkbohekiikcmadbdnj [2015-08-05]

CHR Extension: (Cargo Bridge) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-03-15]

CHR Extension: (Google Mail Checker) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-03-15]

CHR Extension: (Plants vs Zombies) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-03-15]

CHR Extension: (FastestFox for Chrome) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-07-24]

CHR Extension: (IDM Integration Module) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-07-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (Gmail) - C:\Users\wai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-19] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-19] (AVG Technologies CZ, s.r.o.)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-18] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-18] (Creative Labs) [File not signed]

R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)

R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-13] (Electronic Arts)

R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)

R3 athr; C:\Windows\System32\drivers\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)

R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2015-07-07] (IVT Corporation.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-19] (Intel Corporation)

R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2015-05-24] (Juniper Networks)

S4 jnprTdi_8011_56747; C:\WINDOWS\system32\Drivers\jnprTdi_8011_56747.sys [108344 2015-05-24] (Juniper Networks, Inc.)

S3 jnprva; C:\Windows\System32\drivers\jnprva.sys [30072 2014-01-20] (Juniper Networks, Inc.)

R3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2014-01-20] (Juniper Networks, Inc.)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-24] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)

S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)

S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [376024 2014-12-26] (Realsil Semiconductor Corporation)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33592 2014-11-21] (Synaptics Incorporated)

S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-12-23] (Anchorfree Inc.)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-24] ()

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

S3 jnprna; \SystemRoot\system32\DRIVERS\jnprna6.sys [X]

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-24 01:50 - 2015-10-24 01:50 - 00016148 _____ C:\WINDOWS\system32\WAIHOE_WAIHOE_HistoryPrediction.bin

2015-10-24 01:48 - 2015-10-24 01:52 - 00033829 _____ C:\Users\wai\Downloads\FRST.txt

2015-10-24 01:48 - 2015-10-24 01:52 - 00000000 ____D C:\FRST

2015-10-24 01:48 - 2015-10-24 01:48 - 00063375 _____ C:\Users\wai\Downloads\Addition.txt

2015-10-24 01:46 - 2015-10-24 01:46 - 00000272 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E876D41-E44F-4A42-B132-45B5C61BBA20}.job

2015-10-24 01:35 - 2015-10-24 01:48 - 02196480 _____ (Farbar) C:\Users\wai\Downloads\FRST64.exe

2015-10-24 01:31 - 2015-10-24 01:31 - 00000000 ____D C:\Users\wai\Downloads\SpyHunter_4.19.13.4482___Portable___Patch_MFTSOFT

2015-10-24 01:23 - 2015-10-24 01:26 - 00008326 _____ C:\WINDOWS\system32\avgrep.txt

2015-10-24 01:18 - 2015-10-24 01:39 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2015-10-24 01:18 - 2015-10-24 01:18 - 00000000 ____D C:\WINDOWS\pss

2015-10-24 01:04 - 2015-10-24 01:49 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-10-24 01:04 - 2015-10-24 01:16 - 00000000 ____D C:\ProgramData\RogueKiller

2015-10-24 01:04 - 2015-10-24 01:04 - 18838088 _____ C:\Users\wai\Downloads\RogueKiller.exe

2015-10-24 00:55 - 2015-10-24 00:55 - 00003410 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup

2015-10-24 00:55 - 2015-10-24 00:55 - 00000000 _____ C:\autoexec.bat

2015-10-23 23:20 - 2015-10-23 23:20 - 00000000 ____D C:\WINDOWS\Panther

2015-10-20 19:56 - 2015-10-20 19:56 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll

2015-10-20 19:56 - 2015-10-20 19:56 - 00466736 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98itp.dll

2015-10-19 17:37 - 2015-10-19 17:37 - 00000388 _____ C:\WINDOWS\LkmdfCoInst.log

2015-10-19 17:09 - 2015-10-19 17:09 - 00000000 _____ C:\WINDOWS\setuperr.log

2015-10-19 17:09 - 2015-10-19 17:09 - 00000000 _____ C:\WINDOWS\setupact.log

2015-10-19 17:04 - 2015-10-24 00:51 - 00001378 _____ C:\WINDOWS\PFRO.log

2015-10-18 15:33 - 2015-10-24 01:50 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log

2015-10-18 15:24 - 2015-10-18 15:24 - 00168030 _____ C:\Users\wai\Documents\cc_20151018_152405.reg

2015-10-18 15:06 - 2015-10-18 15:06 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe

2015-10-18 15:03 - 2015-10-18 15:09 - 00000000 ____D C:\Program Files\HitmanPro

2015-10-17 01:05 - 2015-10-18 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-10-14 19:12 - 2015-10-10 15:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-10-14 19:12 - 2015-10-10 14:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-10-14 19:12 - 2015-10-10 14:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-10-14 19:12 - 2015-10-06 11:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-10-14 19:12 - 2015-10-06 10:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-10-14 19:12 - 2015-10-01 12:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2015-10-14 19:12 - 2015-10-01 12:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2015-10-14 19:12 - 2015-10-01 12:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2015-10-14 19:12 - 2015-10-01 12:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2015-10-14 19:12 - 2015-10-01 12:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-10-14 19:12 - 2015-10-01 11:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2015-10-14 19:12 - 2015-09-25 12:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2015-10-14 19:12 - 2015-09-25 12:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2015-10-14 19:12 - 2015-09-25 11:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-10-14 19:12 - 2015-09-25 11:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2015-10-14 19:12 - 2015-09-25 11:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2015-10-14 19:12 - 2015-09-25 11:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-10-14 19:12 - 2015-09-25 11:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-10-14 19:12 - 2015-09-25 11:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

2015-10-14 19:12 - 2015-09-25 11:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

2015-10-14 19:12 - 2015-09-25 11:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-10-14 19:12 - 2015-09-25 11:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-10-14 19:12 - 2015-09-25 11:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2015-10-14 19:12 - 2015-09-25 11:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-10-14 19:12 - 2015-09-25 11:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2015-10-14 19:12 - 2015-09-25 11:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2015-10-14 19:12 - 2015-09-25 11:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-10-14 19:12 - 2015-09-25 11:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2015-10-14 19:12 - 2015-09-25 11:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2015-10-14 19:12 - 2015-09-25 11:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2015-10-14 19:12 - 2015-09-25 11:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2015-10-14 19:12 - 2015-09-25 11:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-10-14 19:12 - 2015-09-25 11:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-10-14 19:12 - 2015-09-25 11:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2015-10-14 19:12 - 2015-09-25 11:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-10-14 19:12 - 2015-09-25 11:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

2015-10-14 19:12 - 2015-09-25 11:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

2015-10-14 19:12 - 2015-09-25 10:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

2015-10-14 19:12 - 2015-09-25 10:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2015-10-14 19:12 - 2015-09-25 10:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-10-14 19:12 - 2015-09-25 10:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2015-10-14 19:12 - 2015-09-25 10:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

2015-10-14 19:12 - 2015-09-25 10:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-10-14 19:12 - 2015-09-25 10:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-10-14 19:12 - 2015-09-25 10:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2015-10-14 19:12 - 2015-09-25 10:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-10-14 19:12 - 2015-09-25 10:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2015-10-14 19:12 - 2015-09-25 10:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2015-10-14 19:12 - 2015-09-25 10:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2015-10-14 19:12 - 2015-09-25 10:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-10-14 19:12 - 2015-09-25 10:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2015-10-14 19:12 - 2015-09-25 10:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2015-10-14 19:12 - 2015-09-25 10:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll

2015-10-14 19:12 - 2015-09-25 10:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

2015-10-14 19:12 - 2015-09-25 10:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

2015-10-14 19:12 - 2015-09-25 10:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2015-10-14 19:12 - 2015-09-25 10:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

2015-10-14 19:12 - 2015-09-25 10:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2015-10-14 19:12 - 2015-09-25 10:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2015-10-13 23:56 - 2015-10-14 00:07 - 00000000 ____D C:\Program Files (x86)\Nitro PDF

2015-10-13 23:56 - 2015-10-13 23:56 - 00000000 ____D C:\Users\wai\AppData\Roaming\PrimoPDF

2015-10-13 23:56 - 2015-09-01 21:41 - 00095008 _____ C:\WINDOWS\system32\Primomonnt.dll

2015-10-12 22:12 - 2015-10-18 15:08 - 00000000 ____D C:\ProgramData\HitmanPro

2015-10-11 20:24 - 2015-10-11 21:37 - 223347587 _____ C:\Users\wai\Downloads\NBA.2K16.Update.1-BAT.rar

2015-10-09 19:41 - 2015-10-23 23:47 - 00000000 ____D C:\AdwCleaner

2015-10-08 19:01 - 2015-10-03 10:28 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2015-10-08 19:00 - 2015-10-03 12:58 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 37882488 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 22342264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 18387064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 16548768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 15837152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 14841232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 13525200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 12038368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 02313336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 01994360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435850.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435850.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00877176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00689968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00445216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00414000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00388048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00376112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00369272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00339064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll

2015-10-08 19:00 - 2015-10-03 12:58 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll

2015-10-08 18:45 - 2015-08-11 12:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2015-10-06 19:37 - 2015-10-06 19:37 - 00000000 ____D C:\Users\wai\Documents\ProcAlyzer Dumps

2015-10-06 18:02 - 2015-10-24 00:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-10-06 18:00 - 2015-10-24 00:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-06 18:00 - 2015-10-06 18:00 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-01 17:09 - 2015-09-17 14:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2015-10-01 17:09 - 2015-09-17 14:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2015-10-01 17:09 - 2015-09-17 14:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2015-10-01 17:09 - 2015-09-17 14:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2015-10-01 17:09 - 2015-09-17 14:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys

2015-10-01 17:09 - 2015-09-17 14:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2015-10-01 17:09 - 2015-09-17 14:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2015-10-01 17:09 - 2015-09-17 14:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2015-10-01 17:09 - 2015-09-17 14:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2015-10-01 17:09 - 2015-09-17 14:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2015-10-01 17:09 - 2015-09-17 14:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2015-10-01 17:09 - 2015-09-17 14:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2015-10-01 17:09 - 2015-09-17 14:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-10-01 17:09 - 2015-09-17 14:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2015-10-01 17:09 - 2015-09-17 14:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2015-10-01 17:09 - 2015-09-17 14:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll

2015-10-01 17:09 - 2015-09-17 14:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2015-10-01 17:09 - 2015-09-17 14:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2015-10-01 17:09 - 2015-09-17 14:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2015-10-01 17:09 - 2015-09-17 14:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2015-10-01 17:09 - 2015-09-17 14:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2015-10-01 17:09 - 2015-09-17 14:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll

2015-10-01 17:09 - 2015-09-17 14:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

2015-10-01 17:09 - 2015-09-17 14:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll

2015-10-01 17:09 - 2015-09-17 14:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2015-10-01 17:09 - 2015-09-17 14:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2015-10-01 17:09 - 2015-09-17 14:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2015-10-01 17:09 - 2015-09-17 14:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll

2015-10-01 17:09 - 2015-09-17 14:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-10-01 17:09 - 2015-09-17 14:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2015-10-01 17:09 - 2015-09-17 14:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2015-10-01 17:09 - 2015-09-17 14:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2015-10-01 17:09 - 2015-09-17 14:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2015-10-01 17:09 - 2015-09-17 14:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2015-10-01 17:09 - 2015-09-17 14:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2015-10-01 17:09 - 2015-09-17 14:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2015-10-01 17:09 - 2015-09-17 14:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2015-10-01 17:09 - 2015-09-17 14:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2015-10-01 17:09 - 2015-09-17 14:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2015-10-01 17:09 - 2015-09-17 14:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2015-10-01 17:09 - 2015-09-17 14:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-10-01 17:09 - 2015-09-17 13:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2015-10-01 17:09 - 2015-09-17 13:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2015-10-01 17:09 - 2015-09-17 13:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2015-10-01 17:09 - 2015-09-17 13:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2015-10-01 17:09 - 2015-09-17 13:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2015-10-01 17:09 - 2015-09-17 13:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2015-10-01 17:09 - 2015-09-17 13:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2015-10-01 17:09 - 2015-09-17 13:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-10-01 17:09 - 2015-09-17 13:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2015-10-01 17:09 - 2015-09-17 13:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll

2015-10-01 17:09 - 2015-09-17 13:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2015-10-01 17:09 - 2015-09-17 13:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll

2015-10-01 17:09 - 2015-09-17 13:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2015-10-01 17:09 - 2015-09-17 13:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2015-10-01 17:09 - 2015-09-17 13:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2015-10-01 17:09 - 2015-09-17 13:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2015-10-01 17:09 - 2015-09-17 13:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2015-10-01 17:09 - 2015-09-17 13:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll

2015-10-01 17:09 - 2015-09-17 13:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2015-10-01 17:09 - 2015-09-17 13:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2015-10-01 17:09 - 2015-09-17 13:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll

2015-10-01 17:09 - 2015-09-17 13:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2015-10-01 17:09 - 2015-09-17 13:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll

2015-10-01 17:09 - 2015-09-17 13:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2015-10-01 17:09 - 2015-09-17 13:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-10-01 17:09 - 2015-09-17 13:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-10-01 17:09 - 2015-09-17 13:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2015-10-01 17:09 - 2015-09-17 13:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-10-01 17:09 - 2015-09-17 13:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2015-10-01 17:09 - 2015-09-17 13:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2015-10-01 17:09 - 2015-09-17 13:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2015-10-01 17:09 - 2015-09-17 13:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll

2015-10-01 17:09 - 2015-09-17 13:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2015-10-01 17:09 - 2015-09-17 13:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2015-10-01 17:09 - 2015-09-17 13:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2015-10-01 17:09 - 2015-09-17 13:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2015-10-01 17:09 - 2015-09-17 13:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2015-10-01 17:09 - 2015-09-17 13:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2015-10-01 17:09 - 2015-09-17 13:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2015-10-01 17:09 - 2015-09-17 13:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2015-10-01 17:09 - 2015-09-17 13:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll

2015-10-01 17:09 - 2015-09-17 13:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll

2015-10-01 17:09 - 2015-09-17 13:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-10-01 17:09 - 2015-09-17 13:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2015-10-01 17:09 - 2015-09-17 13:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2015-10-01 17:09 - 2015-09-17 13:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2015-10-01 17:09 - 2015-09-17 13:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2015-10-01 17:09 - 2015-09-17 13:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2015-10-01 17:09 - 2015-09-17 13:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2015-10-01 17:09 - 2015-09-17 13:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2015-10-01 17:09 - 2015-09-17 13:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2015-10-01 17:09 - 2015-09-17 13:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2015-10-01 17:09 - 2015-09-17 13:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2015-10-01 17:09 - 2015-09-17 13:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2015-10-01 17:09 - 2015-09-17 13:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-10-01 17:09 - 2015-09-17 13:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2015-10-01 17:09 - 2015-09-17 13:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2015-10-01 17:09 - 2015-09-17 13:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2015-10-01 17:09 - 2015-09-17 13:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll

2015-10-01 17:09 - 2015-09-17 13:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2015-10-01 17:09 - 2015-09-17 13:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-10-01 17:09 - 2015-09-17 13:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2015-10-01 17:09 - 2015-09-17 13:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2015-10-01 17:09 - 2015-09-17 13:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2015-10-01 17:09 - 2015-09-17 13:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2015-10-01 17:09 - 2015-09-17 13:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll

2015-10-01 17:09 - 2015-09-17 13:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2015-10-01 17:09 - 2015-09-17 13:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2015-10-01 17:09 - 2015-09-17 13:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-10-01 17:09 - 2015-09-17 13:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2015-10-01 17:09 - 2015-09-17 13:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2015-10-01 17:09 - 2015-09-17 13:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2015-10-01 17:09 - 2015-09-17 13:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2015-10-01 17:09 - 2015-09-17 13:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2015-10-01 17:09 - 2015-09-13 10:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2015-10-01 17:09 - 2015-09-13 09:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2015-10-01 17:08 - 2015-09-19 13:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

2015-10-01 17:08 - 2015-09-17 14:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2015-10-01 17:08 - 2015-09-17 14:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll

2015-10-01 17:08 - 2015-09-17 14:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-10-01 17:08 - 2015-09-17 14:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2015-10-01 17:08 - 2015-09-17 14:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2015-10-01 17:08 - 2015-09-17 14:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2015-10-01 17:08 - 2015-09-17 14:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2015-10-01 17:08 - 2015-09-17 14:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-10-01 17:08 - 2015-09-17 14:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll

2015-10-01 17:08 - 2015-09-17 14:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2015-10-01 17:08 - 2015-09-17 14:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2015-10-01 17:08 - 2015-09-17 14:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll

2015-10-01 17:08 - 2015-09-17 14:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2015-10-01 17:08 - 2015-09-17 14:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll

2015-10-01 17:08 - 2015-09-17 14:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

2015-10-01 17:08 - 2015-09-17 14:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll

2015-10-01 17:08 - 2015-09-17 14:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2015-10-01 17:08 - 2015-09-17 14:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2015-10-01 17:08 - 2015-09-17 14:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2015-10-01 17:08 - 2015-09-17 14:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2015-10-01 17:08 - 2015-09-17 14:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2015-10-01 17:08 - 2015-09-17 14:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2015-10-01 17:08 - 2015-09-17 14:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2015-10-01 17:08 - 2015-09-17 14:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2015-10-01 17:08 - 2015-09-17 14:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll

2015-10-01 17:08 - 2015-09-17 13:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll

2015-10-01 17:08 - 2015-09-17 13:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2015-10-01 17:08 - 2015-09-17 13:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

2015-10-01 17:08 - 2015-09-17 13:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

2015-10-01 17:08 - 2015-09-17 13:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll

2015-10-01 17:08 - 2015-09-17 13:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-10-01 17:08 - 2015-09-17 13:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2015-10-01 17:08 - 2015-09-17 13:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll

2015-10-01 17:08 - 2015-09-17 13:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2015-10-01 17:08 - 2015-09-17 13:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-10-01 17:08 - 2015-09-17 13:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2015-10-01 17:08 - 2015-09-17 13:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2015-10-01 17:08 - 2015-09-17 13:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

2015-10-01 17:08 - 2015-09-17 13:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll

2015-10-01 17:08 - 2015-09-17 13:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll

2015-10-01 17:08 - 2015-09-17 13:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys

2015-10-01 17:08 - 2015-09-17 13:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll

2015-10-01 17:08 - 2015-09-17 13:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll

2015-10-01 17:08 - 2015-09-17 13:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2015-10-01 17:08 - 2015-09-17 13:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll

2015-10-01 17:08 - 2015-09-17 13:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll

2015-10-01 17:08 - 2015-09-17 13:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll

2015-10-01 17:08 - 2015-09-17 13:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll

2015-10-01 17:08 - 2015-09-17 13:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll

2015-10-01 17:08 - 2015-09-17 13:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2015-10-01 17:08 - 2015-09-17 13:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2015-10-01 17:08 - 2015-09-17 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll

2015-10-01 17:08 - 2015-09-17 13:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll

2015-10-01 17:08 - 2015-09-17 13:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2015-10-01 17:08 - 2015-09-17 13:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2015-10-01 17:08 - 2015-09-17 13:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll

2015-10-01 17:08 - 2015-09-17 13:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2015-10-01 17:08 - 2015-09-17 13:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-10-01 17:08 - 2015-09-17 13:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll

2015-10-01 17:08 - 2015-09-17 13:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll

2015-10-01 17:08 - 2015-09-17 13:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2015-09-29 20:02 - 2015-10-22 20:13 - 00000000 ____D C:\Users\wai\AppData\Roaming\Nitro PDF

2015-09-29 19:43 - 2015-10-06 18:38 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk

2015-09-29 19:43 - 2015-09-29 19:43 - 00000000 ____D C:\ProgramData\Citrix

2015-09-29 19:43 - 2015-09-29 19:43 - 00000000 ____D C:\Program Files (x86)\Citrix

2015-09-28 21:09 - 2015-09-29 20:10 - 00000000 ____D C:\Users\wai\AppData\Local\Citrix

2015-09-28 21:09 - 2015-09-29 19:59 - 00000000 ____D C:\Users\wai\AppData\Roaming\ICAClient

2015-09-28 19:41 - 2015-05-24 07:28 - 00108344 _____ (Juniper Networks, Inc.) C:\WINDOWS\system32\Drivers\jnprTdi_8011_56747.sys

2015-09-28 19:41 - 2015-05-24 04:22 - 00507192 _____ (Juniper Networks) C:\WINDOWS\system32\Drivers\jnprns.sys

2015-09-27 16:13 - 2015-10-06 18:37 - 00000680 _____ C:\Users\wai\Desktop\NBA 2K16.lnk

2015-09-27 16:13 - 2015-09-27 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K16

2015-09-24 08:05 - 2015-10-13 22:30 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-09-24 08:05 - 2015-09-24 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-24 08:05 - 2015-09-24 08:05 - 00000000 ____D C:\Program Files\iTunes

2015-09-24 08:05 - 2015-09-24 08:05 - 00000000 ____D C:\Program Files\iPod

2015-09-24 08:05 - 2015-09-24 08:05 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-09-24 08:04 - 2015-09-24 08:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2015-09-24 08:04 - 2015-09-24 08:04 - 00000000 ____D C:\Program Files\Bonjour

2015-09-24 08:04 - 2015-09-24 08:04 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-09-24 08:04 - 2015-09-24 08:04 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-09-24 07:59 - 2015-09-19 06:08 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll

2015-09-24 07:59 - 2015-09-14 08:24 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435598.dll

2015-09-24 07:59 - 2015-09-14 08:24 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435598.dll

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-24 01:50 - 2015-09-09 11:54 - 00000000 ____D C:\ProgramData\NVIDIA

2015-10-24 01:50 - 2015-07-10 20:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-10-24 01:50 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-10-24 01:50 - 2015-07-10 17:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2015-10-24 01:50 - 2014-03-15 15:04 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-24 01:50 - 2014-03-12 22:20 - 00000274 _____ C:\WINDOWS\Tasks\AutoKMS.job

2015-10-24 01:43 - 2015-09-09 12:05 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-10-24 01:18 - 2014-03-13 20:56 - 00000000 ____D C:\Users\wai\AppData\Roaming\DMCache

2015-10-24 01:03 - 2014-03-15 15:04 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-24 00:58 - 2015-09-09 11:55 - 00000000 ____D C:\Users\wai

2015-10-23 23:58 - 2014-03-15 16:56 - 00000000 ____D C:\Users\wai\AppData\Local\CrashDumps

2015-10-23 23:54 - 2014-09-03 12:40 - 00000000 ____D C:\ProgramData\MFAData

2015-10-23 23:45 - 2014-03-12 17:43 - 00000000 ____D C:\Users\wai\AppData\Local\Packages

2015-10-23 23:09 - 2014-03-12 17:47 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E876D41-E44F-4A42-B132-45B5C61BBA20}

2015-10-23 23:06 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-10-23 23:06 - 2014-10-23 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-10-23 23:03 - 2015-07-10 17:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2015-10-20 21:14 - 2015-07-10 18:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-10-19 17:37 - 2015-09-09 11:54 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys

2015-10-19 17:13 - 2014-03-13 20:56 - 00000000 ____D C:\Users\wai\AppData\Roaming\IDM

2015-10-19 17:04 - 2015-07-10 20:20 - 05187720 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-10-19 17:04 - 2014-01-18 15:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-10-19 13:32 - 2015-07-28 11:02 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys

2015-10-18 20:37 - 2015-09-15 21:24 - 00000000 ____D C:\Users\wai\AppData\Local\Deployment

2015-10-18 20:32 - 2014-04-02 11:56 - 00000000 ____D C:\Users\wai\Documents\OriginLab

2015-10-18 20:32 - 2014-04-02 11:56 - 00000000 ____D C:\Users\wai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OriginLab

2015-10-18 20:32 - 2014-04-02 11:56 - 00000000 ____D C:\Users\wai\AppData\Local\OriginLab

2015-10-18 20:32 - 2014-04-02 11:56 - 00000000 ____D C:\ProgramData\OriginLab

2015-10-18 20:31 - 2014-04-02 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab

2015-10-18 20:30 - 2014-03-13 22:29 - 00000000 ____D C:\Program Files\OriginLab

2015-10-18 10:15 - 2014-03-13 07:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-10-18 00:26 - 2014-08-15 11:41 - 00000000 ____D C:\Users\wai\AppData\Local\Adobe

2015-10-17 23:04 - 2015-09-13 19:05 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-17 01:16 - 2015-01-29 19:38 - 00000000 ____D C:\Users\wai\AppData\Roaming\vlc

2015-10-16 21:10 - 2015-05-14 16:38 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2015-10-16 21:10 - 2014-03-13 21:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-10-16 11:10 - 2015-07-10 19:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-10-16 11:10 - 2015-07-10 19:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-15 23:39 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-10-15 23:35 - 2014-03-16 23:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-10-15 23:35 - 2014-03-12 21:57 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-10-15 23:32 - 2013-08-22 21:25 - 00000288 _____ C:\WINDOWS\win.ini

2015-10-13 22:30 - 2015-09-09 20:08 - 00001065 _____ C:\Users\wai\Desktop\Adobe Lightroom.lnk

2015-10-13 22:30 - 2015-09-03 11:54 - 00001075 _____ C:\Users\wai\Desktop\Kolor Autopano Pro 4.0.lnk

2015-10-13 22:30 - 2015-08-14 21:13 - 00000877 _____ C:\Users\Public\Desktop\RICOH THETA.lnk

2015-10-13 22:30 - 2015-06-15 09:50 - 00002089 _____ C:\Users\Public\Desktop\Perfect Effects 9.lnk

2015-10-13 22:30 - 2015-05-18 18:28 - 00002105 _____ C:\Users\Public\Desktop\RAW FILE CONVERTER EX 2.0 powered by SILKYPIX.lnk

2015-10-13 22:30 - 2015-04-22 22:30 - 00001964 _____ C:\Users\wai\Desktop\DxO OpticsPro 10.lnk

2015-10-13 22:30 - 2015-04-21 18:31 - 00002053 _____ C:\Users\Public\Desktop\SILKYPIX Developer Studio Pro 6 English.lnk

2015-10-13 22:30 - 2015-04-07 18:42 - 00001059 _____ C:\Users\wai\Desktop\Capture One 8.lnk

2015-10-13 22:30 - 2015-03-08 11:48 - 00001201 _____ C:\Users\wai\Desktop\TreeSize Free.lnk

2015-10-13 22:30 - 2014-11-30 10:22 - 00002153 _____ C:\Users\Public\Desktop\Perfect Photo Suite 9.lnk

2015-10-13 22:30 - 2014-10-22 21:17 - 00001034 _____ C:\Users\wai\Desktop\Viber.lnk

2015-10-13 22:30 - 2014-03-14 21:02 - 00000908 _____ C:\Users\wai\Desktop\SNS-HDR Pro.lnk

2015-10-13 22:30 - 2014-03-14 11:38 - 00001340 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk

2015-10-13 22:30 - 2014-03-12 21:59 - 00001743 _____ C:\Users\wai\Desktop\Photoshop CS6.lnk

2015-10-12 19:02 - 2014-05-01 00:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-10-11 11:25 - 2014-06-01 09:03 - 00000085 _____ C:\WINDOWS\wininit.ini

2015-10-11 11:25 - 2014-05-01 00:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2015-10-08 20:58 - 2015-09-01 16:25 - 00000000 ____D C:\Users\wai\Desktop\Cactus Editing

2015-10-08 19:01 - 2015-09-09 11:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2015-10-07 02:45 - 2015-07-23 04:02 - 11210056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

2015-10-06 18:39 - 2015-09-09 12:25 - 00001027 _____ C:\Users\wai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk

2015-10-06 18:39 - 2015-09-09 12:12 - 00002366 _____ C:\Users\wai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-10-06 18:39 - 2014-10-22 21:17 - 00001040 _____ C:\Users\wai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk

2015-10-06 18:38 - 2015-09-09 11:57 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-06 18:38 - 2015-09-03 13:56 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk

2015-10-06 18:38 - 2015-08-14 21:13 - 00000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RICOH THETA.lnk

2015-10-06 18:38 - 2015-05-08 17:10 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk

2015-10-06 18:38 - 2015-04-22 10:26 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk

2015-10-06 18:38 - 2015-04-15 18:35 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk

2015-10-06 18:38 - 2015-01-07 21:08 - 00001342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2015-10-06 18:38 - 2015-01-07 21:08 - 00001273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2015-10-06 18:38 - 2014-12-27 00:35 - 00000870 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk

2015-10-06 18:38 - 2014-07-20 20:25 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk

2015-10-06 18:38 - 2014-03-14 09:21 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-10-06 18:38 - 2014-03-13 07:45 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-10-06 18:38 - 2014-03-12 21:42 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk

2015-10-06 18:38 - 2014-03-12 21:40 - 00001215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk

2015-10-06 18:38 - 2014-03-12 21:39 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

2015-10-06 18:38 - 2014-03-12 21:39 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

2015-10-06 18:38 - 2014-03-12 21:36 - 00001531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

2015-10-06 18:38 - 2014-03-12 21:36 - 00001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

2015-10-04 16:23 - 2014-06-03 20:59 - 01317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

2015-10-04 16:23 - 2014-03-13 23:41 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll

2015-10-04 16:22 - 2014-06-03 20:59 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll

2015-10-04 16:22 - 2014-03-13 23:41 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

2015-10-04 01:01 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2015-10-03 12:58 - 2015-07-23 04:02 - 18354984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll

2015-10-03 12:58 - 2015-07-23 04:02 - 15803800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll

2015-10-03 12:58 - 2015-07-23 04:02 - 12868120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll

2015-10-03 12:58 - 2015-07-23 04:02 - 03534888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2015-10-03 12:58 - 2015-07-23 04:02 - 03121144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2015-10-03 12:58 - 2015-07-23 04:02 - 00034392 _____ C:\WINDOWS\system32\nvinfo.pb

2015-10-03 12:58 - 2014-01-18 15:33 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2015-10-03 12:58 - 2014-01-18 15:33 - 00105264 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2015-10-03 10:38 - 2015-09-09 11:54 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2015-10-03 10:38 - 2015-09-09 11:54 - 02982704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2015-10-03 10:38 - 2015-09-09 11:54 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2015-10-03 10:38 - 2015-09-09 11:54 - 00938800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe

2015-10-03 10:38 - 2015-09-09 11:54 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2015-10-03 10:38 - 2015-09-09 11:54 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2015-10-02 23:41 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\rescache

2015-10-02 12:09 - 2014-03-14 14:54 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ___SD C:\WINDOWS\system32\F12

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\Provisioning

2015-10-01 22:09 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\L2Schemas

2015-10-01 17:30 - 2015-09-09 11:54 - 05284082 _____ C:\WINDOWS\system32\nvcoproc.bin

2015-09-29 20:44 - 2015-07-10 19:04 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-09-27 20:48 - 2014-03-22 23:47 - 00000000 ____D C:\Users\wai\AppData\Roaming\2K Sports

2015-09-24 08:05 - 2015-05-23 15:37 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-09-24 08:05 - 2014-03-14 09:21 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-09-24 08:00 - 2015-09-09 12:16 - 00000000 ____D C:\Users\wai\AppData\Local\MicrosoftEdge

 

==================== Files in the root of some directories =======

 

2014-11-26 20:25 - 2015-06-28 14:12 - 0000132 _____ () C:\Users\wai\AppData\Roaming\Adobe PNG Format CS6 Prefs

2015-03-22 12:59 - 2015-03-22 12:59 - 0001078 _____ () C:\Users\wai\AppData\Roaming\base64.cer

2014-03-14 22:58 - 2015-05-13 19:10 - 0001042 _____ () C:\Users\wai\AppData\Roaming\coreavc.ini

2014-03-23 22:05 - 2014-03-28 12:06 - 0003072 _____ () C:\Users\wai\AppData\Roaming\Photobook Designer Prefsv3

2015-07-09 21:32 - 2015-07-11 00:06 - 0014921 _____ () C:\Users\wai\AppData\Roaming\PS13_panel.log

2015-04-15 17:35 - 2015-04-15 17:35 - 0218602 _____ () C:\Users\wai\AppData\Local\ars.cache

2015-04-15 17:35 - 2015-04-15 17:35 - 0505550 _____ () C:\Users\wai\AppData\Local\census.cache

2015-04-15 17:30 - 2015-04-15 17:30 - 0000036 _____ () C:\Users\wai\AppData\Local\housecall.guid.cache

2014-03-16 09:52 - 2014-03-16 09:52 - 0000017 _____ () C:\Users\wai\AppData\Local\resmon.resmoncfg

2015-04-15 17:34 - 2015-04-15 17:34 - 0000010 _____ () C:\Users\wai\AppData\Local\sponge.last.runtime.cache

2015-05-08 21:47 - 2015-05-08 21:47 - 0005033 _____ () C:\ProgramData\mzemgkrx.fuc

2015-09-06 18:45 - 2015-09-06 18:45 - 0004157 _____ () C:\ProgramData\vwmgfbfx.iaf

 

Some files in TEMP:

====================

C:\Users\wai\AppData\Local\Temp\dllnt_dump.dll

C:\Users\wai\AppData\Local\Temp\HitmanPro.exe

C:\Users\wai\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-15 23:20

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01

Ran by WAIHOE (2015-10-24 01:52:29)

Running from C:\Users\wai\Downloads

Windows 10 Home (X64) (2015-09-09 04:10:33)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-845403622-1957151774-1695624280-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-845403622-1957151774-1695624280-503 - Limited - Disabled)

Guest (S-1-5-21-845403622-1957151774-1695624280-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-845403622-1957151774-1695624280-1003 - Limited - Enabled)

WAIHOE (S-1-5-21-845403622-1957151774-1695624280-1001 - Administrator - Enabled) => C:\Users\wai

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)

Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)

Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)

Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)

Adobe Extension Manager CS6 (HKLM-x32\...\{83463106-DD1C-4FE5-A61C-DF6715472AD4}) (Version: 6.0 - Adobe Systems Incorporated)

Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6173 - AVG Technologies)

AVG 2015 (Version: 15.0.4450 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.6173 - AVG Technologies) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version:  - )

Capture One 8.2 (HKLM\...\CaptureOne8_is1) (Version: 8.2.0.124 - Phase One A/S)

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DipStych 0.6 (HKLM-x32\...\DipStych) (Version: 0.6 - Daniel Saunders)

DxO FilmPack 3 (HKLM\...\{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}) (Version: 3.4.94.0 - DxO Labs)

DxO OpticsPro 10 (HKLM\...\{C2E56E0E-EDCA-4AB0-954C-0DAD561BDFCF}) (Version: 10.0.0 - DxO Labs)

DxO OpticsPro 10 plug-in for Adobe Lightroom (HKLM-x32\...\{79C97462-1598-48CD-B597-8B3C3C5A20B8}) (Version: 1.0.23 - DxO Labs)

EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.2.5149 - Thomson Reuters)

EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.4.0.8818 - Thomson Reuters)

Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)

FUJIFILM MyFinePix Studio 4.2b (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )

FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)

Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)

iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)

Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)

Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)

Juniper Networks Setup Client (HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks)

Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.56747 - Juniper Networks, Inc.)

Junos Pulse Core Components (x32 Version: 5.0.56747 - Juniper Networks) Hidden

Junos Pulse Drivers Add-On (Version: 5.0.56747 - Juniper Networks) Hidden

Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.56747 - Juniper Networks) Hidden

Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.56747 - Juniper Networks) Hidden

Junos Pulse UAC/NC Components (x32 Version: 5.0.56747 - Juniper Networks) Hidden

Kolor Autopano Pro 4.0 (HKLM\...\AutopanoPro4.0) (Version: V4.0.1 - Kolor)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

MegaDownloader 0.82 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 0.82 - Andres_age)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NBA 2K16 (HKLM-x32\...\NBA 2K16_is1) (Version:  - )

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)

Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)

Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)

NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)

Office Timeline (HKLM-x32\...\{DAE585BA-546F-4684-9592-6EA2D0DF071E}) (Version: 3.1.3 - Office Timeline)

OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)

Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)

Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)

RAW FILE CONVERTER EX 2.0 powered by SILKYPIX (HKLM-x32\...\InstallShield_{AB7F3624-7EFD-488F-B9B6-CB9145E398AD}) (Version: 4 - Ichikawa Soft Laboratory)

RAW FILE CONVERTER EX 2.0 powered by SILKYPIX (x32 Version: 4 - Ichikawa Soft Laboratory) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)

ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)

RICOH THETA (HKLM-x32\...\com.theta360.SphericalViewer) (Version: 1.11.1 - RICOH COMPANY,LTD.)

RICOH THETA (x32 Version: 1.11.1 - RICOH COMPANY,LTD.) Hidden

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)

Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden

SILKYPIX Developer Studio Pro 6 English (HKLM-x32\...\InstallShield_{ADB2068B-EA4D-463F-81FB-6B9BFC408B71}) (Version: 6 - Ichikawa Soft Laboratory)

SILKYPIX Developer Studio Pro 6 English (Version: 6 - Ichikawa Soft Laboratory) Hidden

SILKYPIX Developer Studio Pro 6 English Library (Version: 6.0.17.0 - Ichikawa Soft Laboratory) Hidden

SILKYPIX Developer Studio Pro 6 English Library (x32 Version:  - ) Hidden

SNS-HDR Pro v1.4.22 (HKLM\...\SNS-HDR Pro_is1) (Version:  - Sebastian Nibisz)

Sound Blaster Cinema (HKLM-x32\...\{AF2E323C-1E8A-4CE6-BE9E-B29296BF7FAE}) (Version: 1.00.03 - Creative Technology Limited)

TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)

Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1460.1 - Microsoft Corporation) Hidden

Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden

Viber (HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\Viber) (Version: 5.1.2.24 - Viber Media Inc)

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)

Windows Driver Package - AMD (amdkmpfd) System  (02/12/2015 15.20.0.0000) (HKLM\...\708AE871DE4DE98C022B914117B48025341D07B8) (Version: 02/12/2015 15.20.0.0000 - AMD)

Windows Driver Package - AMD (amdkmpfd) System  (10/27/2014 14.50.0.0000) (HKLM\...\5A7765005233CFA47E5637DE2EE4BF3DBA797BD7) (Version: 10/27/2014 14.50.0.0000 - AMD)

Windows Driver Package - Compal Electronics, INC. (RadioSwitchHid) HIDClass  (11/25/2014 1.0.0.5) (HKLM\...\41439C53BF81572B2E179478239AB8D71353CD8C) (Version: 11/25/2014 1.0.0.5 - Compal Electronics, INC.)

Windows Driver Package - Intel (ICCWDT) System  (05/04/2012 9.0.1000) (HKLM\...\AB145B4AADC822DEC6DD4C8C7B5E9F3F5A49A9CA) (Version: 05/04/2012 9.0.1000 - Intel)

Windows Driver Package - Intel (MEIx64) System  (07/07/2015 11.0.0.1157) (HKLM\...\0B20AD533A71C19F1C9AC8BB34246A06D7EAD201) (Version: 07/07/2015 11.0.0.1157 - Intel)

Windows Driver Package - Intel (MEIx64) System  (08/05/2014 10.0.27.1012) (HKLM\...\CADC45E55994710AADB2ADB82843052F67FBD1AF) (Version: 08/05/2014 10.0.27.1012 - Intel)

Windows Driver Package - INTEL System  (07/14/2015 10.1.1.9) (HKLM\...\B513C6496B243D745DB06A0B990DE74C3E72A990) (Version: 07/14/2015 10.1.1.9 - INTEL)

Windows Driver Package - Intel USB  (07/31/2013 9.4.0.1025) (HKLM\...\4AC0FF1CA4CEC00C49C2C3ED599D94F8680DEA5D) (Version: 07/31/2013 9.4.0.1025 - Intel)

Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (07/07/2015 6.2.84.274) (HKLM\...\F45E6FEBE644BB48CF40E3D98DFF3E888FD4F1AA) (Version: 07/07/2015 6.2.84.274 - IVT Corporation)

Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (11/18/2014 6.2.84.273) (HKLM\...\C3D4BA105BCE958607E67B708DED58A841AAC664) (Version: 11/18/2014 6.2.84.273 - IVT Corporation)

Windows Driver Package - Logicool (LHidFilt) Mouse  (03/18/2014 5.80.3) (HKLM\...\A9EE17D9968F2F6392C3709B2957451824365DDD) (Version: 03/18/2014 5.80.3 - Logicool)

Windows Driver Package - Logitech (LHidFilt) Mouse  (06/09/2015 5.90.38) (HKLM\...\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)

Windows Driver Package - Logitech (WmHidLo) HIDClass  (04/27/2010 5.09.129.0) (HKLM\...\9EC57E88867E92106F8E2C0F05475551EA7BF38C) (Version: 04/27/2010 5.09.129.0 - Logitech)

Windows Driver Package - Logitech DriverInterface  (03/18/2014 5.80.3) (HKLM\...\1FB720A0CEF7AF57CE7F5F5F7D3461CDE33F903C) (Version: 03/18/2014 5.80.3 - Logitech)

Windows Driver Package - Logitech DriverInterface  (06/09/2015 5.90.38) (HKLM\...\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)

Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (03/11/2015 1.3.33.0) (HKLM\...\78BA5B7C4D37420C35E5FD74DD144946964EA2C9) (Version: 03/11/2015 1.3.33.0 - NVIDIA Corporation)

Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (07/23/2015 1.3.34.3) (HKLM\...\A9D7CF80ECCA40270AA804A79DD53549877DC60E) (Version: 07/23/2015 1.3.34.3 - NVIDIA Corporation)

Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)

Windows Driver Package - Qualcomm Atheros Communications (AthBTPort) BluetoothVirtual  (07/11/2014 4.0.0.325) (HKLM\...\DDF2EA680906B1DCD24F55A23F74276210B30091) (Version: 07/11/2014 4.0.0.325 - Qualcomm Atheros Communications)

Windows Driver Package - Qualcomm Atheros Communications (BTATH_A2DP) MEDIA  (10/21/2014 8.0.0001.0334) (HKLM\...\82345FC9CC12826AC22FBD890640E3228D7B5749) (Version: 10/21/2014 8.0.0001.0334 - Qualcomm Atheros Communications)

Windows Driver Package - Qualcomm Atheros Communications (BTATH_BUS) System  (06/24/2014 4.0.0.302) (HKLM\...\F1D0D62AB241DAE33AEEB7B18B58C93AC5EF0960) (Version: 06/24/2014 4.0.0.302 - Qualcomm Atheros Communications)

Windows Driver Package - Qualcomm Atheros Communications (BTATH_HCRP) USB  (06/24/2014 4.0.0.302) (HKLM\...\7FDB810F985DEDF82F0A39A2E8BC92900F407E5D) (Version: 06/24/2014 4.0.0.302 - Qualcomm Atheros Communications)

Windows Driver Package - Qualcomm Atheros Communications (BTATH_RCP) HIDClass  (06/24/2014 5.0.0.302) (HKLM\...\BA6E71775209F137E4190CA49BC7D710983527F5) (Version: 06/24/2014 5.0.0.302 - Qualcomm Atheros Communications)

Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (12/11/2014 10.0.0.308) (HKLM\...\44801473F332D8A1DDD7CDCD273E70C8D444DB04) (Version: 12/11/2014 10.0.0.308 - Qualcomm Atheros Communications Inc.)

Windows Driver Package - Realtek Semiconduct Corp. (RTSUER) USB  (12/26/2014 6.3.9600.31208) (HKLM\...\F38DB54F6101B092A6002EE6CB22C7E7410A64C0) (Version: 12/26/2014 6.3.9600.31208 - Realtek Semiconduct Corp.)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/03/2014 6.0.1.7399) (HKLM\...\008BA2C67795A3BF0A2CD93685736770260E3CF9) (Version: 12/03/2014 6.0.1.7399 - Realtek Semiconductor Corp.)

Windows Driver Package - Synaptics (SmbDrv) System  (07/30/2013 16.3.12.43) (HKLM\...\6344DBEACF923EF4097EE8ED9196B6C1D385D7A1) (Version: 07/30/2013 16.3.12.43 - Synaptics)

Windows Driver Package - Synaptics (SmbDrv) System  (08/08/2013 16.3.7.0) (HKLM\...\5E0F9D8B984825ED5FDAB61496F0B77B3C705A4C) (Version: 08/08/2013 16.3.7.0 - Synaptics)

Windows Driver Package - Toshiba (Thotkey) HIDClass  (05/14/2013 8.0.0.5) (HKLM\...\BCC20E03A2196C39666E12CDDEB7C4E644368690) (Version: 05/14/2013 8.0.0.5 - Toshiba)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.2.6 - 百度在线网络技术北京有限公司)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

15-10-2015 23:20:16 Windows Update

18-10-2015 15:05:32 Checkpoint by HitmanPro

23-10-2015 23:57:45 JRT Pre-Junkware Removal

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 21:25 - 2015-10-24 01:16 - 00000768 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {063E9A55-D5AD-42B0-B359-DC3E1ABAD985} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {08EBC18C-3A57-4987-B054-2F693C9902D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd)

Task: {178E3A1F-FBDF-497F-BDF0-9181B9C76844} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {1F762060-B6A3-412A-96E5-FD87028FD628} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {214130C9-B2B2-461C-8ECB-934D087C5EF9} - System32\Tasks\{A3EFDA46-A2D2-40F6-A3A5-33F7C7CB1D83} => pcalua.exe -a "C:\Program Files\â¹ûTV\unins000.exe" -d "C:\Program Files\â¹ûTV"

Task: {286B209A-B63B-4508-97F5-9CE8CC5C49E7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {2B519741-605D-41CC-BC4E-C221009DD341} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {2EEBEDAD-AA17-447E-831F-C3DF3D8A371E} - System32\Tasks\{75E35EE4-FF7B-489F-BC09-27D91523B333} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.14.0.104&LastError=12002

Task: {311DA595-73FE-4C27-AF98-64E7DE4E559A} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-02-13] (Acer Incorporated)

Task: {3446A582-6F16-47FE-B9C7-3796BDC66CDF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {37818E6F-C83B-4C41-8D7F-E4E2CE816210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {4ABC0042-B0A7-49AF-8C6A-C19A537AE4A0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

Task: {4C6BA529-D02F-4362-A493-56EF0612BB05} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {6166D049-1F9D-4184-B23C-E58C23C77B6E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {89B7EF9A-2AFB-453B-9C74-FD01508117FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {94BF8E85-5DAD-47D2-A29E-B845E361BD0F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {9C396DCB-C863-4055-AE22-D624D40CF960} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

Task: {AE3FFC42-49AF-46D3-9F35-86A27FDE834F} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)

Task: {BFA35913-5B9E-4606-A2F9-1E4D8B9FF3DF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-02] (Microsoft Corporation)

Task: {D8609697-A558-430B-A6E1-9AD3A956D498} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {DA8F37D6-9556-42B5-BF75-654D6AEFF498} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {E4AA9B97-FDC0-4D9A-AEF6-05C306ED2DA3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {EB2C821D-63E9-4995-ACF5-3C63914C453A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {EB828F5C-9DE0-4E42-826F-21DAE2A14947} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {EBFE64BE-2318-4A94-B4AF-9BDDBB4C47AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {EEAD6EBF-54CA-41D9-913E-D6D86EE0CC79} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {F1867559-BC01-42DC-91C5-4FEED3D31207} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()

Task: {F748AB18-AAE6-40C2-8CED-DE26FD843208} - System32\Tasks\{C430CEF0-635A-4842-B0F0-73582F57A872} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe" -c /AppMode=SETUP /Uninstall

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E876D41-E44F-4A42-B132-45B5C61BBA20}.job => C:\WINDOWS\system32\msfeedssync.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-07-10 19:00 - 2015-07-10 19:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll

2015-09-10 03:51 - 2015-09-10 03:51 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll

2015-09-09 11:54 - 2015-10-03 10:38 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-10-13 23:56 - 2015-09-01 21:41 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll

2015-09-10 03:51 - 2015-09-10 03:51 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-10-01 17:09 - 2015-09-17 14:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-10-01 17:09 - 2015-09-17 13:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll

2015-10-01 17:08 - 2015-09-17 13:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-10-01 17:08 - 2015-09-17 13:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll

2015-07-10 19:00 - 2015-07-10 19:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll

2015-10-01 17:09 - 2015-09-17 13:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-10-01 17:09 - 2015-09-17 13:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-10-01 17:08 - 2015-09-17 13:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-10-01 17:09 - 2015-09-17 13:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2014-01-18 15:36 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll

2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll

2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll

2015-04-06 17:24 - 2015-10-04 16:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\AcerCloud:Win32App

AlternateDataStreams: C:\ProgramData:Win32App

AlternateDataStreams: C:\Program Files\Adobe:Win32App

AlternateDataStreams: C:\Program Files\CCleaner:Win32App

AlternateDataStreams: C:\Program Files\Hugin:Win32App

AlternateDataStreams: C:\Program Files\Intel:Win32App

AlternateDataStreams: C:\Program Files\MegaDownloader:Win32App

AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App

AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App

AlternateDataStreams: C:\Program Files\SNS-HDR Pro:Win32App

AlternateDataStreams: C:\Program Files\WinRAR:Win32App

AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App

AlternateDataStreams: C:\Program Files (x86)\EndNote X4:Win32App

AlternateDataStreams: C:\Program Files (x86)\EndNote X7:Win32App

AlternateDataStreams: C:\Program Files (x86)\Freemake:Win32App

AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App

AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App

AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App

AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App

AlternateDataStreams: C:\Program Files (x86)\Qualcomm Atheros:Win32App

AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App

AlternateDataStreams: C:\Program Files (x86)\RAF:Win32App

AlternateDataStreams: C:\Program Files (x86)\RICOH THETA:Win32App

AlternateDataStreams: C:\Program Files (x86)\Western Digital:Win32App

AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App

AlternateDataStreams: C:\WINDOWS\System32:Win32App

AlternateDataStreams: C:\Users\All Users:Win32App

AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App

AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App

AlternateDataStreams: C:\ProgramData\Application Data:Win32App

AlternateDataStreams: C:\ProgramData\Nero:Win32App

AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App

AlternateDataStreams: C:\Users\wai\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\wai\AppData\Local\AcerRemoteFile:Win32App

AlternateDataStreams: C:\Users\wai\AppData\Local\Temp:Win32App

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wai\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\slam-dunk-shohoku-jordan-wallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run: => "ShadowPlay"

HKLM\...\StartupApproved\Run: => "Sysdiag"

HKLM\...\StartupApproved\Run: => "InstallerLauncher"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKLM\...\StartupApproved\Run32: => "SwitchBoard"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "OV3_Monitor"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"

HKLM\...\StartupApproved\Run32: => "SDTray"

HKLM\...\StartupApproved\Run32: => "JunosPulse"

HKLM\...\StartupApproved\Run32: => "QvodTerminal"

HKLM\...\StartupApproved\Run32: => "WSHelperSetup.exe"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\StartupFolder: => "wandoujia_helper.lnk"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "AcerCloud"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "IDMan"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "OV3_Monitor"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0E658669BCACBFA5F174407F5CF7251C"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "BaiduYunGuanjia"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "WSHelperSetup.exe"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "Office Timeline Performance Helper"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "aliim"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "TweakBit\Driver Updater\Start Driver Updater оn logon"

HKU\S-1-5-21-845403622-1957151774-1695624280-1001\...\StartupApproved\Run: => "Skype"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{96BDD77C-7207-442B-B719-1D0C9552951B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{245742A0-073A-4D4B-BD8A-B6543F44E1D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{B8E2DD8E-B81E-4459-A4EF-CA7608215CD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{F9850005-664A-4904-AD76-6E9819724796}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{D2A39159-D057-41F3-9C15-D579638AC793}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{B01CE077-DEC9-40BA-BECF-8704B15832EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{3BE0FA72-B0C6-4B8A-AEC2-8931A86291EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{D79348A3-A88F-48EA-B4A8-92902106ECCA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{A92E1E64-480A-4C2E-BA43-FC81E12388DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{117474DA-C0ED-45A7-974F-89E3F06DC454}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{EF45649B-0EA9-4649-9B3B-1E110D03DEBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{9B50AB5F-04E9-46D2-8F3E-9A1A506AC9ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{81547FDD-D13E-456D-94A7-55538C79514D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{1E39DBF3-84FB-47D0-BEEC-C3590A984E9D}] => (Allow) C:\Users\wai\AppData\Roaming\Baidu\BaiduYunGuanjia\baiduyunguanjia.exe

FirewallRules: [{9BE343B7-F287-4848-B809-8391AC596298}] => (Allow) C:\Users\wai\AppData\Roaming\Baidu\BaiduYunGuanjia\baiduyunguanjia.exe

FirewallRules: [uDP Query User{1D0D88B0-A970-418C-B255-7081106EFAA9}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe

FirewallRules: [TCP Query User{906F5475-E74F-49FA-BC50-500F9A872216}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe

FirewallRules: [uDP Query User{4CB9A80D-E817-4B05-876D-3F3DF0611388}C:\program files\onone software\perfect browse 9\perfect browse 9.exe] => (Allow) C:\program files\onone software\perfect browse 9\perfect browse 9.exe

FirewallRules: [TCP Query User{925F95E6-758C-466E-9E72-7547CBD2BE9B}C:\program files\onone software\perfect browse 9\perfect browse 9.exe] => (Allow) C:\program files\onone software\perfect browse 9\perfect browse 9.exe

FirewallRules: [{A2B94C3C-4D2E-4618-8568-E058D5FB3C2D}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe

FirewallRules: [{6E34FEE4-649F-47C6-8608-CE5CDB0AC433}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe

FirewallRules: [{53378BDD-8644-4C35-9751-CAB5892DEFA5}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe

FirewallRules: [{BE9F367B-DA87-48F5-90C9-FC33E66C3617}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe

FirewallRules: [{C83F8C5D-2160-48DC-A76F-9C5F7443F2D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1C0AC7B2-A212-4A60-AD37-3D4AB1584959}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{EFE1A2AB-0516-4C90-891B-A539B9CA4CA9}] => (Allow) LPort=1900

FirewallRules: [{A415CECB-3006-4173-8034-F475E425D212}] => (Allow) LPort=2869

FirewallRules: [{36794284-5A6F-4B5F-9E6C-4474A81CD0F5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{96896B3E-2233-477D-8BD4-2ECE83CF30F0}] => (Allow) E:\Origins\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe

FirewallRules: [{C5921208-34B8-4BCF-AB50-A73D5BC32B80}] => (Allow) E:\Origins\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe

FirewallRules: [uDP Query User{AA18C99B-0A84-494D-957A-000D2933161C}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe

FirewallRules: [TCP Query User{66896819-CCC3-42FE-9AF2-88ED3A686C87}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe

FirewallRules: [{7079433A-F537-4C42-B0B9-BC0656654577}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{2D1B995D-F17B-44DC-B621-B3C1AA85CA94}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{C64FE516-FFE6-4DA1-96D3-1B83A8090ABB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{E816705F-26E9-4626-B2EB-CACB1C4A3256}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{B0A5B54A-F00F-4919-8BCC-22D474B7E7D9}] => (Allow) C:\Program Files (x86)\baidu\BaiduPlayer\3.7.0.29\BaiduMediaService.exe

FirewallRules: [{2FAC610C-ADCC-475E-B2C2-6DAF86AE985B}] => (Allow) C:\Program Files (x86)\baidu\BaiduPlayer\3.7.0.29\BaiduMediaService.exe

FirewallRules: [{3FC68B67-58A1-4FC6-84D4-A0723102E7D9}] => (Allow) C:\Program Files (x86)\baidu\BaiduPlayer\3.7.0.29\BaiduPlayer.exe

FirewallRules: [{CE2E2C7C-63EF-44EC-9AAC-50D589874ED4}] => (Allow) C:\Program Files (x86)\baidu\BaiduPlayer\3.7.0.29\BaiduPlayer.exe

FirewallRules: [{C6E96AB7-5255-4AB1-B741-F35DBE14FEF0}] => (Allow) C:\Program Files (x86)\baidu\BaiduPlayer\3.7.0.29\StatReport.exe

FirewallRules: [{32E2AC6F-6B65-4EEB-8C28-BA8763550D26}] => (Allow) C:\Program Files (x86)\baidu\BaiduPlayer\3.7.0.29\StatReport.exe

FirewallRules: [{F248B82D-5ED2-404D-B39D-ACD44C8F37AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{E5FAB321-E24E-441A-8A67-E0213E929B69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{DF2E3772-B144-4ABB-90F0-3CE6862A7797}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{A9C25094-6AF2-4F76-8C39-1AE9DDD7E4A6}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{0F72BFF4-8133-4574-972F-EF863EC3B558}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{1289CE47-37B7-44DD-BE94-686227068E32}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{99820849-8358-4CBC-91FD-44F2D38D5B88}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe

FirewallRules: [{9031685F-B01B-43AA-A754-6EC52E0D639C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe

FirewallRules: [{B051396D-C405-4EDA-86E0-F7BD98718640}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe

FirewallRules: [{F26C4BB6-5493-4D05-A78D-737916C8F111}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe

FirewallRules: [{A2E0A7F9-B5FC-428B-AFEC-899B1851B608}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe

FirewallRules: [{0F1F113C-3171-469F-9141-3EB03D01A751}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe

FirewallRules: [{29CDB954-6D96-4DE5-B611-835A467FA79D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe

FirewallRules: [{045B886F-67AF-4F24-B5D9-729FCD82660A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe

FirewallRules: [{57C1AF1F-7133-4796-B096-04ABF6FD66C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{58414FEA-791F-44D1-9D6E-4C6942CC74D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{71A95ABB-4132-4E3F-A449-52D23A157CB1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe

FirewallRules: [{2B909712-98B0-4FFC-977C-5A704543F06D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe

FirewallRules: [{8A346760-C507-47B0-BCE8-F91A235C36EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe

FirewallRules: [{4828AA70-58BE-400F-BB4D-9EBEF18A7BD7}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe

FirewallRules: [{55FEB1A5-12D8-462A-BCF5-C8EE88496D9F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{57BC4D5D-DB64-4937-8F86-1DDB7BD00848}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe

FirewallRules: [{82A5ECB2-E259-400F-8BCA-C8045F9C1C69}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe

FirewallRules: [{C14341B1-60B6-4903-8F51-82CFAA980923}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe

FirewallRules: [{16E582FA-AE79-4D93-87FE-29F3D1C69DC9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe

FirewallRules: [{9213A5F7-84DA-430C-9301-F189D7430CE6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe

FirewallRules: [{BFA6EF4D-9078-406F-9CF7-6C1010422516}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe

FirewallRules: [{17AED0E8-28EA-466A-81F7-948546CE1AEF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe

FirewallRules: [{34C46438-7121-41AE-9D99-2948489FF108}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe

FirewallRules: [{70536159-0162-47D5-BC34-58EEE453F710}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe

FirewallRules: [{C100F529-AAD2-4055-87D1-6F8EA1A2790B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe

FirewallRules: [{4736623D-C342-467B-A1D1-C861FCB0DA94}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe

FirewallRules: [{149BCE62-EF48-48C2-BFE6-B04551176C00}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe

FirewallRules: [{684D7B35-F035-4FDF-86AE-8E280E4406D2}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe

FirewallRules: [{D886D3A9-FC25-40BD-B026-DE892EC0618D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe

FirewallRules: [{EDE6C4D4-F56F-4AB7-9271-9A288EF43309}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe

FirewallRules: [{E084A72A-1821-4C64-9991-9865048F3EF9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe

FirewallRules: [{144B7FB2-DECB-49B1-A18B-A0FFF19D3D0A}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe

FirewallRules: [{1A8F6801-EB0B-4D96-9BBC-73216C225583}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe

FirewallRules: [{D675D2E0-BAC6-45C5-9783-0BB5ACD0D24F}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe

FirewallRules: [{8B65315F-A437-4D0C-8975-ACC345F578A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9CAD28EF-C4CD-4768-9FEE-848578B2BAC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E2BDA201-1F72-42E3-9EAF-102EEB4197CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0830467E-B6E0-4363-97EE-1526B1D10A75}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{104FC49A-0E76-4377-A0E5-B62913E7F53C}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{2AB30AF7-7B6E-4276-9F32-EF6D9D4A839D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{7A5578D3-2972-49F5-A069-609665E0F1D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{0B41394A-FA4A-4C2F-8DDA-8796901AFCDD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{C7F5AE71-2328-43B3-B8F1-6DD386235011}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{79FE0B90-B136-415E-86A1-F70BAB6ED859}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{FFEBC56B-244F-4B7A-B54A-042403FFA7C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{6421FAB2-B9B3-454F-AA54-FE578B685F26}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/24/2015 01:52:38 AM) (Source: ESENT) (EventID: 413) (User: )

Description: SettingSyncHost (8068) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

 

Error: (10/24/2015 01:52:38 AM) (Source: ESENT) (EventID: 488) (User: )

Description: SettingSyncHost (8068) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

 

Error: (10/24/2015 01:52:27 AM) (Source: ESENT) (EventID: 413) (User: )

Description: SettingSyncHost (8068) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

 

Error: (10/24/2015 01:52:27 AM) (Source: ESENT) (EventID: 488) (User: )

Description: SettingSyncHost (8068) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

 

Error: (10/24/2015 01:52:17 AM) (Source: ESENT) (EventID: 413) (User: )

Description: SettingSyncHost (8068) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

 

Error: (10/24/2015 01:52:17 AM) (Source: ESENT) (EventID: 488) (User: )

Description: SettingSyncHost (8068) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

 

Error: (10/24/2015 01:52:07 AM) (Source: ESENT) (EventID: 413) (User: )

Description: SettingSyncHost (8068) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

 

Error: (10/24/2015 01:52:07 AM) (Source: ESENT) (EventID: 488) (User: )

Description: SettingSyncHost (8068) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

 

Error: (10/24/2015 01:51:56 AM) (Source: ESENT) (EventID: 413) (User: )

Description: SettingSyncHost (8068) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

 

Error: (10/24/2015 01:51:56 AM) (Source: ESENT) (EventID: 488) (User: )

Description: SettingSyncHost (8068) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

 

 

System errors:

=============

Error: (10/24/2015 01:50:14 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (10/24/2015 01:50:13 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (10/24/2015 01:50:12 AM) (Source: DCOM) (EventID: 10005) (User: WAIHOE)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

 

CodeIntegrity:

===================================

  Date: 2015-10-15 23:22:39.977

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:37.285

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:36.747

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:36.736

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:36.724

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:36.710

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:36.049

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:36.019

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:34.632

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-10-15 23:22:33.927

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4770 CPU @ 3.40GHz

Percentage of memory in use: 12%

Total physical RAM: 16303.62 MB

Available physical RAM: 14283.1 MB

Total Virtual: 18735.62 MB

Available Virtual: 16684.62 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:118.18 GB) (Free:21.22 GB) NTFS

Drive d: (Waihoe) (Fixed) (Total:654.04 GB) (Free:113.67 GB) NTFS

Drive e: (Program Files) (Fixed) (Total:260.96 GB) (Free:188.64 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 0D79E4B4)

 

Partition: GPT.

 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 0D79E4A1)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Task: {9C396DCB-C863-4055-AE22-D624D40CF960} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
2015-10-24 01:50 - 2014-03-12 22:20 - 00000274 _____ C:\WINDOWS\Tasks\AutoKMS.job
C:\Windows\AutoKMS\AutoKMS.exe

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.