Need help with pop ups

[christ1986]

Hi,

 

Need help with pop up windows even though running AdBlock in Google Chrome.

 

Ran Malwarebytes last night and still having problems after detecting/deleting the files. Currently running another scan now.

 

Any help is appreciated.

 

Thank you

FRST.txt

Addition.txt

[LiquidTension]

Hello christ1986, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
• Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
• Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
• I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 

======================================================
 
After your scan with Malwarebytes Anti-Malware (MBAM) is complete, please carry out the instructions below. Please include the scan log from your latest MBAM scan as well. 
 
STEP 1
 Junkware Removal Tool (JRT)

• Please download Junkware Removal Tool and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click JRT.exe and select  Run as administrator to run the programme.
• Follow the prompts and allow the scan to run uninterrupted. 
• Upon completion, a log (JRT.txt) will open on your desktop.
• Re-enable your anti-virus software.
• Copy the contents of JRT.txt and paste in your next reply.
   

STEP 2
 AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select  Run as administrator to run the programme.
• Follow the prompts. 
• Click Scan. 
• Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate. 
• Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning. 
• Follow the prompts and allow your computer to reboot. 
• After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[s1].txt.
 
======================================================

STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• MBAM scan log
• JRT.txt
• AdwCleaner[C1].txt

[christ1986]

Hi Adam,

 

Thank you for the reply.

 

Malwarebytes still running - I cannot uninstall BitTorrent as it says "do not have sufficient access, please contact administrator", but I have disabled it from running whilst going through this process. Hope this is okay. Will action the above once the scan has finished.

 

Thanks again

 

Chris.

[christ1986]

MBAM scan log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 08/03/2016

Scan Time: 08:50

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.08.02

Rootkit Database: v2016.02.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: admin

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 475823

Time Elapsed: 1 hr, 5 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 12

PUP.Optional.ReMarkable, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [95bd7015752487afbbf341d75aaa4eb2], 

PUP.Optional.ReMarkable, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [9ab8d8adcecb3ef80da1e73159abfe02], 

PUP.Optional.PastaLeads, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [133f1570227737ff921c2a0bfc08ea16], 

PUP.Optional.PastaLeads, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [e171770ed4c5cc6a436b61d4e81c2cd4], 

PUP.Optional.BestPriceNinja, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [9db5dca96a2f5adc35c3acc0bd478977], 

PUP.Optional.BestPriceNinja, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [73dfe5a0663364d27682ea82fc083fc1], 

PUP.Optional.eShopComp, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Quarantined, [7ad8c6bf2376f24402dd99d835cf50b0], 

PUP.Optional.eShopComp, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [d280e3a25544191d9d42c4adee1606fa], 

PUP.Optional.CrossRider, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [c68ca8dd5f3a1026a6986f06d331718f], 

PUP.Optional.CrossRider, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [df73ceb77326e94d68d695e0cb39c739], 

PUP.Optional.UTop, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, Quarantined, [f2603352dbbe2d09e2178feecc3830d0], 

PUP.Optional.UTop, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Quarantined, [8cc689fc99002d0929d004795da7a060], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

•  
• JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.3 (02.09.2016)

Operating System: Windows 10 Pro x64 

Ran by admin (Administrator) on 08/03/2016 at 10:01:15.71

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 6 

 

Successfully deleted: C:\Users\admin\AppData\Local\installer (Folder) 

Successfully deleted: C:\Users\admin\AppData\Local\nico mak computing (Folder) 

Successfully deleted: C:\Users\admin\Appdata\LocalLow\company (Folder) 

Successfully deleted: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\isreaditlater@ideashower.com (Folder) 

Successfully deleted: C:\WINDOWS\system32\Tasks\SXJVXMRYODXGIOSL (Task)

Successfully deleted: C:\Program Files (x86)\GUT2D9F.tmp (File) 

 

 

 

Registry: 1 

 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57 (Registry Value) 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08/03/2016 at 10:06:42.24

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

• AdwCleaner[C3].txt

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 10:14:41

# Updated 07/03/2016 by Xplode

# Database : 2016-03-08.1 [server]

# Operating system : Windows 10 Pro  (x64)

# Username : admin - CHRISTHOMAS

# Running from : C:\Users\admin\Desktop\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage

[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

*************************

 

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5209 bytes] - [07/03/2016 23:04:21]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [2412 bytes] - [08/03/2016 07:54:53]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [1433 bytes] - [08/03/2016 10:14:41]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [330 bytes] - [07/03/2016 22:55:54]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s2].txt - [4909 bytes] - [07/03/2016 22:57:46]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s3].txt - [2182 bytes] - [08/03/2016 07:51:31]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s4].txt - [1790 bytes] - [08/03/2016 10:10:57]

 

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [1897 bytes] ##########

 

 

[LiquidTension]

Hi Chris, 
 

I have disabled it from running whilst going through this process. Hope this is okay.

Yes, this is OK.
 
Please rerun FRST. Ensure Addition.txt is checked and click Scan. Copy the contents of FRST.txt and Addition.txt and paste in your next reply.

[christ1986]

Great, thank you. Says post is too long with both FRST and Addition in reply. Here is FRST.txt

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by admin (administrator) on CHRISTHOMAS (08-03-2016 11:00:55)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Users\admin\Desktop\U1304.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6801.23751.0_x64__8wekyb3d8bbwe\HubTaskHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [bitTorrent] => C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41866.exe [1930760 2016-03-06] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2016-01-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2016-01-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2016-01-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2016-01-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2016-01-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2016-01-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-3515164915-2860861682-270758949-1000] => Proxy is enabled.
ProxyServer: [s-1-5-21-3515164915-2860861682-270758949-1000] => 127.0.0.1:9666
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{41f58f90-1dd7-44ce-84b8-bf08657bdb81}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{f3616251-e5cd-464b-9680-a976febf1f58}: [DhcpNameServer] 82.163.142.7
ManualProxies: 1127.0.0.1:9666

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130944121275451591&GUID=D0E5267B-FB82-43E1-BFD1-8C7953BE6032
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: YoutubeAdblocker -> {24E53A1A-B562-30F4-23A6-75DF529C4E4A} -> C:\Program Files (x86)\YoutubeAdblocker\THVtn7x.x64.dll => No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-04] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-10] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-10] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://uos-portal.salford.ac.uk/InternalSite/WhlCompMgr.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 9666
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 9666
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 9666
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 9666
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9666
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 0
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?src=hp&ssid=1449929700&a=1024132&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/O1DPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Add to Amazon Wish List Button - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\amznUWL2@amazon.com.xpi [2014-08-02] [not signed]
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\isreaditlater@ideashower.com [not found]
FF Extension: Media Hint - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\Extensions\mediahint@jetpack.xpi [2014-05-20] [not signed]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2015-12-06]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-12-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
CHR Extension: (Quora - Save to Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lllehdhoocnpkkhpnoonnpcfcjmnmlil [2015-12-15]
CHR Extension: (Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-16]
CHR Extension: (Save to Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Buffer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-03-02]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-03]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [619328 2013-06-29] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169280 2013-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2665496 2016-01-15] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 11:00 - 2016-03-08 11:02 - 00027012 _____ C:\Users\admin\Desktop\FRST.txt
2016-03-08 10:06 - 2016-03-08 10:06 - 00001220 _____ C:\Users\admin\Desktop\JRT.txt
2016-03-08 09:04 - 2016-03-08 10:10 - 01524224 _____ C:\Users\admin\Desktop\AdwCleaner.exe
2016-03-08 09:04 - 2016-03-08 10:01 - 01609216 _____ (Malwarebytes) C:\Users\admin\Desktop\JRT.exe
2016-03-08 08:43 - 2016-03-08 08:46 - 00052132 _____ C:\Users\admin\Downloads\Addition.txt
2016-03-08 08:40 - 2016-03-08 11:00 - 00000000 ____D C:\FRST
2016-03-08 08:40 - 2016-03-08 08:46 - 00075043 _____ C:\Users\admin\Downloads\FRST.txt
2016-03-08 08:39 - 2016-03-08 08:39 - 02374144 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2016-03-08 08:32 - 2016-03-08 08:32 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-07 22:55 - 2016-03-08 10:14 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-07 22:55 - 2016-03-07 22:55 - 01524224 _____ C:\Users\admin\Downloads\adwcleaner_5.101.exe
2016-03-04 21:24 - 2016-03-04 21:24 - 00003273 _____ C:\Users\admin\Downloads\citations (22).nbib
2016-03-04 20:00 - 2016-03-06 18:43 - 00090738 _____ C:\Users\admin\Desktop\Reliability for All Tests All Data Pooled.xlsx
2016-03-04 20:00 - 2016-03-04 20:00 - 00151141 _____ C:\Users\admin\Desktop\Reliability for All Tests by Group.xlsx
2016-03-03 17:38 - 2016-03-03 17:38 - 00000208 _____ C:\Users\admin\Downloads\scholar (35).enw
2016-03-03 17:18 - 2016-03-03 17:18 - 00000411 _____ C:\Users\admin\Downloads\scholar (34).enw
2016-03-03 17:18 - 2016-03-03 17:18 - 00000269 _____ C:\Users\admin\Downloads\scholar (33).enw
2016-03-03 14:16 - 2016-03-03 14:16 - 00000250 _____ C:\Users\admin\Downloads\scholar (32).enw
2016-03-03 14:15 - 2016-03-03 14:15 - 00000286 _____ C:\Users\admin\Downloads\scholar (30).enw
2016-03-03 14:15 - 2016-03-03 14:15 - 00000171 _____ C:\Users\admin\Downloads\scholar (31).enw
2016-03-03 11:54 - 2016-03-03 11:54 - 00002599 _____ C:\Users\Public\Desktop\GPower 3.1.lnk
2016-03-03 11:54 - 2016-03-03 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPower
2016-03-03 11:54 - 2016-03-03 11:54 - 00000000 ____D C:\Program Files (x86)\GPower 3.1
2016-03-03 11:51 - 2016-03-03 11:51 - 13451133 _____ C:\Users\admin\Downloads\GPowerWin_3.1.9.2.zip
2016-03-02 11:43 - 2016-03-02 11:43 - 00000309 _____ C:\Users\admin\Downloads\scholar (29).enw
2016-03-02 11:23 - 2016-03-02 11:23 - 00974491 _____ C:\Users\admin\Downloads\2016_ASCA_Conference_Delegate_Form.pdf
2016-03-02 10:15 - 2016-02-23 11:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 10:15 - 2016-02-23 10:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 10:15 - 2016-02-23 10:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 10:15 - 2016-02-23 09:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 10:15 - 2016-02-23 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 10:15 - 2016-02-23 08:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 10:15 - 2016-02-23 08:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 10:15 - 2016-02-23 07:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-02 10:15 - 2016-02-23 07:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 10:15 - 2016-02-23 07:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 10:15 - 2016-02-23 06:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 10:15 - 2016-02-23 06:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 10:15 - 2016-02-23 06:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 10:15 - 2016-02-23 06:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-02 10:15 - 2016-02-23 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 10:15 - 2016-02-23 06:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-02 10:15 - 2016-02-23 06:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-02 10:15 - 2016-02-23 06:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 10:15 - 2016-02-23 06:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 10:15 - 2016-02-09 03:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 10:15 - 2016-02-09 03:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 10:14 - 2016-02-23 11:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-02 10:14 - 2016-02-23 11:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-02 10:14 - 2016-02-23 11:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-02 10:14 - 2016-02-23 11:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-02 10:14 - 2016-02-23 10:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 10:14 - 2016-02-23 10:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 10:14 - 2016-02-23 10:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 10:14 - 2016-02-23 10:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-02 10:14 - 2016-02-23 09:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-02 10:14 - 2016-02-23 09:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 10:14 - 2016-02-23 09:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-02 10:14 - 2016-02-23 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 10:14 - 2016-02-23 08:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 10:14 - 2016-02-23 08:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 10:14 - 2016-02-23 08:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 10:14 - 2016-02-23 07:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 10:14 - 2016-02-23 07:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 10:14 - 2016-02-23 07:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-02 10:14 - 2016-02-23 07:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 10:14 - 2016-02-23 07:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 10:14 - 2016-02-23 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 10:14 - 2016-02-23 06:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 10:14 - 2016-02-23 06:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-02 10:14 - 2016-02-09 03:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 10:13 - 2016-02-23 11:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 10:13 - 2016-02-23 11:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 10:13 - 2016-02-23 11:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 10:13 - 2016-02-23 11:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 10:13 - 2016-02-23 11:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 10:13 - 2016-02-23 11:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 10:13 - 2016-02-23 11:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-02 10:13 - 2016-02-23 10:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 10:13 - 2016-02-23 10:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 10:13 - 2016-02-23 10:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 10:13 - 2016-02-23 10:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 10:13 - 2016-02-23 10:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 10:13 - 2016-02-23 10:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 10:13 - 2016-02-23 10:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 10:13 - 2016-02-23 10:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-02 10:13 - 2016-02-23 10:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 10:13 - 2016-02-23 10:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 10:13 - 2016-02-23 10:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 10:13 - 2016-02-23 10:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 10:13 - 2016-02-23 09:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 10:13 - 2016-02-23 09:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-02 10:13 - 2016-02-23 09:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-02 10:13 - 2016-02-23 09:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-02 10:13 - 2016-02-23 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 10:13 - 2016-02-23 09:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 10:13 - 2016-02-23 09:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 10:13 - 2016-02-23 09:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 10:13 - 2016-02-23 09:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 10:13 - 2016-02-23 09:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-02 10:13 - 2016-02-23 09:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 10:13 - 2016-02-23 09:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 10:13 - 2016-02-23 09:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 10:13 - 2016-02-23 09:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 10:13 - 2016-02-23 09:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 10:13 - 2016-02-23 09:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 10:13 - 2016-02-23 09:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 10:13 - 2016-02-23 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 10:13 - 2016-02-23 08:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 10:13 - 2016-02-23 08:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-02 10:13 - 2016-02-23 08:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 10:13 - 2016-02-23 08:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 10:13 - 2016-02-23 08:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 10:13 - 2016-02-23 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 10:13 - 2016-02-23 08:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 10:13 - 2016-02-23 08:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 10:13 - 2016-02-23 08:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 10:13 - 2016-02-23 08:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-02 10:13 - 2016-02-23 08:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 10:13 - 2016-02-23 08:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 10:13 - 2016-02-23 08:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 10:13 - 2016-02-23 08:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 10:13 - 2016-02-23 08:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 10:13 - 2016-02-23 08:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 10:13 - 2016-02-23 08:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 10:13 - 2016-02-23 08:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 10:13 - 2016-02-23 08:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-02 10:13 - 2016-02-23 08:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 10:13 - 2016-02-23 08:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-02 10:13 - 2016-02-23 08:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 10:13 - 2016-02-23 08:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 10:13 - 2016-02-23 08:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-02 10:13 - 2016-02-23 08:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 10:13 - 2016-02-23 08:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 10:13 - 2016-02-23 08:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-02 10:13 - 2016-02-23 08:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 10:13 - 2016-02-23 08:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 10:13 - 2016-02-23 08:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 10:13 - 2016-02-23 08:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 10:13 - 2016-02-23 08:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 10:13 - 2016-02-23 07:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 10:13 - 2016-02-23 07:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 10:13 - 2016-02-23 07:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 10:13 - 2016-02-23 07:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 10:13 - 2016-02-23 07:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-02 10:13 - 2016-02-23 07:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 10:13 - 2016-02-23 07:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 10:13 - 2016-02-23 07:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 10:13 - 2016-02-23 07:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 10:13 - 2016-02-23 07:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 10:13 - 2016-02-23 07:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-02 10:13 - 2016-02-23 07:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-02 10:13 - 2016-02-23 07:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 10:13 - 2016-02-23 07:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-02 10:13 - 2016-02-23 07:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-02 10:13 - 2016-02-23 07:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-02 10:13 - 2016-02-23 07:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 10:13 - 2016-02-23 07:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 10:13 - 2016-02-23 07:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 10:13 - 2016-02-23 07:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 10:13 - 2016-02-23 07:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 10:13 - 2016-02-23 07:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 10:13 - 2016-02-23 07:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 10:13 - 2016-02-23 07:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 10:13 - 2016-02-23 06:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 10:13 - 2016-02-23 06:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-02 10:13 - 2016-02-23 06:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 10:13 - 2016-02-23 06:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 10:13 - 2016-02-23 06:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 10:13 - 2016-02-23 06:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 10:13 - 2016-02-23 06:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 10:13 - 2016-02-23 06:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-02 10:13 - 2016-02-23 06:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 10:13 - 2016-02-23 06:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 10:13 - 2016-02-23 06:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 10:13 - 2016-02-23 06:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 10:13 - 2016-02-23 06:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-02 10:13 - 2016-02-09 04:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 10:13 - 2016-02-09 03:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 10:13 - 2016-02-09 03:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 10:12 - 2016-02-23 11:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 10:12 - 2016-02-23 11:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 10:12 - 2016-02-23 11:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 10:12 - 2016-02-23 10:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 10:12 - 2016-02-23 10:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 10:12 - 2016-02-23 10:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 10:12 - 2016-02-23 09:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-02 10:12 - 2016-02-23 09:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-02 10:12 - 2016-02-23 09:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-02 10:12 - 2016-02-23 09:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 10:12 - 2016-02-23 09:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 10:12 - 2016-02-23 09:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 10:12 - 2016-02-23 09:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 10:12 - 2016-02-23 09:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 10:12 - 2016-02-23 09:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 10:12 - 2016-02-23 09:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 10:12 - 2016-02-23 09:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 10:12 - 2016-02-23 09:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 10:12 - 2016-02-23 09:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 10:12 - 2016-02-23 09:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 10:12 - 2016-02-23 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 10:12 - 2016-02-23 09:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 10:12 - 2016-02-23 08:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-02 10:12 - 2016-02-23 08:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 10:12 - 2016-02-23 08:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-02 10:12 - 2016-02-23 08:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 10:12 - 2016-02-23 08:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-02 10:12 - 2016-02-23 08:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-02 10:12 - 2016-02-23 08:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 10:12 - 2016-02-23 08:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 10:12 - 2016-02-23 08:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-02 10:12 - 2016-02-23 08:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 10:12 - 2016-02-23 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 10:12 - 2016-02-23 08:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 10:12 - 2016-02-23 08:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 10:12 - 2016-02-23 08:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 10:12 - 2016-02-23 08:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 10:12 - 2016-02-23 08:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 10:12 - 2016-02-23 08:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 10:12 - 2016-02-23 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 10:12 - 2016-02-23 08:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 10:12 - 2016-02-23 08:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-02 10:12 - 2016-02-23 08:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-02 10:12 - 2016-02-23 08:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-02 10:12 - 2016-02-23 08:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 10:12 - 2016-02-23 08:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 10:12 - 2016-02-23 08:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-02 10:12 - 2016-02-23 08:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 10:12 - 2016-02-23 08:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 10:12 - 2016-02-23 08:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 10:12 - 2016-02-23 08:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 10:12 - 2016-02-23 08:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-02 10:12 - 2016-02-23 08:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-02 10:12 - 2016-02-23 08:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 10:12 - 2016-02-23 08:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 10:12 - 2016-02-23 08:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 10:12 - 2016-02-23 08:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 10:12 - 2016-02-23 07:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 10:12 - 2016-02-23 07:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 10:12 - 2016-02-23 07:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-02 10:12 - 2016-02-23 07:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 10:12 - 2016-02-23 07:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 10:12 - 2016-02-23 07:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 10:12 - 2016-02-23 07:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-02 10:12 - 2016-02-23 07:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 10:12 - 2016-02-23 07:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 10:12 - 2016-02-23 07:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 10:12 - 2016-02-23 07:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 10:12 - 2016-02-23 07:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 10:12 - 2016-02-23 07:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-02 10:12 - 2016-02-23 07:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 10:12 - 2016-02-23 07:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 10:12 - 2016-02-23 06:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 10:12 - 2016-02-23 06:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 10:12 - 2016-02-09 04:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 10:12 - 2016-02-09 03:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 16:42 - 2016-03-01 16:43 - 03739061 _____ C:\Users\admin\Downloads\The Science of Rugby.pdf
2016-02-29 11:59 - 2016-02-29 12:00 - 00002584 _____ C:\Users\admin\Downloads\citations (21).nbib
2016-02-28 12:55 - 2016-02-28 12:55 - 00217281 _____ C:\Users\admin\Documents\Netball ANOVA Output.spv
2016-02-27 16:57 - 2016-02-27 16:57 - 00418304 _____ C:\Users\admin\Downloads\xrely (1).xls
2016-02-27 15:45 - 2016-02-29 12:22 - 00151156 _____ C:\Users\admin\Desktop\Reliability for All Tests.xlsx
2016-02-27 13:16 - 2016-02-27 13:16 - 00234990 _____ C:\Users\admin\Desktop\Netball Reliability Testing.xlsx
2016-02-27 10:39 - 2016-02-27 10:39 - 00003880 _____ C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57}
2016-02-26 16:51 - 2016-02-26 16:51 - 00000260 _____ C:\Users\admin\Downloads\scholar (28).enw
2016-02-26 12:54 - 2016-02-26 12:54 - 00000258 _____ C:\Users\admin\Downloads\scholar (27).enw
2016-02-26 12:53 - 2016-02-26 12:53 - 00000329 _____ C:\Users\admin\Downloads\scholar (26).enw
2016-02-26 12:48 - 2016-02-26 12:48 - 00002036 _____ C:\Users\admin\Downloads\CitationList (1).enw
2016-02-26 12:39 - 2016-02-26 12:39 - 00001938 _____ C:\Users\admin\Downloads\CitationList.enw
2016-02-25 19:33 - 2016-02-25 19:33 - 00000332 _____ C:\Users\admin\Downloads\scholar (25).enw
2016-02-25 19:32 - 2016-02-25 19:32 - 00000392 _____ C:\Users\admin\Downloads\scholar (24).enw
2016-02-25 19:28 - 2016-02-25 19:28 - 00000303 _____ C:\Users\admin\Downloads\scholar (23).enw
2016-02-25 09:31 - 2016-02-25 09:31 - 00001299 _____ C:\Users\admin\Desktop\Dropbox.lnk
2016-02-25 07:24 - 2016-02-25 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-24 14:06 - 2016-02-24 14:06 - 00139109 _____ C:\Users\admin\Downloads\sports-04-00004.pdf
2016-02-24 10:03 - 2016-02-24 10:03 - 00000311 _____ C:\Users\admin\Downloads\scholar (22).enw
2016-02-24 09:25 - 2016-02-24 09:26 - 05901650 _____ C:\Users\admin\Downloads\National_Strength_and_Conditioning_Association.1.pdf
2016-02-24 09:23 - 2016-02-24 09:23 - 00369183 _____ C:\Users\admin\Downloads\Specific_Training_Effects_of_Concurrent_Aerobic.10.pdf
2016-02-23 21:14 - 2016-02-23 21:14 - 00002895 _____ C:\Users\admin\Downloads\citations (19).nbib
2016-02-23 21:14 - 2016-02-23 21:14 - 00002063 _____ C:\Users\admin\Downloads\citations (20).nbib
2016-02-23 21:13 - 2016-02-23 21:13 - 00003208 _____ C:\Users\admin\Downloads\citations (18).nbib
2016-02-23 21:13 - 2016-02-23 21:13 - 00002883 _____ C:\Users\admin\Downloads\citations (16).nbib
2016-02-23 21:13 - 2016-02-23 21:13 - 00002747 _____ C:\Users\admin\Downloads\citations (17).nbib
2016-02-23 21:12 - 2016-02-23 21:12 - 00003559 _____ C:\Users\admin\Downloads\citations (15).nbib
2016-02-23 21:11 - 2016-02-23 21:11 - 00002955 _____ C:\Users\admin\Downloads\citations (14).nbib
2016-02-23 21:08 - 2016-02-23 21:08 - 00003371 _____ C:\Users\admin\Downloads\citations (13).nbib
2016-02-23 21:07 - 2016-02-23 21:07 - 00003563 _____ C:\Users\admin\Downloads\citations (12).nbib
2016-02-23 21:07 - 2016-02-23 21:07 - 00003373 _____ C:\Users\admin\Downloads\citations (11).nbib
2016-02-23 21:06 - 2016-02-23 21:06 - 00005225 _____ C:\Users\admin\Downloads\citations (10).nbib
2016-02-23 21:05 - 2016-02-23 21:05 - 00005028 _____ C:\Users\admin\Downloads\citations (9).nbib
2016-02-23 21:05 - 2016-02-23 21:05 - 00002979 _____ C:\Users\admin\Downloads\citations (8).nbib
2016-02-23 21:03 - 2016-02-23 21:03 - 00000222 _____ C:\Users\admin\Downloads\scholar (21).enw
2016-02-23 20:57 - 2016-02-23 20:57 - 00002798 _____ C:\Users\admin\Downloads\endnote-citations (3).enw
2016-02-23 20:56 - 2016-02-23 20:56 - 00003276 _____ C:\Users\admin\Downloads\citations (7).nbib
2016-02-23 20:55 - 2016-02-23 20:55 - 00002403 _____ C:\Users\admin\Downloads\citations (6).nbib
2016-02-23 20:54 - 2016-02-23 20:54 - 00003118 _____ C:\Users\admin\Downloads\endnote-citations (2).enw
2016-02-23 20:52 - 2016-02-23 20:52 - 00000270 _____ C:\Users\admin\Downloads\scholar (20).enw
2016-02-23 20:51 - 2016-02-23 20:51 - 00000311 _____ C:\Users\admin\Downloads\scholar (19).enw
2016-02-23 20:42 - 2016-02-23 20:42 - 00000355 _____ C:\Users\admin\Downloads\scholar (18).enw
2016-02-23 20:40 - 2016-02-23 20:40 - 00000629 _____ C:\Users\admin\Downloads\sciencea1caacda.ris
2016-02-23 20:40 - 2016-02-23 20:40 - 00000604 _____ C:\Users\admin\Downloads\science7d8c9efc.ris
2016-02-23 19:59 - 2016-02-23 19:59 - 00000662 _____ C:\Users\admin\Downloads\scienceb4114d8a.ris
2016-02-23 19:46 - 2016-02-23 19:46 - 00000845 _____ C:\Users\admin\Downloads\10.1007%2Fs00167-010-1233-y.enw
2016-02-23 19:45 - 2016-02-23 19:45 - 00003244 _____ C:\Users\admin\Downloads\citations (5).nbib
2016-02-23 14:29 - 2016-02-23 14:29 - 00002388 _____ C:\Users\admin\Downloads\endnote-citations (1).enw
2016-02-23 14:28 - 2016-02-23 14:28 - 00002238 _____ C:\Users\admin\Downloads\endnote-citations.enw
2016-02-23 14:25 - 2016-02-23 14:25 - 00002853 _____ C:\Users\admin\Downloads\pmcid-PMC3418952.ris
2016-02-23 14:24 - 2016-02-23 14:24 - 00002192 _____ C:\Users\admin\Downloads\pmcid-PMC3399059.ris
2016-02-23 14:22 - 2016-02-23 14:22 - 00000681 _____ C:\Users\admin\Downloads\europepmc.ris
2016-02-23 14:22 - 2016-02-23 14:22 - 00000485 _____ C:\Users\admin\Downloads\science937a25c7.ris
2016-02-23 14:21 - 2016-02-23 14:21 - 00000524 _____ C:\Users\admin\Downloads\science9c24cd5b.ris
2016-02-23 14:17 - 2016-02-23 14:17 - 00000664 _____ C:\Users\admin\Downloads\marlin_jjek24_710.ris
2016-02-23 14:16 - 2016-02-23 14:16 - 00000548 _____ C:\Users\admin\Downloads\downloadCitation (2).RIS
2016-02-23 14:14 - 2016-02-23 14:14 - 00000605 _____ C:\Users\admin\Downloads\downloadCitation (1).RIS
2016-02-23 13:37 - 2016-02-23 13:37 - 00000603 _____ C:\Users\admin\Downloads\downloadCitation.RIS
2016-02-21 17:26 - 2016-02-21 17:26 - 00000277 _____ C:\Users\admin\Downloads\scholar (17).enw
2016-02-21 17:25 - 2016-02-21 17:25 - 00000344 _____ C:\Users\admin\Downloads\scholar (16).enw
2016-02-21 17:23 - 2016-02-21 17:23 - 00000181 _____ C:\Users\admin\Downloads\scholar (15).enw
2016-02-21 17:15 - 2016-02-21 17:15 - 00000260 _____ C:\Users\admin\Downloads\scholar (14).enw
2016-02-20 14:38 - 2016-02-20 14:38 - 32616696 _____ ({code:GDConstant/CompanyName} ) C:\Users\admin\Downloads\RecoverMyFiles-Setup.exe
2016-02-19 17:00 - 2016-02-19 17:00 - 02133446 _____ C:\Users\admin\Downloads\JSCR-S-16-00250.pdf
2016-02-19 09:52 - 2016-02-19 10:09 - 00234832 _____ C:\Users\admin\Desktop\February Testing Input Sheet 19-02-16.xlsx
2016-02-16 14:52 - 2016-02-26 09:51 - 00000000 ____D C:\Users\admin\Desktop\February Testing
2016-02-15 19:44 - 2016-02-15 19:44 - 00027731 _____ C:\Users\admin\Downloads\EAF 70 - Fitness Report Dashboard with SWC and CondFormats (1).xlsx
2016-02-15 19:43 - 2016-02-15 19:44 - 00027731 _____ C:\Users\admin\Downloads\EAF 70 - Fitness Report Dashboard with SWC and CondFormats.xlsx
2016-02-13 17:31 - 2016-02-13 18:23 - 00012155 _____ C:\Users\admin\Downloads\Paired-Effect-Size-Calculator.xlsx
2016-02-13 17:25 - 2016-02-13 17:25 - 00532583 _____ C:\Users\admin\Downloads\art%3A10.1007%2Fs40279-015-0350-7.pdf
2016-02-11 19:08 - 2016-02-11 19:08 - 00418304 _____ C:\Users\admin\Downloads\xrely.xls
2016-02-11 17:43 - 2016-02-11 17:43 - 00109056 _____ C:\Users\admin\Downloads\xcl.xls
2016-02-10 19:42 - 2016-01-29 06:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 19:42 - 2016-01-29 06:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 19:42 - 2016-01-27 06:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 19:42 - 2016-01-27 06:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 19:42 - 2016-01-27 05:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 19:42 - 2016-01-27 05:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 19:42 - 2016-01-27 05:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 19:42 - 2016-01-27 05:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 19:42 - 2016-01-27 05:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 19:42 - 2016-01-27 05:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 19:42 - 2016-01-27 05:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 19:42 - 2016-01-27 05:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 19:42 - 2016-01-27 05:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 19:42 - 2016-01-27 05:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 19:42 - 2016-01-27 05:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 19:42 - 2016-01-27 05:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 19:42 - 2016-01-27 05:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 19:42 - 2016-01-27 05:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 19:42 - 2016-01-27 05:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 19:42 - 2016-01-27 05:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 19:42 - 2016-01-27 05:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 19:42 - 2016-01-27 05:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 19:42 - 2016-01-27 05:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 19:42 - 2016-01-27 05:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 19:42 - 2016-01-27 04:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 19:42 - 2016-01-27 04:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 19:42 - 2016-01-27 04:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 19:42 - 2016-01-27 04:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 19:42 - 2016-01-27 04:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 19:42 - 2016-01-27 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 19:42 - 2016-01-27 04:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 19:42 - 2016-01-27 04:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 19:42 - 2016-01-27 04:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 19:42 - 2016-01-27 04:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 13:35 - 2016-02-09 13:35 - 00124998 _____ C:\Users\admin\Downloads\Performance Characteristics_according_playing_position_soccer.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 11:03 - 2013-09-28 18:01 - 00000600 _____ C:\Users\admin\PUTTY.RND
2016-03-08 10:48 - 2014-06-28 16:23 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job
2016-03-08 10:38 - 2012-08-19 02:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-08 10:37 - 2016-02-04 08:32 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-08 10:36 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 10:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-08 10:31 - 2015-12-10 13:19 - 00000000 ____D C:\Users\admin\Desktop\utmp
2016-03-08 10:22 - 2015-06-17 09:03 - 00000000 ____D C:\Users\admin\AppData\Local\Dropbox
2016-03-08 10:22 - 2013-06-28 20:13 - 00000000 ___RD C:\Users\admin\Dropbox
2016-03-08 10:19 - 2015-12-14 11:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-08 10:17 - 2013-06-29 17:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2016-03-08 10:16 - 2013-07-04 14:18 - 00000503 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-03-08 10:15 - 2016-01-16 04:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-08 10:15 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-08 09:45 - 2015-12-15 06:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-03-08 08:48 - 2014-06-28 16:23 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job
2016-03-08 08:46 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-08 08:37 - 2015-12-13 11:24 - 01392652 _____ C:\WINDOWS\SPSS 17 Uninstall Log.txt
2016-03-08 08:33 - 2015-12-12 21:16 - 00618676 _____ C:\WINDOWS\ntbtlog.txt
2016-03-08 08:28 - 2015-12-20 17:40 - 00000000 ____D C:\Program Files (x86)\SPSS 17
2016-03-08 08:24 - 2016-01-15 12:13 - 00000000 ____D C:\Program Files (x86)\EndNote X7
2016-03-08 08:24 - 2013-11-03 17:03 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2016-03-08 08:22 - 2016-02-04 09:59 - 00000000 ____D C:\ProgramData\TechSmith
2016-03-08 08:22 - 2015-08-17 12:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-08 08:15 - 2016-01-16 04:12 - 01013696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-08 07:09 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-03-07 23:05 - 2016-01-16 04:13 - 00000000 ____D C:\Users\admin
2016-03-07 22:27 - 2015-12-10 13:19 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B2598D4-4884-43E4-9D3C-7205A56A6923}
2016-03-07 22:02 - 2014-01-13 10:28 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2016-03-03 17:40 - 2014-04-23 12:57 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2016-03-03 15:23 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-02 21:37 - 2015-08-17 12:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-02 21:22 - 2016-01-16 04:03 - 05036008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-02 21:19 - 2015-10-30 09:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-02 21:19 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-02 21:19 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-02 21:19 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-02 11:23 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-27 20:12 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\addins
2016-02-27 19:46 - 2014-09-03 09:07 - 00000000 ____D C:\Users\admin\AppData\Local\Citrix
2016-02-25 09:50 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-25 09:45 - 2012-08-19 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-25 07:26 - 2015-09-08 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-24 20:40 - 2013-06-28 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2016-02-23 16:14 - 2016-02-04 10:03 - 00000000 ____D C:\Users\admin\Documents\Snagit
2016-02-20 13:25 - 2013-10-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Ballistic Measurement System
2016-02-20 10:39 - 2015-08-17 12:47 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 10:39 - 2014-05-28 11:07 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 17:04 - 2016-01-29 19:15 - 00112540 ____H C:\Users\admin\AppData\Local\IconCache.db.backup
2016-02-17 20:21 - 2015-11-19 21:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 16:29 - 2013-07-24 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-13 09:21 - 2012-08-19 01:50 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-08 15:48 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2013-11-03 15:47 - 2014-01-15 10:00 - 0000113 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2013-12-31 16:04 - 2014-01-03 10:31 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 15:47 - 2014-01-15 10:00 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2014-04-21 10:50 - 2014-10-05 17:24 - 0007168 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-21 21:35 - 2011-11-21 21:35 - 0010275 _____ () C:\ProgramData\regid.1995-04.com.kistler_2B134736-2DB6-488E-BB15-FC19631EE635.swidtag
2011-11-22 13:54 - 2011-11-22 13:54 - 0010260 _____ () C:\ProgramData\regid.1995-04.com.kistler_FE724B72-8B8B-4B49-85FE-24AC4E84CC09.swidtag

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 10:39

==================== End of FRST.txt ============================

[christ1986]

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by admin (2016-03-08 11:03:35)
Running from C:\Users\admin\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-16 04:36:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-3515164915-2860861682-270758949-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3515164915-2860861682-270758949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515164915-2860861682-270758949-503 - Limited - Disabled)
Guest (S-1-5-21-3515164915-2860861682-270758949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3515164915-2860861682-270758949-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{935D195D-0E7A-3D63-5B66-70E6D13E6C03}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
Ballistic Measurement System (HKLM-x32\...\Ballistic Measurement System_is1) (Version: 2015.0.0 - Innervations)
BitTorrent (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverIdentifier 4.2.7 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Freemake Video Converter version 4.1.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.1 - Ellora Assets Corporation)
G*Power 3.1.9.2 (HKLM-x32\...\{F9C59D86-6F65-4EDB-89A2-FBA1F78762D2}) (Version: 3.1.92 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kinovea (HKLM-x32\...\Kinovea) (Version: 0.8.15 - Kinovea)
Kistler BioWare (HKLM-x32\...\{DABF95C0-16FB-4493-BBB2-B050B4E6C982}) (Version: 5.1.1.0 - Kistler Instrument Group)
Kistler DataServer (HKLM-x32\...\{0479EFA6-278B-4031-9004-BFEF8EEE3415}) (Version: 1.3.0.2002 - Kistler Instrument Group)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MedCalc (HKLM\...\{857F80E2-6F15-4F6F-A20F-5D70747ABE78}) (Version: 15.11.4 - MedCalc Software)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Qualys BrowserCheck (HKLM-x32\...\{80112B33-B9C0-424C-8C9C-7684C238325E}) (Version: 1.1.1 - Qualys)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
Visual3D v5 Educational Textbook Version (HKLM-x32\...\{C27B0E0C-87A7-4723-94A3-0C43F79F1582}_is1) (Version: 5.00.26 - C-Motion, Inc.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F30436-9EBF-4948-8799-D50E0C74440D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {0C39006D-7063-4CCD-B601-34F47ECA16EE} - System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)
Task: {0C65352E-53D8-4B7D-A441-CE3712B05573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0FCB86A0-0086-4742-BD3A-943A1EDB0088} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {12BC0AE8-37EE-46F1-9C0A-A9BEE258CC28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {191C4972-F4DE-4FED-A12C-BB5121E8C9D8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1C408272-3246-4CDC-93E9-405A4A13EE17} - System32\Tasks\{8D2D7D51-DEA4-4840-BD91-7495A7F85ED3} => pcalua.exe -a C:\Users\admin\Downloads\chromeinstall-8u40.exe -d C:\Users\admin\Downloads
Task: {1DB03B80-DAB6-452F-AD59-40BBD215BAC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F6808B2-08FD-4392-B127-5DDEF786A890} - System32\Tasks\{063A0F41-9B35-450D-A49B-B89A237A427F} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {24AF0F45-0C06-4A68-A941-81F1212CAE9A} - System32\Tasks\{3E6BB2CE-BD98-4E94-B6C5-116FE3E6625C} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {26525853-27B4-4655-9285-735162100E05} - System32\Tasks\{D4F5AE6C-9830-4EC0-9E37-1A36ABAE145F} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {2DF070CA-206A-4B5C-B8BC-787CDA9A3458} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {3994D9BC-40C4-4700-AA58-74A1A8AB7875} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3FAF17D6-A004-410D-9EC1-CBB90B5DF3A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {41B777DE-65CF-4B88-8DC6-88B2E81699A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C7C3A89-124E-4A53-B92D-194ECE851344} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {687A5D15-A26C-41CF-A40E-39F239AD3952} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8A973949-A47E-4A9E-AF3A-6D6DCEBEF2A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8D5EEB58-929C-4081-AEFE-E8DF4980F972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9164F315-934D-4E8A-862A-F30703B5702F} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {9AA6BC5F-CC27-4F32-9C23-92C17CC1F737} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {9E51DD61-2299-4564-B918-1DBB6AEAC8C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A5C25BDB-3DFB-4423-BD83-22B7A514ED63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AF057B59-7DD3-4856-A393-97A398034352} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-25] (Microsoft Corporation)
Task: {B34E784E-E07B-4AE3-A2E8-F11509E0371D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B7C81D7F-3FE3-4092-8EEF-CA54422D3108} - System32\Tasks\{5B12BB56-6629-429F-A780-5F4926CE1213} => pcalua.exe -a E:\BioWare5_1_1\InstaCal_setup_v622.exe -d E:\BioWare5_1_1
Task: {C3543460-945B-4E23-9EED-FF31D9C4DC72} - System32\Tasks\{E35AD483-8B30-4C79-B0F9-5EA57C5A57E3} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {DCACE629-14B6-470E-ACEF-33FA4D4C97C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {E04AF9E2-DF15-4C68-A5C9-0795C2756EB9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-13] (Microsoft Corporation)
Task: {E09A24CF-42FB-4202-A728-DD2D1A7EDE60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E1D608CB-B1E9-407A-9C5E-37B9B3736F1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {E7774606-2E3C-4D5E-BD6C-9EFE5231C110} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F2C24A68-CD60-4C01-AB33-986DB8EA643F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FA090E4B-733E-4BD7-B7F5-3EBE6B99931F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FB8BB324-7920-42AE-BE28-B96B0DFADD3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-18 13:21 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-02 10:13 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 10:13 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-25 09:42 - 2016-02-04 13:53 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-12-04 13:08 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2016-01-16 11:56 - 2016-01-16 11:56 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 10:13 - 2016-02-23 08:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-16 11:56 - 2016-01-16 11:56 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 11:56 - 2016-01-16 11:56 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:14 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:14 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-16 11:56 - 2016-01-16 11:56 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-22 14:06 - 2016-01-22 14:06 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2013-12-24 13:42 - 2013-12-24 13:42 - 02016992 _____ () C:\Users\admin\Desktop\U1304.exe
2016-02-25 07:24 - 2016-01-12 18:44 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-25 07:23 - 2016-01-12 18:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-02-25 07:23 - 2016-01-12 18:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-25 07:24 - 2016-01-12 18:44 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-25 07:24 - 2016-01-12 18:44 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-25 07:24 - 2016-01-12 18:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-02-25 07:23 - 2016-01-12 18:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-25 07:24 - 2016-02-16 18:39 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-25 07:24 - 2016-01-12 18:44 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-02-25 07:23 - 2016-02-16 18:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-25 07:24 - 2016-01-12 18:45 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-25 07:23 - 2016-02-16 18:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-02-25 07:23 - 2016-02-16 18:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-25 07:23 - 2016-01-12 18:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-25 07:24 - 2016-01-12 18:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-25 07:24 - 2016-01-12 18:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-25 07:24 - 2016-01-12 18:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-25 07:24 - 2016-01-12 18:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-25 07:24 - 2016-01-12 18:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-02-25 07:23 - 2016-02-16 18:38 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-02-25 07:23 - 2016-01-12 18:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-25 07:23 - 2016-02-16 18:39 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-02-25 07:23 - 2015-11-05 00:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-02-25 07:24 - 2016-02-16 18:39 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-25 07:24 - 2016-01-12 18:44 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-02-25 07:23 - 2016-01-12 18:44 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-02-25 07:23 - 2016-01-12 18:45 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-02-25 07:23 - 2016-02-16 18:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-25 07:24 - 2016-01-12 18:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-25 07:24 - 2016-02-16 18:39 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-02-25 07:23 - 2016-02-16 18:39 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-25 07:24 - 2016-01-12 18:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-02-25 07:23 - 2016-01-12 18:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-02-25 07:23 - 2016-01-12 18:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-02-25 07:23 - 2016-02-16 18:39 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-02-25 07:23 - 2016-02-16 18:39 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-02-25 07:23 - 2016-01-12 18:52 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-01-22 14:06 - 2016-01-22 14:06 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 14:06 - 2016-01-22 14:06 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\google.com -> hxxps://accounts.google.com
IE trusted site: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\sharepoint.com -> hxxps://testlivesalfordac.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2015-12-12 14:15 - 00000966 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [uDP Query User{52288698-5AF7-47A1-8E0A-198A76EF9335}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8894236E-F9DE-40BB-A439-BAD8ED37E334}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [uDP Query User{32D14826-74EB-4A47-9150-6C05846D59C8}C:\program files (x86)\spss 17\statistics.exe] => (Allow) C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [TCP Query User{827FE4FA-D5FC-4B40-A45C-3DC61D91D1C0}C:\program files (x86)\spss 17\statistics.exe] => (Allow) C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [uDP Query User{40FDBA4C-191A-443B-8C52-9D92AA7C10EE}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{C202D075-A98D-4505-82ED-3D1B88FE1EFF}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [uDP Query User{6672CDAE-E4B6-4067-A10C-6E27096B4828}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [TCP Query User{6C7DE365-ED90-4284-BDE1-D02BC4BD5622}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [{FE7968EC-ED7E-4B94-A254-BB3C579E55BC}] => (Allow) LPort=139
FirewallRules: [{243A7294-420C-4CF3-BE71-E0950DA09FC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BEB4A2AA-7832-4645-BAF1-96474FA0C946}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{559F5A6D-B143-4C85-99CB-468057135901}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{F12CFC3D-6CDC-4F3B-B7B4-1D69B6723885}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E7DAC4B4-A4A5-4D64-9C82-DD941F6D9719}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{8BF7801A-7790-4A0F-9B58-658CD371A279}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{EB47B5F2-BEBC-42F1-9034-ED9F932E94A3}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{2B2C2FC8-160F-4443-B4B0-E0A3221342D7}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F83C5337-0457-452A-A24D-4812009FA5FF}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{1668F5F6-0978-4A8A-A754-6FE43EE6657F}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26710DAA-2F12-497D-AF3A-C61D2CF3014C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CDAAF369-D93D-4915-BD0A-FB4109175D23}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CCFCAAC0-340A-42B9-A669-4E704BB4EF8B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F9C6B979-F9F9-4736-9891-82FF67832E87}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D9D7880B-6CE3-474C-9A55-297D5E6123DF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{EAC9C857-E2E6-412F-9503-90A3F855B738}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{616C30D4-AD21-4853-ADF5-8D735ABA2A8C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{0C5FA3AD-D205-469B-82C8-6E8CB1EF0492}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E81A3D57-1911-4942-B595-2481BF14B613}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D86B63CE-5FEA-4B3F-A070-BB3CDDA45E75}] => (Allow) C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{566AE3BC-650D-4F36-B3F2-E45E10648303}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{242ADDA0-69C1-4882-AB7D-1003F0BEFA92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B33E406F-E833-4E06-A488-BCF0923A1284}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE4CAE57-0DFB-4D07-B6AF-C5CB244D4F0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F3CFD3E-C3AC-40F8-8D6F-452699C360B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{87B7C276-6209-4EAE-90F5-8C036B000673}] => (Allow) LPort=2869
FirewallRules: [{E3031186-17B1-4FAA-89F3-8B0798B66089}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{3064164E-A20D-41EE-8D6E-3B3BBED8EC5C}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{41182754-764E-42F7-B038-C349BA3BC621}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7EEE148F-428C-420C-923B-4647CD2F8B06}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EC5B5E21-EEA4-4B13-9A0F-982C3DAE6035}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02D3633F-245A-460F-A12F-66477E2B407E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F27E1DFA-AC39-48A2-90DD-C70AD91932CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{EB9CCC71-30D4-4D32-A7F3-6B5432A619DF}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Block) C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [uDP Query User{3B2D19C3-950D-4BC3-A974-20A4A34896DE}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Block) C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [{FF024EF9-B273-4A13-B2B7-53E01374ECBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7557AB7C-839A-48E9-89A2-51ED55729B62}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{021D5901-FA7B-4AA5-BD0B-6C359E9B8A2D}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41713.exe
FirewallRules: [{5DC0FCAD-0A60-42A5-B39E-EDB4544059BC}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41713.exe
FirewallRules: [TCP Query User{7E8EABF0-44DE-4A64-BD1E-15436BEEC81A}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Block) C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [uDP Query User{28F5C1B4-9575-4299-88E2-FECEBFC6E8E3}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Block) C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe

==================== Restore Points =========================

10-02-2016 19:46:41 Windows Update
27-02-2016 09:06:27 Scheduled Checkpoint
02-03-2016 11:16:32 Windows Update
02-03-2016 11:17:55 Windows Update
03-03-2016 11:53:30 Installed G*Power 3.1.9.2
08-03-2016 08:19:42 Snagit 12
08-03-2016 10:01:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2016 10:01:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/08/2016 08:32:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/08/2016 08:28:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uninstall.exe version 8.1.1000.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4d8

Start Time: 01d17913f552a350

Termination Time: 16

Application Path: C:\Windows\SPSS 17\uninstall.exe

Report Id: c6a2fb2a-e507-11e5-9bdd-402cf4fe5a60

Faulting package full name:

Faulting package-relative application ID:

Error: (03/08/2016 08:20:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/08/2016 07:40:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1875

Error: (03/08/2016 07:26:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1875

Error: (03/08/2016 07:26:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2016 12:25:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6219

Error: (03/08/2016 12:25:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6219

Error: (03/08/2016 12:25:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/08/2016 10:16:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uagqecsvc service failed to start due to the following error:
%%1053

Error: (03/08/2016 10:16:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the uagqecsvc service to connect.

Error: (03/08/2016 10:16:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (03/08/2016 10:15:52 AM) (Source: hpdskflt) (EventID: 1001) (User: )
Description:

Error: (03/08/2016 10:15:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (03/08/2016 10:15:09 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/08/2016 10:15:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4151f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/08/2016 10:15:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4151f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/08/2016 10:15:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4151f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/08/2016 10:15:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4151f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2016-03-08 11:03:28.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:03:28.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:03:28.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:03:28.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:03:28.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:03:27.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:03:27.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:02:44.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 11:02:43.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 10:03:23.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 49%
Total physical RAM: 4046.35 MB
Available physical RAM: 2041.83 MB
Total Virtual: 8142.35 MB
Available Virtual: 5725.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.5 GB) (Free:171.19 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:880.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6A6731BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=507 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 81B13894)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[LiquidTension]

Hi Chris, 
 
Do you recognise the following proxy settings?

ProxyServer: [S-1-5-21-3515164915-2860861682-270758949-1000] => 127.0.0.1:9666FF NetworkProxy: "backup.ftp", "127.0.0.1"FF NetworkProxy: "backup.ftp_port", 9666FF NetworkProxy: "backup.socks", "127.0.0.1"FF NetworkProxy: "backup.socks_port", 9666FF NetworkProxy: "backup.ssl", "127.0.0.1"FF NetworkProxy: "backup.ssl_port", 9666FF NetworkProxy: "ftp", "127.0.0.1"FF NetworkProxy: "ftp_port", 9666FF NetworkProxy: "http", "127.0.0.1"FF NetworkProxy: "http_port", 9666FF NetworkProxy: "no_proxies_on", ""FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "127.0.0.1"FF NetworkProxy: "socks_port", 9666FF NetworkProxy: "ssl", "127.0.0.1"FF NetworkProxy: "ssl_port", 9666FF NetworkProxy: "type", 0

[christ1986]

Hi Adam,

 

It might be that I am running a VPN as I cannot open any pages without the virus'/pop-ups showing using my normal internet. Do you need me to close/remove it?

 

Thanks again

 

Chris

[LiquidTension]

Hello, 

 

Yes, please disable your VPN. Rerun FRST whilst connected to the Internet normally. Ensure Addition.txt is checked and click Scan. This time, please attach FRST.txt and Addition.txt in your next post. If you wish to reconnect to your VPN after running FRST, by all means do so.

 

Thank you.

[christ1986]

Brilliant, thank you.

 

Here are the attachments.

 

Thanks

 

Chris

Addition.txt

FRST.txt

[LiquidTension]

Hello Chris, 

 

Please do the following: 

 

STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startCreateRestorePoint:RemoveProxy:ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No FileTcpip\..\Interfaces\{41f58f90-1dd7-44ce-84b8-bf08657bdb81}: [DhcpNameServer] 82.163.142.7Tcpip\..\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}: [DhcpNameServer] 82.163.142.7Tcpip\..\Interfaces\{f3616251-e5cd-464b-9680-a976febf1f58}: [DhcpNameServer] 82.163.142.7BHO: YoutubeAdblocker -> {24E53A1A-B562-30F4-23A6-75DF529C4E4A} -> C:\Program Files (x86)\YoutubeAdblocker\THVtn7x.x64.dll => No FileC:\Program Files (x86)\YoutubeAdblockerToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No FileCHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No FileTask: {0FCB86A0-0086-4742-BD3A-943A1EDB0088} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {1C408272-3246-4CDC-93E9-405A4A13EE17} - System32\Tasks\{8D2D7D51-DEA4-4840-BD91-7495A7F85ED3} => pcalua.exe -a C:\Users\admin\Downloads\chromeinstall-8u40.exe -d C:\Users\admin\DownloadsTask: {1DB03B80-DAB6-452F-AD59-40BBD215BAC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {3994D9BC-40C4-4700-AA58-74A1A8AB7875} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTIONTask: {3FAF17D6-A004-410D-9EC1-CBB90B5DF3A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {41B777DE-65CF-4B88-8DC6-88B2E81699A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {4C7C3A89-124E-4A53-B92D-194ECE851344} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONTask: {687A5D15-A26C-41CF-A40E-39F239AD3952} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {A5C25BDB-3DFB-4423-BD83-22B7A514ED63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {B34E784E-E07B-4AE3-A2E8-F11509E0371D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {B7C81D7F-3FE3-4092-8EEF-CA54422D3108} - System32\Tasks\{5B12BB56-6629-429F-A780-5F4926CE1213} => pcalua.exe -a E:\BioWare5_1_1\InstaCal_setup_v622.exe -d E:\BioWare5_1_1Task: {F2C24A68-CD60-4C01-AB33-986DB8EA643F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {FA090E4B-733E-4BD7-B7F5-3EBE6B99931F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTIONZip: C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57};C:\users\admin\desktop\u1304.exeHosts:CMD: ipconfig /flushdnsEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
• A file (Upload.zip) will be saved to your Desktop. Upload this file to SendSpace and provide a direct download link in your next reply.
   

STEP 2
 ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme. 
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points. 
• Click  and save the file to your Desktop, naming it something such as "ESET Scan".
• Push the Back button.
• Place a checkmark next to  and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• Upload.zip download link
• ESET Online Scan log

[christ1986]

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by admin (2016-03-08 20:20:44) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
RemoveProxy:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Tcpip\..\Interfaces\{41f58f90-1dd7-44ce-84b8-bf08657bdb81}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{f3616251-e5cd-464b-9680-a976febf1f58}: [DhcpNameServer] 82.163.142.7
BHO: YoutubeAdblocker -> {24E53A1A-B562-30F4-23A6-75DF529C4E4A} -> C:\Program Files (x86)\YoutubeAdblocker\THVtn7x.x64.dll => No File
C:\Program Files (x86)\YoutubeAdblocker
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0FCB86A0-0086-4742-BD3A-943A1EDB0088} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1C408272-3246-4CDC-93E9-405A4A13EE17} - System32\Tasks\{8D2D7D51-DEA4-4840-BD91-7495A7F85ED3} => pcalua.exe -a C:\Users\admin\Downloads\chromeinstall-8u40.exe -d C:\Users\admin\Downloads
Task: {1DB03B80-DAB6-452F-AD59-40BBD215BAC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3994D9BC-40C4-4700-AA58-74A1A8AB7875} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3FAF17D6-A004-410D-9EC1-CBB90B5DF3A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {41B777DE-65CF-4B88-8DC6-88B2E81699A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C7C3A89-124E-4A53-B92D-194ECE851344} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {687A5D15-A26C-41CF-A40E-39F239AD3952} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A5C25BDB-3DFB-4423-BD83-22B7A514ED63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B34E784E-E07B-4AE3-A2E8-F11509E0371D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B7C81D7F-3FE3-4092-8EEF-CA54422D3108} - System32\Tasks\{5B12BB56-6629-429F-A780-5F4926CE1213} => pcalua.exe -a E:\BioWare5_1_1\InstaCal_setup_v622.exe -d E:\BioWare5_1_1
Task: {F2C24A68-CD60-4C01-AB33-986DB8EA643F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FA090E4B-733E-4BD7-B7F5-3EBE6B99931F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Zip: C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57};C:\users\admin\desktop\u1304.exe
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41f58f90-1dd7-44ce-84b8-bf08657bdb81}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3616251-e5cd-464b-9680-a976febf1f58}\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24E53A1A-B562-30F4-23A6-75DF529C4E4A}" => key removed successfully
"HKCR\CLSID\{24E53A1A-B562-30F4-23A6-75DF529C4E4A}" => key removed successfully
"C:\Program Files (x86)\YoutubeAdblocker" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll => not found.
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FCB86A0-0086-4742-BD3A-943A1EDB0088}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FCB86A0-0086-4742-BD3A-943A1EDB0088}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C408272-3246-4CDC-93E9-405A4A13EE17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C408272-3246-4CDC-93E9-405A4A13EE17}" => key removed successfully
C:\WINDOWS\System32\Tasks\{8D2D7D51-DEA4-4840-BD91-7495A7F85ED3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D2D7D51-DEA4-4840-BD91-7495A7F85ED3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB03B80-DAB6-452F-AD59-40BBD215BAC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB03B80-DAB6-452F-AD59-40BBD215BAC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3994D9BC-40C4-4700-AA58-74A1A8AB7875}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3994D9BC-40C4-4700-AA58-74A1A8AB7875}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FAF17D6-A004-410D-9EC1-CBB90B5DF3A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FAF17D6-A004-410D-9EC1-CBB90B5DF3A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41B777DE-65CF-4B88-8DC6-88B2E81699A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41B777DE-65CF-4B88-8DC6-88B2E81699A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C7C3A89-124E-4A53-B92D-194ECE851344}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C7C3A89-124E-4A53-B92D-194ECE851344}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{687A5D15-A26C-41CF-A40E-39F239AD3952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{687A5D15-A26C-41CF-A40E-39F239AD3952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5C25BDB-3DFB-4423-BD83-22B7A514ED63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C25BDB-3DFB-4423-BD83-22B7A514ED63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B34E784E-E07B-4AE3-A2E8-F11509E0371D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B34E784E-E07B-4AE3-A2E8-F11509E0371D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7C81D7F-3FE3-4092-8EEF-CA54422D3108}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7C81D7F-3FE3-4092-8EEF-CA54422D3108}" => key removed successfully
C:\WINDOWS\System32\Tasks\{5B12BB56-6629-429F-A780-5F4926CE1213} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B12BB56-6629-429F-A780-5F4926CE1213}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2C24A68-CD60-4C01-AB33-986DB8EA643F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C24A68-CD60-4C01-AB33-986DB8EA643F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA090E4B-733E-4BD7-B7F5-3EBE6B99931F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA090E4B-733E-4BD7-B7F5-3EBE6B99931F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
================== Zip: ===================
C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57} -> copied successfully to C:\Users\admin\Desktop\Upload.zip
C:\users\admin\desktop\u1304.exe -> copied successfully to C:\Users\admin\Desktop\Upload.zip
=========== Zip: End ===========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 3.4 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:38:54 ====

 

Download Link

 

https://www.sendspace.com/file/qak8hg

 

 

ESET Scan Log

 

C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe a variant of Win32/Adware.Dowsserve.A application
C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe a variant of Win32/Adware.Dowsserve.A application
C:\Users\admin\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\admin\Contacts\Backup\CHRISTHOMAS\Backup Set 2013-10-02 063843\Backup Files 2013-10-02 063843\Backup files 7.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\admin\Contacts\Backup\CHRISTHOMAS\Backup Set 2013-10-02 063843\Backup Files 2013-10-07 081046\Backup files 18.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\admin\Contacts\Backup\CHRISTHOMAS\Backup Set 2013-10-02 063843\Backup Files 2013-10-07 081046\Backup files 48.zip Win32/UltraReach.AF potentially unsafe application
C:\Users\admin\Desktop\U1304.exe a variant of Win32/UltraReach potentially unsafe application
C:\Users\admin\Desktop\Upload.zip a variant of Win32/UltraReach potentially unsafe application
C:\Users\admin\Dropbox\U1304.exe a variant of Win32/UltraReach potentially unsafe application
C:\Users\admin\Dropbox\Agility and COD\Asymmetry and COD Performance\Dropbox\U1304.exe a variant of Win32/UltraReach potentially unsafe application
 

[LiquidTension]

Hi Chris, 
 
Thank you for the logs and files. Please let me know how your computer is performing after carrying out the instructions below. 
 
Regarding the files below - I suggest deleting the following backup .zip files, and creating a new backup once this process is finished. 

C:\Users\admin\Contacts\Backup\CHRISTHOMAS\Backup Set 2013-10-02 063843\Backup Files 2013-10-02 063843\Backup files 7.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted applicationC:\Users\admin\Contacts\Backup\CHRISTHOMAS\Backup Set 2013-10-02 063843\Backup Files 2013-10-07 081046\Backup files 18.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted applicationC:\Users\admin\Contacts\Backup\CHRISTHOMAS\Backup Set 2013-10-02 063843\Backup Files 2013-10-07 081046\Backup files 48.zip Win32/UltraReach.AF potentially unsafe application

 
STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startCreateRestorePoint:2016-02-27 10:39 - 2016-02-27 10:39 - 00003880 _____ C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57}Task: {0C39006D-7063-4CCD-B601-34F47ECA16EE} - System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)FirewallRules: [UDP Query User{6672CDAE-E4B6-4067-A10C-6E27096B4828}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exeFirewallRules: [TCP Query User{6C7DE365-ED90-4284-BDE1-D02BC4BD5622}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exeC:\PROGRA~3\7166b0ecC:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exeC:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exeFolder: C:\Program Files (x86)\Microsoft.NET\v2.0.507237C:\Users\admin\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dllC:\Users\admin\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}C:\Users\admin\Desktop\U1304.exeC:\Users\admin\Desktop\Upload.zipC:\Users\admin\Dropbox\U1304.exeC:\Users\admin\Dropbox\Agility and COD\Asymmetry and COD Performance\Dropbox\U1304.exeFF NetworkProxy: "backup.ftp", "127.0.0.1"FF NetworkProxy: "backup.ftp_port", 9666FF NetworkProxy: "backup.socks", "127.0.0.1"FF NetworkProxy: "backup.socks_port", 9666FF NetworkProxy: "backup.ssl", "127.0.0.1"FF NetworkProxy: "backup.ssl_port", 9666FF NetworkProxy: "ftp", "127.0.0.1"FF NetworkProxy: "ftp_port", 9666FF NetworkProxy: "http", "127.0.0.1"FF NetworkProxy: "http_port", 9666FF NetworkProxy: "no_proxies_on", ""FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "127.0.0.1"FF NetworkProxy: "socks_port", 9666FF NetworkProxy: "ssl", "127.0.0.1"FF NetworkProxy: "ssl_port", 9666FF NetworkProxy: "type", 0CMD: ipconfig /flushdnsEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 Update Outdated Software
Outdated software contain vulnerabilities that must be patched. Please download and install the latest version of the programme(s) below.

•  Java (watch out for "Optional Offers" or bundled software)
•  Follow these instructions to check for and download the latest Windows Updates.
   

STEP 3
 Remove Outdated Software

• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programme(s), right-click and click Uninstall one at a time.
• Note: The programme(s) below may not be present. If this is the case, please skip to the next step.
  • Java 8 Update 66
• Follow the prompts, and reboot if necessary.
   

======================================================
 
STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• Did your programme(s) update successfully? 
• How is your computer performing? Are there any outstanding issues?

[christ1986]

Brilliant, thank you.

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by admin (2016-03-09 08:16:53) Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
2016-02-27 10:39 - 2016-02-27 10:39 - 00003880 _____ C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57}
Task: {0C39006D-7063-4CCD-B601-34F47ECA16EE} - System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)
FirewallRules: [uDP Query User{6672CDAE-E4B6-4067-A10C-6E27096B4828}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [TCP Query User{6C7DE365-ED90-4284-BDE1-D02BC4BD5622}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
C:\PROGRA~3\7166b0ec
C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe
C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe
Folder: C:\Program Files (x86)\Microsoft.NET\v2.0.507237
C:\Users\admin\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll
C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
C:\Users\admin\Desktop\U1304.exe
C:\Users\admin\Desktop\Upload.zip
C:\Users\admin\Dropbox\U1304.exe
C:\Users\admin\Dropbox\Agility and COD\Asymmetry and COD Performance\Dropbox\U1304.exe
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 9666
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 9666
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 9666
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 9666
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9666
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 0
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C39006D-7063-4CCD-B601-34F47ECA16EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C39006D-7063-4CCD-B601-34F47ECA16EE}" => key removed successfully
C:\WINDOWS\System32\Tasks\{D95C98A6-A69F-0A33-3640-76C96422AD57} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D95C98A6-A69F-0A33-3640-76C96422AD57}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6672CDAE-E4B6-4067-A10C-6E27096B4828}C:\users\admin\desktop\u1304.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C7DE365-ED90-4284-BDE1-D02BC4BD5622}C:\users\admin\desktop\u1304.exe => value removed successfully
"C:\PROGRA~3\7166b0ec" => not found.
C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe => moved successfully
C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe => moved successfully

========================= Folder: C:\Program Files (x86)\Microsoft.NET\v2.0.507237 ========================

====== End of Folder: ======

C:\Users\admin\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll => moved successfully
C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe => moved successfully
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => moved successfully
C:\Users\admin\Desktop\U1304.exe => moved successfully
C:\Users\admin\Desktop\Upload.zip => moved successfully
C:\Users\admin\Dropbox\U1304.exe => moved successfully
C:\Users\admin\Dropbox\Agility and COD\Asymmetry and COD Performance\Dropbox\U1304.exe => moved successfully
Firefox Proxy settings were reset.
FF NetworkProxy: "backup.ftp_port", 9666 => not found
FF NetworkProxy: "backup.socks", "127.0.0.1" => not found
FF NetworkProxy: "backup.socks_port", 9666 => not found
FF NetworkProxy: "backup.ssl", "127.0.0.1" => not found
FF NetworkProxy: "backup.ssl_port", 9666 => not found
FF NetworkProxy: "ftp", "127.0.0.1" => not found
FF NetworkProxy: "ftp_port", 9666 => not found
FF NetworkProxy: "http", "127.0.0.1" => not found
FF NetworkProxy: "http_port", 9666 => not found
FF NetworkProxy: "no_proxies_on", "" => not found
FF NetworkProxy: "share_proxy_settings", true => not found
FF NetworkProxy: "socks", "127.0.0.1" => not found
FF NetworkProxy: "socks_port", 9666 => not found
FF NetworkProxy: "ssl", "127.0.0.1" => not found
FF NetworkProxy: "ssl_port", 9666 => not found
FF NetworkProxy: "type", 0 => not found

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 16.6 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 08:17:09 ====

 

Java updated successfully, and it also uninstalled the previous version (66). Windows 10 has the latest update.

 

Chrome seems to be working fine on the websites I couldn't access yesterday, thank you.

 

I am running AdBlock extension and Malwarebytes Anti-Exploit Free. Is there anything else you can recommend to run?

 

Thanks

[LiquidTension]

Please delete (right-click + Delete) the folder in bold: C:\Program Files (x86)\Microsoft.NET\v2.0.507237
 

Chrome seems to be working fine on the websites I couldn't access yesterday, thank you.

Excellent!
 

I am running AdBlock extension and Malwarebytes Anti-Exploit Free. Is there anything else you can recommend to run?

The following articles document information on computer security, common attack vectors, etc. There are plenty of recommendations on how you can stay safe on the Internet.  

• Answers to common security questions - Best Practices by quietman7
• How Malware Spreads - How did I get infected? by quietman7
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams
• How to Prevent Malware by miekiemoes
• Slow Computer/browser? It May Not Be Malware by quietman7
   

All Clean!
Congratulations, your computer appears clean! 
I see no signs of malware on your computer, and feel satisfied our work here is done. The steps below will remove the tools we have used, and reset any settings changed. 
 
 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore (creates a Restore Point/removes all but the most recent)
  • Reset system settings
• Click the Run button.

-- DelFix will remove the specialised tools we used to clean your computer. Any leftover logs, files, folders or tools remaining on your computer which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
Please confirm you have no outstanding issues, and feel happy with the state of your computer. Once I have confirmation, we can wrap things up and I will close this topic. 
 
Thank you for using Malwarebytes.
 
Safe Surfing.     
Adam

[christ1986]

Hi Adam,

 

Yes, seems fine now. Thank you once again. It was slow to start yesterday after I installed Avast Free Antivirus and Comodo Free Firewall. I have uninstalled Comodo and seems back to normal so I might see if can re-install it or try another firewall.

 

Thanks again

 

Chris

[LiquidTension]

Hi Chris, 
 
If you find a significant impact on performance after installing a third-party Firewall, you may wish to consider sticking with Windows Firewall. From Windows Vista onwards, Windows Firewall is generally regarded as more than sufficient for a home computer.
 
You can find more information on choosing a Firewall here: 
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2475503

[LiquidTension]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!