Jump to content

Cannot Update Malwarebytes/Avira/Windows and Chrome Privacy Error


Recommended Posts

I started getting the Google Chrome Privacy Error whenever I would go to a website, not all, but just random ones. I ran a malwarebytes and Avira scans, both showed nothing. Prior to this I woke up one morning and there was an Avira warning that a PUA/Livid had tried to access my computer. 

I cannot update any of the listed programs, a few of my windows updates worked, but it seems to stall at 0%, then when I shutdown/restart it says that a few of the updates worked. 

After trying to figure this out on my own, I am currently on hour 5 of a custom malwarebytes scan looking for rootkits. So far it has found 2 PUP.Optional.ClientConnect. I will quarantine and delete those if this sccan ever finishes.

Any help would be greatly appreciated. I haven't logged into any banking sites since this started, but probably did the day before! 

Link to post
Share on other sites

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

First Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
Ran by snow fam (administrator) on SNOWFAM-PC (10-07-2016 09:22:53)
Running from C:\Users\snow fam\Downloads
Loaded Profiles: snow fam &  (Available Profiles: snow fam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
() C:\Users\snow fam\Downloads\unblock-us.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\snow fam\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{909426C4-C803-4B4A-8303-14B139DAA5EB}: [DhcpNameServer] 24.222.0.94 24.222.0.95

Internet Explorer:
==================
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-534614172-2324584149-4159002519-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\snow fam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\snow fam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\snow fam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\snow fam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-14] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avira Browser Safety) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-11-20]
CHR Extension: (Gmail) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [467016 2016-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) [File not signed]
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-05-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-16] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2012-03-02] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-10-12] (hxxp://libusb-win32.sourceforge.net)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 09:22 - 2016-07-10 09:23 - 00030682 _____ C:\Users\snow fam\Downloads\FRST.txt
2016-07-10 09:21 - 2016-07-10 09:21 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (2).exe
2016-07-09 20:11 - 2016-07-09 20:11 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (1).exe
2016-07-09 20:07 - 2016-07-10 09:22 - 00000000 ____D C:\FRST
2016-07-09 20:06 - 2016-07-09 20:07 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64.exe
2016-07-07 12:23 - 2016-07-07 12:23 - 00000000 ____D C:\Users\snow fam\AppData\Local\ElevatedDiagnostics
2016-07-06 13:21 - 2016-01-22 03:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-06 13:21 - 2016-01-22 03:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-06 13:21 - 2016-01-22 03:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-06 13:21 - 2016-01-22 03:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-06 13:21 - 2016-01-22 03:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-06 13:21 - 2016-01-22 03:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-06 13:21 - 2016-01-22 03:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-06 13:21 - 2016-01-22 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-06 13:21 - 2016-01-22 03:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-06 13:21 - 2016-01-22 03:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-06 13:21 - 2016-01-22 03:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-06 13:21 - 2016-01-22 03:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-06 13:21 - 2016-01-22 03:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-06 13:21 - 2016-01-22 03:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-06 13:21 - 2016-01-22 03:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-06 13:21 - 2016-01-22 03:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-06 13:21 - 2016-01-22 03:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-06 13:21 - 2016-01-22 03:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-06 13:21 - 2016-01-22 03:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-06 13:21 - 2016-01-22 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-06 13:21 - 2016-01-22 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-06 13:21 - 2016-01-22 03:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 03:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-06 13:21 - 2016-01-22 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-06 13:21 - 2016-01-22 03:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-06 13:21 - 2016-01-22 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-06 13:21 - 2016-01-22 03:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 02:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-06 13:21 - 2016-01-22 02:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-06 13:21 - 2016-01-22 02:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-06 13:21 - 2016-01-22 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-06 13:21 - 2016-01-22 01:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-06 13:21 - 2016-01-22 01:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-06 13:21 - 2016-01-22 01:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-06 13:21 - 2016-01-22 01:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-06 13:21 - 2016-01-22 01:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-06 13:21 - 2016-01-22 01:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-06 13:21 - 2016-01-22 01:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-06 13:21 - 2016-01-22 01:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-06 13:21 - 2016-01-22 01:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-06 13:21 - 2016-01-22 01:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-06 13:21 - 2016-01-22 01:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 01:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 01:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:21 - 2016-01-22 01:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:19 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-06 13:19 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-06 11:42 - 2016-05-12 12:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-06 11:42 - 2016-05-11 14:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 12:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 11:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-06 11:42 - 2016-03-06 15:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-06 11:42 - 2016-02-05 15:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-07-06 11:42 - 2016-02-05 15:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-07-06 11:42 - 2016-02-05 14:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-07-06 11:42 - 2016-01-11 16:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-06 11:42 - 2015-06-03 17:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-06 11:25 - 2016-07-06 11:25 - 00414720 _____ (Microsoft Corporation) C:\Users\snow fam\Downloads\Unconfirmed 696381.crdownload
2016-07-04 14:55 - 2016-07-04 14:55 - 00003192 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e04.hdtv.x264.lol.ettv.torrent
2016-07-02 16:40 - 2016-07-02 16:40 - 00052558 _____ C:\Users\snow fam\Downloads\[kat.cr]brazzers.big.tits.at.work.asa.akira.katsuni.london.keyes.mia.lelani.keiran.lee.office.4.play.ii.asian.sensation.mp4.torrent
2016-07-02 16:35 - 2016-07-02 16:35 - 00012522 _____ C:\Users\snow fam\Downloads\[kat.cr]wickedpictures.asa.akira.jessica.drake.katie.morgan.luna.star.teanna.trump.the.j.o.b.scene.07.new.release.june.2016.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00004732 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e03.hdtv.x264.lol.ettv.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00003866 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e02.hdtv.x264.lol.ettv.torrent
2016-07-02 16:23 - 2016-07-02 16:23 - 00003887 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e01.hdtv.x264.lol.ettv.torrent
2016-07-02 16:21 - 2016-07-02 16:21 - 00019709 _____ C:\Users\snow fam\Downloads\[kat.cr]turn.s03.complete.1080p.10bit.web.dl.6ch.x265.hevc.power.torrent
2016-07-02 15:52 - 2016-07-02 15:52 - 00062224 _____ C:\Users\snow fam\Downloads\[kat.cr]marco.polo.2014.season.2.complete.720p.webrip.hevc.x265.rmteam.720p.hevc.torrent
2016-07-01 16:38 - 2016-07-01 16:38 - 17416885 _____ C:\Users\snow fam\Downloads\IMG_2454.MOV
2016-06-26 18:39 - 2016-06-26 18:39 - 00002531 _____ C:\Users\snow fam\Downloads\[kat.cr]maria.v.snyder.night.study.soulfinders.2.torrent
2016-06-26 18:38 - 2016-06-26 18:38 - 00001432 _____ C:\Users\snow fam\Downloads\[kat.cr]kalayna.price.alex.craft.4.grave.visions.wildwielder.cpul.epub.torrent
2016-06-26 18:28 - 2016-06-26 18:28 - 00001289 _____ C:\Users\snow fam\Downloads\[kat.cr]the.girl.on.the.train.paula.hawkins.blua.epub.torrent
2016-06-24 12:40 - 2016-06-24 12:40 - 00000000 ____D C:\Users\snow fam\AppData\Local\{11558B9A-C2BE-43D7-BE02-3C2E851AE02D}
2016-06-13 15:38 - 2016-06-13 16:04 - 00000000 ____D C:\Users\snow fam\Documents\Nancy School
2016-06-12 11:08 - 2016-06-12 11:08 - 00000000 ____D C:\Users\snow fam\AppData\Local\{D0628B9F-A3AC-41B1-A3E0-619059170EA9}
2016-06-11 10:38 - 2016-06-11 10:38 - 00000000 ____D C:\Users\snow fam\AppData\Local\{AB45E170-F3E8-4E23-B38D-1A0C78AAFE4D}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 09:16 - 2013-05-08 08:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-10 09:11 - 2013-11-20 18:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-10 09:07 - 2013-08-12 12:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job
2016-07-10 08:29 - 2013-08-08 14:24 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job
2016-07-10 04:57 - 2014-04-16 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-09 22:11 - 2013-11-20 18:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-09 20:36 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-09 20:36 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-09 20:07 - 2013-08-12 12:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job
2016-07-09 14:29 - 2013-08-08 14:24 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job
2016-07-09 10:10 - 2013-01-09 23:25 - 00003294 _____ C:\Windows\System32\Tasks\Unblock-us
2016-07-09 10:10 - 2011-08-11 03:41 - 00000000 ____D C:\ProgramData\clear.fi
2016-07-09 10:09 - 2011-08-12 03:06 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-07-09 10:09 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-08 11:35 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-07-07 12:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-07 12:24 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 12:02 - 2013-03-10 16:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-07 12:02 - 2011-08-11 03:49 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Azureus
2016-07-07 11:55 - 2009-07-14 02:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-07 11:48 - 2009-07-14 01:45 - 05005384 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 13:21 - 2012-10-02 18:26 - 00007593 _____ C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
2016-07-06 10:27 - 2011-09-12 09:30 - 00000000 ____D C:\Users\snow fam\Documents\Azureus Downloads
2016-07-04 09:49 - 2012-05-16 22:01 - 03547648 ___SH C:\Users\snow fam\Downloads\Thumbs.db
2016-06-28 21:21 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-28 21:21 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-26 19:26 - 2011-08-20 21:53 - 00000000 ____D C:\Users\snow fam\Calibre Library
2016-06-19 17:12 - 2013-11-20 18:21 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-19 17:12 - 2013-11-20 18:21 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-16 21:16 - 2013-05-08 08:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 21:16 - 2012-04-18 07:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 21:16 - 2011-09-13 15:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-02-29 21:03 - 2012-02-29 21:28 - 0000132 _____ () C:\Users\snow fam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-24 14:00 - 2013-10-16 11:41 - 0000000 _____ () C:\Users\snow fam\AppData\Roaming\bitlord_log.txt
2013-11-13 22:22 - 2013-11-13 22:22 - 0000038 ___SH () C:\Users\snow fam\AppData\Local\4c6d4c0d519c43f31ecc76.94841244
2012-03-01 17:12 - 2013-11-06 17:42 - 0001456 _____ () C:\Users\snow fam\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-09-13 19:45 - 2011-09-13 19:45 - 0004608 _____ () C:\Users\snow fam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-16 12:11 - 2013-10-16 12:11 - 0000218 _____ () C:\Users\snow fam\AppData\Local\recently-used.xbel
2012-10-02 18:26 - 2016-07-06 13:21 - 0007593 _____ () C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
2011-06-02 16:09 - 2011-06-02 16:11 - 0015149 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some files in TEMP:
====================
C:\Users\snow fam\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-08 11:28

==================== End of FRST.txt ============================

Link to post
Share on other sites

2nd Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by snow fam (2016-07-10 09:23:46)
Running from C:\Users\snow fam\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-11 05:37:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-534614172-2324584149-4159002519-500 - Administrator - Disabled)
Guest (S-1-5-21-534614172-2324584149-4159002519-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-534614172-2324584149-4159002519-1004 - Limited - Enabled)
snow fam (S-1-5-21-534614172-2324584149-4159002519-1001 - Administrator - Enabled) => C:\Users\snow fam
UpdatusUser (S-1-5-21-534614172-2324584149-4159002519-1000 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0225.2011 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-245 - House of Life)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{0CF3C0FA-02EA-4E15-9495-1C441C0377B3}) (Version: 2.18.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3007 - Acer Incorporated)
ComicRack v0.9.155 (HKLM\...\ComicRack) (Version: v0.9.155 - cYo Soft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cyberduck 4.3.1 (11008) (HKLM-x32\...\Cyberduck) (Version: 4.3.1 (11008) - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MediaEspresso (x32 Version: 1.0.1423_35858 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
PASS (HKLM-x32\...\com.showitfast.pass.desktop.PASS) (Version: 2.1.317 - Showitfast, Inc)
PASS (x32 Version: 2.1.317 - Showitfast, Inc) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StudioCloud 3.0 (HKLM-x32\...\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1) (Version: 3.1.247 - StudioCloud International Inc.)
StudioCloud 3.0 (x32 Version: 3.1.247 - StudioCloud International Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SymMover (HKLM-x32\...\SymMover) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03591A0E-80BE-4E2D-8AD1-CC962D17C577} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {16C4BC9B-FA2B-4C33-8744-6966D23D07AF} - System32\Tasks\Unblock-us => C:\Users\snow fam\Downloads\unblock-us.exe [2013-01-09] ()
Task: {278811F8-3E17-472C-896B-D2365300B8E7} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {2935B672-A71F-4423-ABA3-9A018154031A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {3132E278-2874-4F61-954A-5D44860131DF} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {3B6C1ADC-A0AF-4205-866E-67232285A7E0} - System32\Tasks\4818 => Wscript.exe C:\Users\SNOWFA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {4FEDBE2D-DC6F-46BB-ACE1-5F2B564E09E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {50C3DBC8-102B-4D04-89B4-96F364EA9421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {71CD6319-84C1-4705-88E2-5896AAC6303C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9A8446D9-51E1-4AC0-B4E6-1091687CB387} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9FA9213E-0B71-470C-B593-0ABAAAAB19DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B035D5DC-F5DF-4EF6-A725-729CD5ED68B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B0AD3CE2-B1FE-4212-97DE-8E2A8D20939E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {BDA5CC05-0068-4BF6-8372-BAC78B69B175} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-11-29] (Advanced Micro Devices, Inc.)
Task: {BF44CFB8-8CEC-4B5D-868F-29A4F4746F23} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {C5E34943-C426-40A1-B864-B67C5E1A78A6} - System32\Tasks\{D851F931-CB89-4361-BEA9-9C7F7923F46A} => pcalua.exe -a "C:\Users\snow fam\Downloads\amddriverdownloader (1).exe" -d "C:\Users\snow fam\Downloads"
Task: {C6DE1D64-BA4F-47F2-B0FE-73C6177F7581} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {EBE1CDBC-CB46-4E4E-B375-E2EECC687D86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX Author – Create DivX Movies.lnk -> hxxp://go.divx.com/divx/windows/author/moviesfolder/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX.com.lnk -> hxxp://go.divx.com/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Enhance your video soundtracks.lnk -> hxxp://go.divx.com/divx/windows/player/dfx/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Post DivX® video to your website.lnk -> hxxp://go.divx.com/publishvideo/en (No File)
Shortcut: C:\Users\snow fam\Desktop\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)
Shortcut: C:\Users\snow fam\Desktop\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=desktop (No File)
Shortcut: C:\Users\snow fam\Desktop\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\4\Microsoft.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\3\Ensemble Studios on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\2\Support.lnk -> hxxp:\support.microsoft.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\1\Microsoft Games Studios - Age of Empires III - The WarChiefs on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\0\Age Community.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{BB9D051D-A3CC-422F-931A-1019449001A5}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{B71A3D29-03D6-48E2-909B-183371B53249}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{528AC45E-C2CF-43AB-AAF0-6B268211A5F2}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{30DB7B94-7BD4-4BE5-9D92-7BBD12C0EAE4}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=program (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artsy Couture ROES\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)

ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730E\Netflix\StartURL.exe () -> hxxps://www.netflix.ca/?mqso=80028091

==================== Loaded Modules (Whitelisted) ==============

2009-12-13 23:19 - 2009-12-09 06:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-10-25 11:04 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2012-10-16 06:39 - 2012-10-16 06:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-01-09 23:24 - 2013-01-09 23:25 - 00318243 ____H () C:\Users\snow fam\Downloads\unblock-us.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-24 22:34 - 2014-10-24 22:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 22:46 - 2014-04-25 22:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-22 11:52 - 2014-10-22 11:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-06-02 15:58 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-06-19 17:12 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 17:12 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.

IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.

IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.

IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.

IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2013-03-10 16:50 - 00446050 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15308 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-534614172-2324584149-4159002519-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-534614172-2324584149-4159002519-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\startupfolder: C:^Users^snow fam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{480F250A-2549-4FB6-AFDE-62B9372C1175}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{C8545905-F581-46A9-BD7A-6ECA75374DBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{9D12B5B3-86BF-4DDA-B23A-8063EA66DE6F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C274BC37-A34E-4E29-80A3-75FB33AB5418}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{CD01AD17-9EB9-43E8-BA15-E5AB57EA185D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{410D6CA4-4CC6-474E-91A6-D5BF316058C7}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{89A7F38F-7CA5-43BF-B015-53B0F1A1A2D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B1720887-F31B-4C54-9C42-88972A269F9A}] => (Allow) LPort=2869
FirewallRules: [{D653AFA8-8BF0-49DC-A60C-5100DDC39C6E}] => (Allow) LPort=1900
FirewallRules: [{9C68EA82-5930-4E42-A8F6-954A5C262527}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C7C6499A-64D9-4F6C-B0FC-89EA9D9B377A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0C89DE57-5550-4B1C-B124-6E6187EA3107}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{F170B033-2654-40B1-A069-39A2D25B2E16}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EF40C1BC-67BC-4966-ACC4-382DA7BD1D29}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABC3C73D-A4C4-41A0-B4EA-ED4592ABFB4B}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{901E1E50-1005-49E1-A3E5-353334FA8197}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{A08CADB3-585F-48AA-80A9-385331A3E826}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{41B29039-C639-4918-BF55-0B3623E19226}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{04264626-CB06-40BC-BEBF-76AAE468856A}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{CFD514E2-6A6C-4895-AB13-4657DE6F8391}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{57968F6A-3B01-4909-A816-4CBB5B9B2CD5}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{CF12C40B-0357-4103-8A09-54456DD7CE37}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{C1C81BE5-5CD1-4167-A1B1-814BA030E625}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [TCP Query User{7F7D1390-F795-4200-A3C9-90CF0774FC8F}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{46D1718B-2865-47CE-B90C-56D9DD8365BF}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{897A5437-88F2-4854-A016-B801CE1C8347}] => (Allow) C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6400BFD5-9E68-4238-A1AB-386975C8492A}] => (Allow) C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4F554961-F4D9-4B3C-9CB1-C3F94A97A049}C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBDC4FDE-CB16-4E5E-A5DF-843A9DA3A5D2}C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{55B263F5-8BDA-48FF-A5D6-C82D140BF20A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{43B74EC2-1AE6-4B32-A5BF-BC86E215CF5A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{5129C332-F64A-4AD9-A250-2B83EAC77632}] => (Allow) C:\Users\snow fam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{0AD663AC-B7E3-4274-B345-FDF5A7552055}] => (Allow) C:\Users\snow fam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{7B0466E3-81DE-410E-952D-D0D29D3EBB5E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{20B2F66F-312C-424B-9AAE-E4BD4782C2F7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{83FA84BE-AA41-4C8D-9FC5-EC0429854EA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35A3B467-213B-4D3F-AEFD-4220B3141FF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56D24518-5669-4476-8915-5764FFB14137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D40D1F6E-C4DA-4F12-A27D-12E1BC90AD94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B69A346-A8F5-42F6-A4EF-BEA77BA1D119}] => (Allow) C:\Users\snow fam\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FAE6C445-E778-4636-AAE1-F72F9A37CC9A}] => (Allow) C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe
FirewallRules: [{F03E49F2-70D5-4A44-A470-6123A59510E9}] => (Allow) C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe
FirewallRules: [{3D9BF6B6-24A7-4FF7-B99A-C4A8086F1F5E}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{176075E2-E714-43F3-9AF3-5C0937669E77}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C84F6C73-FD9A-457C-959A-26EDEEF703EA}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{14CF0514-29EF-4113-86E3-A585C352654F}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{DE61115F-B178-4629-BA8F-53391667FE23}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{2C968BFB-2964-4795-BA9E-DB95C518D0A4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B65B6898-66AC-43D1-9D50-F2B724FE81BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{38FE6007-81C5-46CD-881A-277C078B5F9F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{57F5339A-B1E7-48E7-B281-EA49704120C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A4CDDEDC-6F29-4357-A966-95B006B9C2CA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{95E5B012-6418-4D32-920C-D5B53C68B5D6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CFB48788-6B0A-4082-8941-49D401933526}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0310F9BC-4996-4F7F-A354-207952992D65}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B063F8BC-608E-4890-9A41-EDA437F9AF83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-06-2016 23:21:38 Scheduled Checkpoint
06-07-2016 00:00:01 Scheduled Checkpoint
06-07-2016 22:06:32 Windows Update
07-07-2016 22:05:17 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2016 09:23:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:23:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:23:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:23:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:21:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:21:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:21:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:21:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:21:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (07/10/2016 09:21:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.


System errors:
=============
Error: (07/09/2016 10:12:45 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006

Error: (07/08/2016 10:24:32 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006

Error: (07/07/2016 12:33:23 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (07/07/2016 11:52:59 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006

Error: (07/07/2016 11:50:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 11:50:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

Error: (07/07/2016 11:48:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/07/2016 11:48:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (07/07/2016 11:42:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (07/06/2016 12:57:40 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006


CodeIntegrity:
===================================
  Date: 2016-05-01 11:54:24.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:54:24.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:52:50.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:52:50.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:52:42.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:52:42.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:52:14.345
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-01 11:52:14.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-18 20:08:42.355
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-18 20:08:42.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 16366.47 MB
Available physical RAM: 11830.02 MB
Total Virtual: 32731.15 MB
Available Virtual: 27458.16 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:1381.17 GB) (Free:609.86 GB) NTFS
Drive d: (CABINET_DVD) (CDROM) (Total:2.23 GB) (Free:0 GB) UDF
Drive j: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1071.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 90596A54)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1381.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D26C69D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.