• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
2017-01-30.png
Hi, I managed to find this forum from reddit, I was hoping you guys can help me with my problem. I unpacked a download and a UC Browser along with several other odd programs were downloaded. I tried booting in safe mode, and uninstalling and deleting the programs and the appdata, but it is still there. My chrome and internet explorer has been affected and I had to re-download chrome. So far, I have downloaded Ad Aware and AVG to attempt to get rid of it but I don't think it worked. Attached below are my FRST logs. Thank you very much for taking the time to review my problem.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Arnold Arkar Moore (administrator) on LAPTOP-5BUDBD32 (30-01-2017 07:15:37)
Running from C:\Users\Arnold Arkar Moore\Downloads
Loaded Profiles: Arnold Arkar Moore (Available Profiles: defaultuser0 & Arnold Arkar Moore)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDesktop.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Users\Arnold Arkar Moore\AppData\Roaming\com\comrepl.exe
(Mega Limited) C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\MEGAsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-01-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe [9533688 2016-12-15] ()
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9523496 2017-01-30] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer)
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1212976 2017-01-26] (CyberGhost S.R.L.)
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-22] (Piriform Ltd)
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [comrepl] => C:\Users\Arnold Arkar Moore\AppData\Roaming\com\comrepl.exe [7293280 2013-02-19] (TeamViewer GmbH)
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\Providers\tu04zzgg: C:\Program Files (x86)\Arelient Server\local64spl.dll [289792 2017-01-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
Startup: C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-12-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a62b5f24-8ed2-4c66-8bd6-a3b60f9d3ebe}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sen/
SearchScopes: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001 -> DefaultScope {57BA3A3F-4355-4A4F-AD21-63E16775A3AB} URL =
SearchScopes: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001 -> {0016C0E3-95C7-4D61-AA93-6FA121C1C237} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-22] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-22] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-22] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-22] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-22] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-22] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-22] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-22] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://home.sweetim.com/?st=4&barid={D691AAD4-0AC6-11E1-8877-206A8A3EB90A}
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com.sg/","hxxps://www.youtube.com/","hxxp://www.watchcartoononline.com/","hxxps://www.google.com.sg/webhp?hl=en&sa=X&ved=0ahUKEwic7JGto83NAhVKuo8KHXU4C20QPAgD","hxxps://www.youtube.com/?gl=SG","hxxp://kisscartoon.me/"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-30] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-30]
CHR Extension: (Google Docs) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-30]
CHR Extension: (Google Drive) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Google Sheets) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-30]
CHR Extension: (Gmail) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-30]
CHR Profile: C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-06]
CHR Extension: (Google Drive) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-06]
CHR Extension: (YouTube) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-06]
CHR Extension: (Video Downloader professional) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-01-17]
CHR Extension: (Google Sheets) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06]
CHR Extension: (AdBlock) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-26]
CHR Extension: (360 Internet Protection) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-01-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-26]
CHR Extension: (Google Play) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-12-06]
CHR Extension: (Secure Bookmarks) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocjgngiajhfiikjolfhcpiokgbinep [2016-12-06]
CHR Extension: (Into The Mist) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26]
CHR Extension: (Fast search) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-30]
CHR Extension: (Gmail) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [355760 2016-06-25] (Windows (R) Win 7 DDK provider)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-30] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [275616 2017-01-30] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1255272 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-01-26] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [603256 2016-03-02] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-15] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-03-02] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-15] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-02-06] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-05] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-02-06] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-12] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe [630976 2016-12-15] ()
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [188352 2016-12-12] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-03-11] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-03-11] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-02] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-11-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-11-23] (BitDefender)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [165624 2017-01-30] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-01-30] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-01-30] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-01-30] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-01-30] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-01-30] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127072 2017-01-30] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [456936 2017-01-30] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [101624 2017-01-30] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [75664 2017-01-30] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [992488 2017-01-30] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [555152 2017-01-30] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [163512 2017-01-30] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [311472 2017-01-30] (AVG Technologies CZ, s.r.o.)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine\1.0.0.8\bdfwfpf.sys [127312 2016-06-16] (BitDefender LLC)
R3 ETDI2C; C:\Windows\System32\drivers\ETDI2C.sys [185416 2015-09-06] (ELAN Microelectronic Corp.)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [161592 2016-04-28] (BitDefender LLC)
S3 HWHandSet; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [223232 2016-05-25] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-30] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-07-21] (Intel Corporation)
R0 ignis; C:\Windows\System32\drivers\ignis.sys [300840 2016-08-15] (Bitdefender)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21408 2016-03-11] (Acer Incorporated)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9934c34dc6ca0c4b\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14752 2016-03-11] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 07:15 - 2017-01-30 07:15 - 02420736 _____ (Farbar) C:\Users\Arnold Arkar Moore\Downloads\FRST64.exe
2017-01-30 07:15 - 2017-01-30 07:15 - 00029991 _____ C:\Users\Arnold Arkar Moore\Downloads\FRST.txt
2017-01-30 07:15 - 2017-01-30 07:15 - 00000000 ____D C:\FRST
2017-01-30 06:57 - 2017-01-30 06:57 - 01065376 _____ (Google Inc.) C:\Users\Arnold Arkar Moore\Downloads\ChromeSetup.exe
2017-01-30 06:57 - 2017-01-30 06:57 - 00000000 ___HD C:\OneDriveTemp
2017-01-30 06:51 - 2017-01-30 06:51 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\Lavasoft
2017-01-30 06:43 - 2017-01-30 06:43 - 00000000 ____D C:\ProgramData\BitDefender
2017-01-30 06:35 - 2017-01-30 06:57 - 00002427 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2017-01-30 06:35 - 2017-01-30 06:35 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\LavasoftStatistics
2017-01-30 06:35 - 2017-01-30 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-01-30 06:34 - 2017-01-30 06:34 - 02150192 _____ C:\Users\Arnold Arkar Moore\Downloads\Adaware_Installer (2).exe
2017-01-30 06:34 - 2017-01-30 06:34 - 00000000 ____D C:\ProgramData\Lavasoft
2017-01-30 06:34 - 2017-01-30 06:34 - 00000000 ____D C:\Program Files\Lavasoft
2017-01-30 06:34 - 2017-01-30 06:34 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2017-01-30 06:33 - 2017-01-30 06:33 - 01515632 _____ (Igor Pavlov) C:\Users\Arnold Arkar Moore\Downloads\Adaware_Installer (1).exe
2017-01-30 06:31 - 2017-01-30 06:31 - 01515632 _____ (Igor Pavlov) C:\Users\Arnold Arkar Moore\Downloads\Adaware_Installer.exe
2017-01-30 06:28 - 2017-01-30 06:28 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\Macromedia
2017-01-30 06:09 - 2017-01-30 06:09 - 00000000 _____ C:\autoexec.bat
2017-01-30 05:55 - 2017-01-30 05:55 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2017-01-30 05:50 - 2017-01-30 05:50 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-01-30 05:46 - 2017-01-30 05:46 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-30 05:46 - 2017-01-30 05:46 - 00000000 ____D C:\Windows\pss
2017-01-30 05:30 - 2017-01-30 05:17 - 01620992 ____N C:\ProgramData\trz47C4.tmp
2017-01-30 05:29 - 2017-01-30 05:29 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\AVG
2017-01-30 05:28 - 2017-01-30 05:28 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00397800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-01-30 05:28 - 2017-01-30 05:28 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-01-30 05:28 - 2017-01-30 05:28 - 00004008 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-01-30 05:27 - 2017-01-30 05:28 - 00000000 ____D C:\Program Files (x86)\AVG
2017-01-30 05:27 - 2017-01-30 05:27 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-30 05:27 - 2017-01-30 05:27 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2017-01-30 05:27 - 2017-01-30 05:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-01-30 05:26 - 2017-01-30 05:27 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\AvgSetupLog
2017-01-30 05:26 - 2017-01-30 05:26 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\Avg
2017-01-30 05:24 - 2017-01-30 05:28 - 00000000 ____D C:\ProgramData\ProductData
2017-01-30 05:24 - 2017-01-30 05:25 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\LocalLow\IObit
2017-01-30 05:24 - 2017-01-30 05:24 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-30 05:24 - 2017-01-30 05:24 - 00003610 _____ C:\Windows\System32\Tasks\KuaiZip_Update
2017-01-30 05:24 - 2017-01-30 05:24 - 00000000 ___HD C:\Users\Arnold Arkar Moore\AppData\Roaming\com
2017-01-30 05:24 - 2017-01-30 05:24 - 00000000 ____D C:\Windows\IObit
2017-01-30 05:24 - 2017-01-30 05:24 - 00000000 ____D C:\ProgramData\IObit
2017-01-30 05:23 - 2017-01-30 05:59 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\Browsers
2017-01-30 05:20 - 2017-01-30 05:20 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\AdvinstAnalytics
2017-01-30 05:20 - 2017-01-30 05:20 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-30 05:18 - 2017-01-30 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-01-30 05:18 - 2017-01-30 05:39 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
2017-01-30 05:18 - 2017-01-30 05:32 - 00000514 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2017-01-30 05:18 - 2017-01-30 05:32 - 00000350 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2017-01-30 05:18 - 2017-01-30 05:18 - 00003558 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2017-01-30 05:18 - 2017-01-30 05:18 - 00002708 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
2017-01-30 05:18 - 2017-01-30 05:18 - 00001603 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2017-01-30 05:18 - 2017-01-30 05:18 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\UCBrowser
2017-01-30 05:17 - 2017-01-30 05:32 - 00000406 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
2017-01-30 05:17 - 2017-01-30 05:32 - 00000354 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-01-30 05:17 - 2017-01-30 05:32 - 00000354 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-01-30 05:17 - 2017-01-30 05:32 - 00000354 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-01-30 05:17 - 2017-01-30 05:17 - 00003708 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2017-01-30 05:17 - 2017-01-30 05:17 - 00003702 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2017-01-30 05:17 - 2017-01-30 05:17 - 00003690 _____ C:\Windows\System32\Tasks\Traffic Exchange
2017-01-30 05:17 - 2017-01-30 05:17 - 00003294 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2017-01-30 05:17 - 2017-01-30 05:17 - 00003242 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
2017-01-30 05:17 - 2017-01-30 05:17 - 00003242 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
2017-01-30 05:17 - 2017-01-30 05:17 - 00003242 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
2017-01-30 05:17 - 2017-01-30 05:17 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-30 05:17 - 2017-01-30 05:17 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-30 05:17 - 2017-01-30 05:17 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-01-30 05:16 - 2017-01-30 05:27 - 00000000 ____D C:\Windows\system32\SSL
2017-01-30 05:15 - 2017-01-30 06:50 - 00000000 ____D C:\Program Files (x86)\Atufetyatjok
2017-01-30 05:15 - 2017-01-30 05:28 - 00000000 ____D C:\ProgramData\Avg
2017-01-30 05:15 - 2017-01-30 05:15 - 00006086 _____ C:\Windows\System32\Tasks\Arelient Server
2017-01-30 05:15 - 2017-01-30 05:15 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\Fuzophmiqoward
2017-01-30 05:15 - 2017-01-30 05:15 - 00000000 ____D C:\ProgramData\Avira
2017-01-30 05:15 - 2017-01-30 05:15 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-30 05:15 - 2017-01-30 05:15 - 00000000 ____D C:\Program Files (x86)\Arelient Server
2017-01-30 04:50 - 2017-01-30 04:49 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-01-30 04:36 - 2017-01-30 04:36 - 00002896 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-01-30 04:36 - 2017-01-30 04:36 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-30 04:36 - 2017-01-30 04:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-30 04:36 - 2017-01-30 04:36 - 00000000 ____D C:\Program Files\CCleaner
2017-01-30 04:35 - 2017-01-30 04:39 - 00000000 ____D C:\Users\Arnold Arkar Moore\Downloads\Adobe Premiere Pro CC 2017 v11.0.1 + Crack [SadeemPC]
2017-01-30 04:34 - 2017-01-30 04:40 - 00000000 ____D C:\Users\Arnold Arkar Moore\Downloads\Adobe Premiere Pro CC 2015 v9.0 + Crack
2017-01-30 04:33 - 2017-01-30 04:49 - 00000000 ____D C:\Users\Arnold Arkar Moore\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2017-01-30 04:31 - 2017-01-30 04:31 - 00000000 ____D C:\Users\Arnold Arkar Moore\Downloads\Avast Pro Antivirus - Internet Security - Premier 2016 11.2.272
2017-01-30 04:31 - 2017-01-30 04:31 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\LocalLow\BitTorrent
2017-01-29 21:34 - 2017-01-30 04:18 - 00000000 ____D C:\Users\Arnold Arkar Moore\Desktop\DSLR
2017-01-27 23:55 - 2017-01-27 23:55 - 02816197 _____ C:\Windows\d1f691217f3107f5919a03606ee8b0de.exe
2017-01-25 14:39 - 2016-12-21 15:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 14:39 - 2016-12-21 12:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-22 03:14 - 2017-01-22 03:14 - 00002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-22 03:14 - 2017-01-22 03:14 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-20 22:59 - 2017-01-20 23:10 - 00000000 ____D C:\Users\Arnold Arkar Moore\Downloads\Bruno Mars - Discography Deluxe FLAC 2013 [Bubanee]
2017-01-11 23:18 - 2016-12-21 16:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 23:18 - 2016-12-21 16:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 23:18 - 2016-12-21 15:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 23:18 - 2016-12-21 15:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 23:18 - 2016-12-21 15:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 23:18 - 2016-12-21 15:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 23:18 - 2016-12-21 15:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 23:18 - 2016-12-21 15:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 23:18 - 2016-12-21 15:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 23:18 - 2016-12-21 15:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 23:18 - 2016-12-21 15:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 23:18 - 2016-12-21 15:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 23:18 - 2016-12-21 15:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 23:18 - 2016-12-21 14:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 23:18 - 2016-12-21 14:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 23:18 - 2016-12-21 14:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 23:18 - 2016-12-21 14:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 23:18 - 2016-12-21 14:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 23:18 - 2016-12-21 14:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 23:18 - 2016-12-21 13:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 23:18 - 2016-12-21 13:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 23:18 - 2016-12-21 13:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 23:18 - 2016-12-21 12:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 23:18 - 2016-12-21 12:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 23:18 - 2016-12-21 12:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 23:18 - 2016-12-21 12:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 23:18 - 2016-12-21 12:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 23:18 - 2016-12-21 12:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 23:18 - 2016-12-21 12:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 23:18 - 2016-12-21 12:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 23:18 - 2016-12-21 12:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 23:18 - 2016-12-21 12:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 23:18 - 2016-12-14 13:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 23:18 - 2016-12-14 13:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 23:18 - 2016-12-14 13:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 23:18 - 2016-12-14 13:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 23:18 - 2016-12-14 13:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 23:18 - 2016-12-14 12:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 23:18 - 2016-12-14 12:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 23:18 - 2016-12-14 12:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 23:18 - 2016-12-14 12:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 23:18 - 2016-12-14 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 23:18 - 2016-12-14 12:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-11 23:18 - 2016-12-14 12:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 23:18 - 2016-12-14 12:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-11 23:18 - 2016-12-14 12:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-11 23:18 - 2016-12-14 12:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 23:18 - 2016-12-14 12:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-11 23:18 - 2016-12-14 12:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-11 23:18 - 2016-12-14 12:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 23:18 - 2016-12-14 12:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-11 23:18 - 2016-12-14 12:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-11 23:18 - 2016-12-14 12:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-11 23:18 - 2016-12-14 12:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-11 23:18 - 2016-12-14 12:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-11 23:18 - 2016-12-14 12:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-11 23:17 - 2016-12-21 16:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 23:17 - 2016-12-21 15:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 23:17 - 2016-12-21 15:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 23:17 - 2016-12-21 15:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-11 23:17 - 2016-12-21 15:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 23:17 - 2016-12-21 15:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 23:17 - 2016-12-21 15:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 23:17 - 2016-12-21 15:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-11 23:17 - 2016-12-21 15:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-11 23:17 - 2016-12-21 15:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-11 23:17 - 2016-12-21 15:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 23:17 - 2016-12-21 15:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 23:17 - 2016-12-21 15:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-11 23:17 - 2016-12-21 15:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 23:17 - 2016-12-21 15:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-11 23:17 - 2016-12-21 15:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 23:17 - 2016-12-21 15:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 23:17 - 2016-12-21 15:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 23:17 - 2016-12-21 15:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 23:17 - 2016-12-21 15:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 23:17 - 2016-12-21 15:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 23:17 - 2016-12-21 15:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 23:17 - 2016-12-21 15:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 23:17 - 2016-12-21 15:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 23:17 - 2016-12-21 15:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 23:17 - 2016-12-21 15:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 23:17 - 2016-12-21 14:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 23:17 - 2016-12-21 14:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 23:17 - 2016-12-21 14:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 23:17 - 2016-12-21 14:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 23:17 - 2016-12-21 14:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 23:17 - 2016-12-21 14:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 23:17 - 2016-12-21 14:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 23:17 - 2016-12-21 14:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 23:17 - 2016-12-21 14:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 23:17 - 2016-12-21 14:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 23:17 - 2016-12-21 14:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 23:17 - 2016-12-21 14:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 23:17 - 2016-12-21 14:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 23:17 - 2016-12-21 14:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 23:17 - 2016-12-21 13:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 23:17 - 2016-12-21 13:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 23:17 - 2016-12-21 13:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 23:17 - 2016-12-21 13:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 23:17 - 2016-12-21 13:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 23:17 - 2016-12-21 13:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 23:17 - 2016-12-21 12:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 23:17 - 2016-12-21 12:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 23:17 - 2016-12-21 12:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 23:17 - 2016-12-21 12:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 23:17 - 2016-12-21 12:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 23:17 - 2016-12-21 12:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 23:17 - 2016-12-21 12:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 23:17 - 2016-12-21 12:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 23:17 - 2016-12-21 12:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 23:17 - 2016-12-21 12:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 23:17 - 2016-12-21 12:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 23:17 - 2016-12-21 12:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 23:17 - 2016-12-21 12:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 23:17 - 2016-12-21 12:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 23:17 - 2016-12-21 12:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-11 23:17 - 2016-12-21 12:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-11 23:17 - 2016-12-21 12:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-11 23:17 - 2016-12-21 12:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-11 23:17 - 2016-12-14 13:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 23:17 - 2016-12-14 13:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 23:17 - 2016-12-14 13:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 23:17 - 2016-12-14 13:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 23:17 - 2016-12-14 13:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 23:17 - 2016-12-14 13:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 23:17 - 2016-12-14 13:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 23:17 - 2016-12-14 13:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 23:17 - 2016-12-14 13:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 23:17 - 2016-12-14 13:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 23:17 - 2016-12-14 13:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-11 23:17 - 2016-12-14 13:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 23:17 - 2016-12-14 13:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 23:17 - 2016-12-14 12:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 23:17 - 2016-12-14 12:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 23:17 - 2016-12-14 12:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-11 23:17 - 2016-12-14 12:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 23:17 - 2016-12-14 12:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 23:17 - 2016-12-14 12:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 23:17 - 2016-12-14 12:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 23:17 - 2016-12-14 12:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-11 23:17 - 2016-12-14 12:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 23:17 - 2016-12-14 12:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 23:17 - 2016-12-14 12:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-11 23:17 - 2016-12-14 12:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-11 23:17 - 2016-12-14 12:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-11 23:17 - 2016-12-14 12:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 23:17 - 2016-12-14 12:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-11 23:17 - 2016-12-14 12:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-11 23:17 - 2016-12-14 12:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-11 23:17 - 2016-12-14 12:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-11 23:17 - 2016-12-14 12:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-11 23:17 - 2016-12-14 12:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-11 23:17 - 2016-12-14 12:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-11 23:17 - 2016-12-14 12:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-11 23:17 - 2016-12-14 12:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-11 23:17 - 2016-12-14 12:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-11 23:17 - 2016-12-14 12:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-11 23:17 - 2016-12-14 12:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-11 23:17 - 2016-12-14 12:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-11 23:17 - 2016-11-02 20:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-11 23:17 - 2016-11-02 19:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-11 23:17 - 2016-11-02 18:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 23:17 - 2016-11-02 18:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-11 23:17 - 2016-11-02 18:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-11 23:17 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 07:04 - 2016-12-06 11:29 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-30 07:03 - 2016-03-19 06:43 - 01117824 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-30 06:58 - 2016-12-06 11:22 - 00002352 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-30 06:57 - 2016-12-07 02:59 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-30 06:57 - 2016-12-06 11:20 - 00000000 ___RD C:\Users\Arnold Arkar Moore\OneDrive
2017-01-30 06:57 - 2016-12-06 11:18 - 00000000 __SHD C:\Users\Arnold Arkar Moore\IntelGraphicsProfiles
2017-01-30 06:56 - 2016-12-07 02:59 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 06:56 - 2016-12-06 16:42 - 00524288 _____ C:\Windows\system32\config\BBI
2017-01-30 06:16 - 2016-12-09 00:26 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\CrashDumps
2017-01-30 05:32 - 2016-12-10 23:45 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-01-30 05:32 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\INF
2017-01-30 05:30 - 2016-12-06 11:18 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\Adobe
2017-01-30 05:15 - 2016-04-29 02:01 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-01-30 05:15 - 2016-03-19 06:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-30 05:14 - 2016-12-06 11:20 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\clear.fi
2017-01-30 05:12 - 2016-03-19 06:37 - 00000000 ____D C:\ProgramData\OEM
2017-01-30 05:11 - 2016-12-06 11:15 - 00000000 ____D C:\Users\Arnold Arkar Moore
2017-01-30 05:11 - 2016-03-19 06:41 - 00000000 ____D C:\ProgramData\McAfee
2017-01-30 05:11 - 2016-03-19 06:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-30 05:10 - 2016-12-09 00:21 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent
2017-01-30 04:50 - 2016-12-06 16:45 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-30 04:50 - 2016-12-06 16:42 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-01-30 04:49 - 2016-12-28 00:36 - 00000000 ____D C:\Users\Arnold
2017-01-30 04:45 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\AppReadiness
2017-01-30 04:45 - 2016-12-06 11:18 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\Packages
2017-01-30 04:43 - 2016-12-06 12:19 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\IIIQF
2017-01-30 04:41 - 2016-12-06 16:51 - 00000000 ___DC C:\Windows\Panther
2017-01-30 04:38 - 2016-12-06 11:33 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-01-30 04:38 - 2016-12-06 11:33 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-30 04:38 - 2016-04-29 01:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-30 04:15 - 2016-12-07 02:59 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-30 03:55 - 2016-12-10 21:50 - 00004194 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{39ECE4DE-371E-47FB-BDED-A316ADD044DF}
2017-01-30 03:55 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-28 21:06 - 2016-12-06 23:38 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Roaming\vlc
2017-01-28 19:40 - 2016-12-06 16:45 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-26 23:17 - 2016-12-09 00:22 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-01-26 23:16 - 2016-12-07 02:59 - 00372904 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-25 15:42 - 2016-12-06 16:42 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 14:29 - 2016-12-21 02:42 - 00003316 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 14:29 - 2016-12-06 11:20 - 00002410 _____ C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-22 14:35 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\system32\NDF
2017-01-22 03:39 - 2016-12-06 16:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-22 03:14 - 2016-04-29 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-01-22 03:13 - 2016-04-29 01:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-19 00:29 - 2016-12-06 11:34 - 00000000 ____D C:\Users\Arnold Arkar Moore\Documents\My Games
2017-01-17 03:36 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\rescache
2017-01-17 02:28 - 2016-12-09 00:22 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\CyberGhost
2017-01-16 12:30 - 2016-12-06 11:18 - 00000000 ____D C:\Users\Arnold Arkar Moore\AppData\Local\VirtualStore
2017-01-15 14:00 - 2016-02-13 21:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-15 05:05 - 2016-12-06 16:45 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-15 05:05 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-15 05:05 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\system32\oobe
2017-01-15 05:05 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-15 05:05 - 2016-12-06 16:45 - 00000000 ____D C:\Windows\Provisioning
2017-01-15 00:52 - 2016-12-06 12:32 - 00000000 ____D C:\Windows\system32\MRT
2017-01-15 00:50 - 2016-12-06 12:31 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2016-12-07 03:00 - 2016-12-07 03:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-30 05:30 - 2017-01-30 05:17 - 1620992 ____N () C:\ProgramData\trz47C4.tmp

Some files in TEMP:
====================
2017-01-30 05:13 - 2017-01-30 05:15 - 1850710 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\Temp\cpa.exe
2017-01-30 05:21 - 2017-01-30 05:21 - 0016384 _____ (LordeX) C:\Users\Arnold Arkar Moore\AppData\Local\Temp\cubecc.exe
2017-01-30 05:24 - 2017-01-30 05:24 - 0075264 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\Temp\DriverBoosterSetup.exe
2017-01-30 05:24 - 2017-01-30 05:24 - 17628560 _____ (IObit ) C:\Users\Arnold Arkar Moore\AppData\Local\Temp\F4CA.tmp.exe
2017-01-30 05:22 - 2017-01-30 05:23 - 0131016 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\Temp\load.exe
2017-01-30 05:23 - 2017-01-30 05:24 - 2982690 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\Temp\sys32.exe
2017-01-30 05:15 - 2017-01-30 05:15 - 0028713 _____ (UNDERSUN) C:\Users\Arnold Arkar Moore\AppData\Local\Temp\vibesound.exe
2017-01-30 05:15 - 2017-01-30 05:15 - 0020480 _____ (WoaleD) C:\Users\Arnold Arkar Moore\AppData\Local\Temp\wait.exe
2017-01-30 05:24 - 2017-01-30 05:25 - 9706752 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\Temp\wajam_install.exe
2017-01-30 05:21 - 2017-01-30 05:21 - 4277304 _____ (B-Software Corporation) C:\Users\Arnold Arkar Moore\AppData\Local\Temp\windows.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-26 12:40

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Arnold Arkar Moore (30-01-2017 07:16:51)
Running from C:\Users\Arnold Arkar Moore\Downloads
Windows 10 Home Version 1607 (X64) (2016-12-06 03:15:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3928280705-1540576542-3704355275-500 - Administrator - Disabled)
Arnold Arkar Moore (S-1-5-21-3928280705-1540576542-3704355275-1001 - Administrator - Enabled) => C:\Users\Arnold Arkar Moore
DefaultAccount (S-1-5-21-3928280705-1540576542-3704355275-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3928280705-1540576542-3704355275-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3928280705-1540576542-3704355275-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3003 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Ad-Aware Antivirus (HKLM\...\{AD9CEBD6-442D-4979-9D1D-E1050F2E272D}_AdAwareUpdater) (Version: 11.15.1046.10613 - Lavasoft)
AdAwareInstaller (Version: 11.15.1046.10613 - Lavasoft) Hidden
AdAwareProxyEngine (Version: 1.0.0.8 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.15.1046.10613 - Lavasoft) Hidden
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.5.0.320 - Lavasoft) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Avast SecureLine (source) (HKLM-x32\...\{AC7BF410-AC96-489F-93F0-706067A4575A}) (Version: 1.16.1130 - Acer)
AvcEngine (Version: 3.12.15976.0 - Lavasoft) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.126.2.56387 - AVG Technologies)
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.1.3006 - AVG Technologies)
AVG Zen (Version: 1.126.7 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
FirewallEngine (Version: 2.0.0.20 - Lavasoft) Hidden
FMW 1 (Version: 1.152.5 - AVG Technologies) Hidden
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.97 - WildTangent) Hidden
Magicka 2 (HKLM\...\Steam App 238370) (Version: - Pieces Interactive)
Magicka 2: Spell Balance Beta (HKLM\...\Steam App 397080) (Version: - )
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.206 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.03 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
OnlineThreatsEngine (Version: 3.0.1.23 - Lavasoft) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10198 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Telegram Desktop version 0.10.20 (HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.20 - Telegram Messenger LLP)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version: - CD PROJEKT RED)
Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.16 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037210A1-E61D-4DED-A910-0F23EF839A9E} - \Software Update Application -> No File <==== ATTENTION
Task: {0E0D8E35-6C83-4B96-B660-2D15F5466E92} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-23] (Microleaves LTD) <==== ATTENTION
Task: {0FD8B769-2F54-4EE1-AE63-0F8E10384185} - \ACCAgent -> No File <==== ATTENTION
Task: {11E8F57E-E066-4704-9E27-CAAF4C8F98EB} - \Intel PTT EK Recertification -> No File <==== ATTENTION
Task: {1B1F00CA-C579-4415-8654-6945B0F30A6E} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {459181CB-05AB-406F-B4FD-1153F2D8585C} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {46E36C17-075B-4AF1-9FF7-E9472D24C380} - \Quick Access -> No File <==== ATTENTION
Task: {53C8E822-34B3-4758-BB33-32763740825B} - \UbtFrameworkService -> No File <==== ATTENTION
Task: {55805BB4-175B-4B39-B3FA-A5319A9BF478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {571FC3F7-4C6F-463F-B9F5-DD1ABAA3F312} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-01-27] (Microleaves) <==== ATTENTION
Task: {6009683E-ABB3-4294-81AA-0F7567FA50D7} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {6B14AF0D-730E-48AE-A5F8-7E0DCA4846B3} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\F85A~1\X86\Update.exe <==== ATTENTION
Task: {6FBF279C-92D9-4EA6-A75B-354AFB35BFBC} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {76B6B23E-A7E3-43EA-8F11-37366DE0CBE4} - \ACC -> No File <==== ATTENTION
Task: {78C81FA4-1ECF-4512-BDD5-72F21756D083} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-23] (Microleaves LTD) <==== ATTENTION
Task: {7C2E2976-FA8E-4A48-87EC-276B140D87F0} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-23] (Microleaves LTD) <==== ATTENTION
Task: {97801E65-28E9-4163-ADD2-A2043D71E540} - \Power Button -> No File <==== ATTENTION
Task: {A0277B7C-208B-4169-8E67-26B378053F98} - \FUBTrackingByPLD -> No File <==== ATTENTION
Task: {A296BD45-F90A-420E-9204-2D510F1E893B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {AD0F2296-E830-41AF-9FFF-C43B95E5E72F} - System32\Tasks\Arelient Server => C:\Program Files (x86)\Atufetyatjok\shigugh.exe [2017-01-30] (Glarysoft Ltd)
Task: {B58C6FDA-2AF7-471A-BC7C-0EFFAA979FF9} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {B7A9B833-DF6B-4087-A371-1B0FBEBEE803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-06] (Google Inc.)
Task: {BAAD8A0D-921A-4DF9-8308-B6974A388A34} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {CA767C51-DDED-426F-9BE7-3A663D1CF42D} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D2A749FA-83F5-4B3E-9E07-A732FE0050F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-06] (Google Inc.)
Task: {D62D19AB-CE05-4C70-A6E8-BC34BF177EEB} - \Microsoft\Office\Microsoft Office Touchless Attach Notification -> No File <==== ATTENTION
Task: {D8155F01-585E-49B4-8650-6F5BA5F2EBC1} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {E0F7ECAE-F265-4292-9014-934421B4E310} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
Task: {F77566F1-E2E8-4E95-9CA3-AC01E46C2349} - \ACCBackgroundApplication -> No File <==== ATTENTION
Task: {FDE49D9F-A7F4-4D8E-B35B-074E69EEFED7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-01-30] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-21 03:07 - 2016-12-09 18:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-07 03:00 - 2016-08-01 20:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-05 12:26 - 2016-03-05 12:26 - 05570728 _____ () C:\Windows\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2017-01-30 05:15 - 2017-01-30 05:15 - 00289792 ____H () C:\Program Files (x86)\Arelient Server\local64spl.dll
2016-12-15 13:02 - 2016-12-15 13:02 - 00630976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe
2016-12-15 13:06 - 2016-12-15 13:06 - 00122104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_thread-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00030968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_system-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00067832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_date_time-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00145144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_filesystem-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00733432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_log-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00525048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_locale-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_chrono-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 11504888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareServiceKernel.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 03713272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\RCF.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 01001208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_regex-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01061624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareActivation.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00634616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareApplicationUpdater.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00843000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareGamingMode.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00120568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareReset.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00142584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTime.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01025272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDefinitionsUpdater.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00904440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDefinitionsUpdaterScheduler.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01468664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareIgnoreList.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00252664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareQuarantine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01644280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiMalwareEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00223992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiRootkitEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01192184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScannerHistory.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01370360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScanner.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_timer-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01030904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScannerScheduler.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01212152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareRealTimeProtection.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 02879736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareIncompatibles.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01524472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiSpam.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01456376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiPhishing.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 03462904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareParentalControl.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01599224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareWebProtection.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01339640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareEmailProtection.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00073464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_iostreams-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01645816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareNetworkProtection.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01042680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwarePromo.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00475384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareFeedback.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 03165944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareThreatWorkAlliance.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01325304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwarePinCode.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01044216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareNotice.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01597688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAvcEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01496312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareRealTimeProtectionHistory.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01380088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareStatistics.dll
2017-01-30 06:43 - 2017-01-30 06:43 - 01008448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpbr.mdl
2017-01-30 06:43 - 2017-01-30 06:43 - 00541952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpdsp.mdl
2017-01-30 06:43 - 2017-01-30 06:43 - 03202816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpph.mdl
2017-01-30 06:43 - 2017-01-30 06:43 - 01542976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttprbl.mdl
2016-04-29 02:07 - 2016-02-17 14:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-29 02:07 - 2016-02-17 14:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-29 02:07 - 2016-02-17 14:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-08-26 17:08 - 2016-08-26 17:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-12-21 03:07 - 2016-12-09 18:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-11-01 03:45 - 2016-11-01 03:45 - 00592384 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\ShellExtX64.dll
2017-01-22 03:18 - 2017-01-22 03:18 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 04144888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareShellExtension.dll
2016-03-09 10:45 - 2016-03-02 18:02 - 00384120 _____ () C:\Windows\system32\igfxTray.exe
2016-10-04 23:59 - 2016-10-04 23:59 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 23:17 - 2016-12-21 15:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 23:17 - 2016-12-21 14:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 23:17 - 2016-12-21 14:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 23:17 - 2016-12-21 14:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 23:17 - 2016-12-21 14:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 23:17 - 2016-12-21 14:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 14:32 - 2017-01-23 14:33 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 14:32 - 2017-01-23 14:33 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 14:32 - 2017-01-23 14:33 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-21 04:45 - 2016-12-21 04:46 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 19338488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDesktop.exe
2016-12-15 13:06 - 2016-12-15 13:06 - 00492280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_program_options-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 02479864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\HtmlFramework.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 07603960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDesktopDefaultSkin.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 09533688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe
2016-12-15 13:05 - 2016-12-15 13:05 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTrayDefaultSkin.dll
2016-12-17 04:03 - 2016-12-17 04:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-04-29 02:37 - 2015-05-14 15:10 - 00030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2016-01-21 02:50 - 2016-01-21 02:50 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-01-30 06:58 - 2017-01-25 15:29 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\libglesv2.dll
2017-01-30 06:58 - 2017-01-25 15:29 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\libegl.dll
2017-01-12 05:18 - 2017-01-12 05:19 - 31167576 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2016-04-29 02:07 - 2016-02-17 15:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-30 05:27 - 2017-01-30 05:27 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-09-09 07:51 - 2016-09-09 07:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 07:51 - 2016-09-09 07:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-12-06 11:31 - 2016-12-24 02:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-06 11:31 - 2016-09-01 09:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-06 11:31 - 2017-01-19 09:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-06 11:31 - 2016-09-01 09:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-06 11:31 - 2016-09-01 09:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-06 11:31 - 2016-01-27 15:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-06 11:31 - 2016-01-27 15:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-06 11:31 - 2016-01-27 15:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-06 11:31 - 2016-01-27 15:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-06 11:31 - 2016-01-27 15:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-06 11:31 - 2017-01-19 09:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-06 11:31 - 2016-07-05 06:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 02:42 - 2017-01-05 11:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-06 11:31 - 2017-01-19 09:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-01-30 05:24 - 2017-01-24 01:28 - 01162752 ___SH () C:\Users\Arnold Arkar Moore\AppData\Roaming\com\MSVFW32.dll
2016-04-13 16:38 - 2016-04-13 16:38 - 00482304 _____ () C:\Users\Arnold Arkar Moore\AppData\Local\MEGAsync\libsodium.dll
2017-01-30 05:28 - 2017-01-30 05:28 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-01-30 05:28 - 2017-01-30 05:28 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-01-30 05:28 - 2017-01-30 05:28 - 00656040 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-02-12 08:47 - 2016-02-12 08:47 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-15 15:03 - 2016-08-15 15:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 15:05 - 2016-08-15 15:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 15:05 - 2016-08-15 15:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 15:04 - 2016-08-15 15:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-12-06 11:25 - 2016-12-06 11:25 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 12:09 - 2016-08-30 12:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 12:05 - 2016-08-30 12:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-12-21 03:07 - 2016-12-09 18:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\sharepoint.com -> hxxps://monashuni-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 15:24 - 2017-01-30 05:21 - 00000918 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arnold Arkar Moore\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{e125a19b-6a5a-4ce0-bb39-98781bdc6f34}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0487385E-CF00-4CAB-8495-B7CAFDCF211B}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A65D9DF1-F265-4E91-95B0-02670F4AB6E0}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E99BFE08-6001-4ED3-89ED-0729A0F9FB7D}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{1BDC8B52-7BC9-4EBC-AAE2-BEBFBAB6A0C4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3923782A-5BA0-4BDE-AFA0-029901A82154}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6F22EC5D-38BE-4217-B7BF-04CC57D6BC78}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{460FEF80-356F-4210-9117-BF3C2F7A0C68}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{393C6A91-38D7-4843-9128-D34F3DF5BD87}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{079D66E8-9F73-457F-AF03-5F2E622530EE}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93D228B5-82DA-4F81-82E5-F18143A83252}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5F325F40-0A2E-47F2-A31A-6A42214684F6}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8737B757-CCFD-4FF8-82E2-233663CDF3EE}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8A50C824-49C5-49A9-950B-B2CD413C2737}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{4FFAB9AA-2525-4F56-B5DD-F2C12FD7B60E}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6FE37109-CFB4-46F9-BEFD-800402AB732A}] => C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{4ED21D90-BAE9-4B18-9BCA-76B9FBDCB80A}] => C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{6F494455-66F0-4C97-ABD7-9669A330D435}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA6A75CE-C886-434D-BB57-EE8CF86B3108}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{775AFED3-0B0F-498B-86A0-43DB2A016E25}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{871DE805-CA3A-43C8-B50D-01540DB01536}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B4827F9-6B22-4406-9653-0EC2FCEE5AE6}] => C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{647EEDC4-A509-415A-87E4-0C9182CBD726}] => C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{93682068-EB19-4441-A001-E8E955AADC53}] => C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{463908A9-01D8-407C-9AFB-30D2EAE9978B}] => C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D2DFD15E-534C-49A7-A7D7-55ACB8CFA0C4}] => C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D26146BB-D6A3-4D64-8674-3133E036EFBF}] => C:\Users\Arnold Arkar Moore\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8E373C04-AB61-4445-A89C-C5E4FD3599BE}] => D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0A9D0836-66C4-4E57-9C90-57FC2C24934A}] => D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2A0F6307-B806-4695-B6A2-2D7A1CCE0F12}] => D:\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{ACDD4A51-4B1E-4CBC-9EE5-2B70BBAB6532}] => D:\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{699CF71D-4C1E-4855-B769-7649AA92E571}] => D:\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{97558141-C374-4B7E-B225-B96D71DCB9C7}] => D:\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{7AD3ED5E-0947-474F-AC50-FA33315D626A}] => D:\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{09D1075B-E834-47A9-BF5B-A850E92F43DF}] => D:\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{5FE8E1CD-31B9-4525-A3A7-BB685DBD5B81}] => D:\SteamLibrary\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{3E7701C9-EDEA-4D98-9769-D0C6A93B3FF6}] => D:\SteamLibrary\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{1CDB5090-23B6-42AA-8FC6-FB745D543B1F}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F0009AE-E2F7-4CD6-B8D8-80EB56EECB7C}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3B5BEFC6-A7EE-4479-9754-887D0D451AC4}] => %systemroot%\system32\alg.exe
FirewallRules: [{F11C6916-6C8C-4592-807D-389204F25FF4}] => %systemroot%\system32\alg.exe
FirewallRules: [{AD2CDAE7-DF42-4747-BBF4-9606C7940001}] => %systemroot%\system32\alg.exe
FirewallRules: [{0020AC2E-7FDF-4784-BE25-F8C8FB7599B8}] => %systemroot%\system32\alg.exe
FirewallRules: [{7E2A4CAE-8FDA-49BA-B6B5-EBC60195FE66}] => %systemroot%\system32\alg.exe
FirewallRules: [{31D6AE6C-7771-4698-A979-899BFF45E7B0}] => %systemroot%\system32\alg.exe
FirewallRules: [{6140654F-5BCA-4675-BB19-E6498E4080FC}] => %systemroot%\system32\alg.exe
FirewallRules: [{ED7357DF-3DBE-4B57-B6CA-3379854EE78D}] => %systemroot%\system32\alg.exe
FirewallRules: [{35F79355-AC9E-4F09-AB64-8D3E0A84A1B7}] => %systemroot%\system32\alg.exe
FirewallRules: [{340A2559-6C19-4452-8A35-93DA2FAA9587}] => %systemroot%\system32\alg.exe
FirewallRules: [{132C181F-5DA9-4115-9FAB-D25460CC8A9A}] => %systemroot%\system32\alg.exe
FirewallRules: [{01FCEF1A-DE45-4016-8C97-45B9686BDB69}] => %systemroot%\system32\alg.exe
FirewallRules: [{92D038E1-4D0B-474F-A0D1-33268955E6D5}] => %systemroot%\system32\alg.exe
FirewallRules: [{DC0BA45E-E6A5-4C57-9E16-6731C00A7204}] => %systemroot%\system32\alg.exe
FirewallRules: [{1A9D3C3E-F53A-45CB-84A6-B00C01C5C483}] => %systemroot%\system32\alg.exe
FirewallRules: [{96AAB228-379D-4A54-83CF-E914B352F942}] => %systemroot%\system32\alg.exe
FirewallRules: [{2FE55988-341C-495C-943D-E0BA4F0E0A6C}] => %systemroot%\system32\alg.exe
FirewallRules: [{3D15678A-9193-4CC8-8A73-E4163BD7E900}] => %systemroot%\system32\alg.exe
FirewallRules: [{ED8EC3B6-F9E5-4C92-A8F2-EFD4C1E04500}] => %systemroot%\system32\alg.exe
FirewallRules: [{12575BE1-D28F-4576-8809-327AAD09E2D1}] => %systemroot%\system32\alg.exe
FirewallRules: [{753C7775-504A-460A-95D1-740DFF23BD6D}] => %systemroot%\system32\alg.exe
FirewallRules: [{488CAF79-A9C7-445F-8EF5-1622B8EF536A}] => %systemroot%\system32\alg.exe
FirewallRules: [{DCC230CF-D2C2-4475-AFF8-2571BCC1A519}] => %systemroot%\system32\alg.exe
FirewallRules: [{53D572C3-7F59-4C8B-94C4-01D8111FB262}] => %systemroot%\system32\alg.exe
FirewallRules: [{642C70D3-A909-4117-A4E0-F0C82F841EFE}] => %systemroot%\system32\alg.exe
FirewallRules: [{E5DF729C-180D-47A0-A3BC-619058A4D800}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{88ADFD67-72D1-407C-AC5E-4C4DE8F19899}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9F30A1C2-E83E-48A2-96C7-8F079A5DA9CF}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2F5AA731-ECA5-4B8A-9C03-C263D7608569}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5A443047-9101-4B6E-8930-DDB37FE92196}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CB7801F8-0351-4AD1-88D6-93372A958945}] => D:\SteamLibrary\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{380FC6FA-F75C-4AB1-B4A5-DE6BC5DFDDEA}] => D:\SteamLibrary\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{F0C4ECE0-EA9B-4931-B18E-4C29786F389B}] => D:\SteamLibrary\steamapps\common\Magicka 2 beta\engine\Magicka2.exe
FirewallRules: [{E8279134-11CE-4C96-8CD3-BE312B96E7CD}] => D:\SteamLibrary\steamapps\common\Magicka 2 beta\engine\Magicka2.exe
FirewallRules: [{2424A05A-D3CB-430E-BE6D-13CFA614B98A}] => D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{8760E4A2-64BB-45B9-A60A-3D7174147327}] => D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{965C2CB9-67C2-4727-96E8-0AB4DD9AB6EE}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{A2913FC4-0198-4DFE-8A5D-100881C15E76}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{4DDC6689-82B4-4931-9B30-F9D34231DDC3}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-01-2017 00:40:32 Windows Update
22-01-2017 04:14:39 Scheduled Checkpoint
25-01-2017 15:42:22 Windows Update
30-01-2017 04:38:21 Removed Hi-Rez Studios Games

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2017 07:10:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-5BUDBD32)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/30/2017 07:09:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-5BUDBD32)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/30/2017 07:07:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-5BUDBD32)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/30/2017 07:04:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/30/2017 07:03:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (5180) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Arnold Arkar Moore\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (01/30/2017 07:03:06 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (5180) WebCacheLocal: An attempt to open the file "C:\Users\Arnold Arkar Moore\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2017 07:02:56 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (5180) WebCacheLocal: An attempt to open the file "C:\Users\Arnold Arkar Moore\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2017 06:51:45 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/30/2017 06:16:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Video.UI.exe, version: 10.16112.1022.0, time stamp: 0x584a03ed
Faulting module name: twinapi.appcore.dll, version: 10.0.14393.206, time stamp: 0x57daca78
Exception code: 0xc000027b
Fault offset: 0x000000000006d1c4
Faulting process id: 0x339c
Faulting application start time: 0x01d27a7d45a0caf8
Faulting application path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 4ae7f5c4-2e1e-41bd-96bd-2a2930be95d0
Faulting package full name: Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.ZuneVideo

Error: (01/30/2017 06:10:13 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/30/2017 07:10:42 AM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-5BUDBD32)
Description: Unable to start a DCOM Server: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Error: (01/30/2017 07:10:41 AM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-5BUDBD32)
Description: Unable to start a DCOM Server: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (01/30/2017 07:10:41 AM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-5BUDBD32)
Description: Unable to start a DCOM Server: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Error: (01/30/2017 06:57:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2017 06:57:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2017 06:57:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2017 06:56:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UCBrowserSvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/30/2017 06:56:38 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5BUDBD32)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (01/30/2017 06:56:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2017 06:55:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-01-30 05:39:34.747
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:38:56.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:32:31.171
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:25:17.514
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\d605eab97ca15d765824b797f02f3a3b.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:25:14.713
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\d605eab97ca15d765824b797f02f3a3b.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:18:06.114
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:16:44.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\d605eab97ca15d765824b797f02f3a3b.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-30 05:16:41.027
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\d605eab97ca15d765824b797f02f3a3b.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-07 03:01:44.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-07 03:01:44.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 8065.9 MB
Available physical RAM: 2759.77 MB
Total Virtual: 16257.9 MB
Available Virtual: 12209.06 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:237.87 GB) (Free:189.99 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:563.75 GB) NTFS
Drive g: () (Removable) (Total:14.83 GB) (Free:14.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2935CE98)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 2935CE8E)

Partition: GPT.

========================================================
Disk: 2 (Size: 14.8 GB) (Disk ID: 7E7AB52F)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)

==================== End of Addition.txt ============================
 

Attachments

Last edited by a moderator:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,413
553
Welcome to PCHF :)
  • Please uninstall the programs below with Geek Uninstaller while I look over your logs.
  • If something will not uninstall then use Force mode.
  • For the hidden item, use D-Uninstaller.
  • If you can not find something in the list or it will not remove, then skip it. We will take care of it later.

Ad-Aware Antivirus (HKLM\...\{AD9CEBD6-442D-4979-9D1D-E1050F2E272D}_AdAwareUpdater) (Version: 11.15.1046.10613 - Lavasoft)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Avast SecureLine (source) (HKLM-x32\...\{AC7BF410-AC96-489F-93F0-706067A4575A}) (Version: 1.16.1130 - Acer)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Intel® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== ATTENTION
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
Hey, thank you for the welcome and prompt reply :)
I have downloaded both geek uninstaller and d-uninstaller, and removed to the best of my abilities all of them except Intel® Security Assist(removal was imcomplete and force mode did not work) and Traffic Exchange(unable to find to remove in both uninstaller programs. This is my most up to date logs after removal.
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,413
553
It is important that you do these steps in the order listed!

Also, please copy and paste all logs rather than attaching them.

Step 1: FRST Fix.


Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Step 2: Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Click the Cog/Sproket Wheel,
    upload_2017-1-29_21-3-19.png
    at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to Copy Paste saved report in your next message.
  • This will open a logfile, post that in your next reply
Step 3: File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste UCBrowser into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.
===========================================================
Repeat the same step for the files below. -- One at a time --

Code:
C:\Windows\pss
F85A~1
浏览器
d605eab97ca15d765824b797f02f3a3b.sys
KuaiZip
tu04zzgg
quarantine
Atufetyatjok

Step 4: Reset Chrome

  • Download ResetBrowser To your desktop.
  • Now close all open browsers.
  • Right click and run as administrator.
  • Click on Reset Chrome. -- Allow completion.
Step 5:Upload File(s) to VirusTotal

  • Please go to VirusTotal.
  • Click the Choose File button.
  • Navigate to >>>>>>>> C:\Windows\System32\AdminService.exe
  • or simply copy and paste it.

  • upload_2017-1-29_20-58-22.png
    upload_2017-1-29_20-58-22.png

  • Click the Scan it! button.
  • You might see a message saying File already analysed, if you do click Reanalyse.
  • Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
    Example of web address :
  • Include the link in your next reply.
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,413
553
On a side note. You are Running FRST from C:\Users\Arnold Arkar Moore\Downloads
The program is designed to work from the Desktop.
Make sure and have FRST & the Fixlist on the deskop, prior to pressing fix.




Also, are you playing all of the WildTangent games installed on your machine? Or were all of them pre installed and you would like to remove them?



Please download SystemLook (64bit) below and save it to your Desktop.


SystemLook (32-bit)
SystemLook (64-bit)
  • Right -click SystemLook.exe Run as administrator to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:

    Code:
    :regfind
    d605eab97ca15d765824b797f02f3a3b
    浏览器
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Last edited:
  • Like
Reactions: gus

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
Hey! Sorry for the delay, I am terribly grateful for your help, I have completed steps 1 to 3
The log file for the FIX is below this,

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Arnold Arkar Moore (31-01-2017 15:24:59) Run:1
Running from C:\Users\Arnold Arkar Moore\Desktop
Loaded Profiles: Arnold Arkar Moore (Available Profiles: defaultuser0 & Arnold Arkar Moore)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
Task: {037210A1-E61D-4DED-A910-0F23EF839A9E} - \Software Update Application -> No File <==== ATTENTION
Task: {0E0D8E35-6C83-4B96-B660-2D15F5466E92} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-23] (Microleaves LTD) <==== ATTENTION
C:\Program Files (x86)\Microleaves
Task: {0FD8B769-2F54-4EE1-AE63-0F8E10384185} - \ACCAgent -> No File <==== ATTENTION
Task: {11E8F57E-E066-4704-9E27-CAAF4C8F98EB} - \Intel PTT EK Recertification -> No File <==== ATTENTION
Task: {1B1F00CA-C579-4415-8654-6945B0F30A6E} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {459181CB-05AB-406F-B4FD-1153F2D8585C} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {46E36C17-075B-4AF1-9FF7-E9472D24C380} - \Quick Access -> No File <==== ATTENTION
Task: {53C8E822-34B3-4758-BB33-32763740825B} - \UbtFrameworkService -> No File <==== ATTENTION
Task: {571FC3F7-4C6F-463F-B9F5-DD1ABAA3F312} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-01-27] (Microleaves) <==== ATTENTION
Task: {6B14AF0D-730E-48AE-A5F8-7E0DCA4846B3} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\F85A~1\X86\Update.exe <==== ATTENTION
Task: {6FBF279C-92D9-4EA6-A75B-354AFB35BFBC} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {76B6B23E-A7E3-43EA-8F11-37366DE0CBE4} - \ACC -> No File <==== ATTENTION
Task: {78C81FA4-1ECF-4512-BDD5-72F21756D083} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-23] (Microleaves LTD) <==== ATTENTION
Task: {7C2E2976-FA8E-4A48-87EC-276B140D87F0} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-23] (Microleaves LTD) <==== ATTENTION
Task: {97801E65-28E9-4163-ADD2-A2043D71E540} - \Power Button -> No File <==== ATTENTION
Task: {A0277B7C-208B-4169-8E67-26B378053F98} - \FUBTrackingByPLD -> No File <==== ATTENTION
C:\Users\Arnold Arkar Moore\AppData\Roaming\UCBrowser
C:\Users\Arnold Arkar Moore\AppData\Roaming\Ad-Aware Antivirus
C:\Users\Arnold Arkar Moore\AppData\Roaming\Microleaves
C:\Users\Arnold Arkar Moore\AppData\Roaming\F85A~1
C:\Users\Arnold Arkar Moore\AppData\Roaming\FubTracking
C:\Users\Arnold Arkar Moore\AppData\Roaming\Arelient Server
C:\ProgramData\UCBrowser
C:\ProgramData\Ad-Aware Antivirus
C:\ProgramData\Microleaves
C:\ProgramData\F85A~1
C:\ProgramData\Arelient Server
C:\ProgramData\BitDefender
C:\ProgramData\Lavasoft
C:\ProgramData\IObit
C:\Program Files\Lavasoft
C:\Program Files\Common Files\Lavasoft
C:\autoexec.bat
C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
C:\ProgramData\trz47C4.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
C:\Windows\System32\Tasks\UCBrowserSecureUpdater
C:\Windows\Tasks\UCBrowserUpdater.job
C:\Windows\System32\Tasks\UCBrowserUpdater
C:\Windows\Tasks\UCBrowserUpdaterCore.job
C:\Windows\System32\Tasks\UCBrowserUpdater
C:\Windows\System32\Tasks\UCBrowserUpdaterCore
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
C:\Users\Arnold Arkar Moore\AppData\Local\UCBrowser
C:\Windows\System32\Tasks\Traffic Exchange Guardian
C:\Windows\System32\Tasks\Traffic Exchange Guard
C:\Windows\System32\Tasks\Traffic Exchange
C:\Windows\System32\Tasks\Traffic Exchange Updater
C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
C:\Users\Default\AppData\Local\AdvinstAnalytics
C:\Program Files (x86)\Atufetyatjok
C:\ProgramData\ProductData
C:\Users\Arnold Arkar Moore\AppData\LocalLow\IObit
C:\Windows\System32\Tasks\KuaiZip_Update
C:\PROGRA~1\F85A~1\X86\Update.exe
C:\Program Files (x86)\UCBrowser
C:\Program Files (x86)\Microleaves
C:\Windows\Tasks\Traffic Exchange Updater.job
C:\Windows\Tasks\Traffic Exchange v2 - 1.job
C:\Windows\Tasks\Traffic Exchange v2 - 2.job
C:\Windows\Tasks\Traffic Exchange v2 - 3.job
C:\Windows\Tasks\UCBrowserUpdater.job
C:\Windows\Tasks\UCBrowserUpdaterCore.job
C:\Program Files\Lavasoft\Ad-Aware Antivirus
C:\OEM\Preload\FubTracking\FubTracking.exe
C:\Program Files\CCleaner\branding.dll
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a62b5f24-8ed2-4c66-8bd6-a3b60f9d3ebe}: [DhcpNameServer] 192.168.0.1
Task: {A296BD45-F90A-420E-9204-2D510F1E893B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {AD0F2296-E830-41AF-9FFF-C43B95E5E72F} - System32\Tasks\Arelient Server => C:\Program Files (x86)\Atufetyatjok\shigugh.exe [2017-01-30] (Glarysoft Ltd)
Task: {B58C6FDA-2AF7-471A-BC7C-0EFFAA979FF9} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {B7A9B833-DF6B-4087-A371-1B0FBEBEE803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-06] (Google Inc.)
Task: {BAAD8A0D-921A-4DF9-8308-B6974A388A34} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {D2A749FA-83F5-4B3E-9E07-A732FE0050F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-06] (Google Inc.)
Task: {D62D19AB-CE05-4C70-A6E8-BC34BF177EEB} - \Microsoft\Office\Microsoft Office Touchless Attach Notification -> No File <==== ATTENTION
Task: {D8155F01-585E-49B4-8650-6F5BA5F2EBC1} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {E0F7ECAE-F265-4292-9014-934421B4E310} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
Task: {F77566F1-E2E8-4E95-9CA3-AC01E46C2349} - \ACCBackgroundApplication -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com
Hosts:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe [9533688 2016-12-15] ()
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-22] (Piriform Ltd)
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\...\Run: [comrepl] => C:\Users\Arnold Arkar Moore\AppData\Roaming\com\comrepl.exe [7293280 2013-02-19] (TeamViewer GmbH)
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\Providers\tu04zzgg: C:\Program Files (x86)\Arelient Server\local64spl.dll [289792 2017-01-30] ()
C:\Program Files (x86)\Arelient Server
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sen/
SearchScopes: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001 -> DefaultScope {57BA3A3F-4355-4A4F-AD21-63E16775A3AB} URL =
SearchScopes: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001 -> {0016C0E3-95C7-4D61-AA93-6FA121C1C237} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-15] (WildTangent)
File: AdminService.exe
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-02-06] (Intel Corporation) [File not signed]
C:\Program Files (x86)\Intel\Intel(R) Security Assist
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe [630976 2016-12-15] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-02] (acer)
C:\Program Files\Acer\User Experience Improvement Program
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-11-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-11-23] (BitDefender)
cmd: sc stop dmwappushservice
cmd: sc delete dmwappushservice
cmd:sc delete DiagTrack
cmd:sc delete tu04zzgg
S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
C:\Windows\System32\DRIVERS\avckf.sys
C:\Windows\System32\DRIVERS\avc3.sys
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine\1.0.0.8\bdfwfpf.sys [127312 2016-06-16] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [161592 2016-04-28] (BitDefender LLC)
R0 ignis; C:\Windows\System32\drivers\ignis.sys [300840 2016-08-15] (Bitdefender)
C:\Windows\System32\drivers\ignis.sys
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
C:\Windows\System32\DRIVERS\Trufos.sys
sc config GamesAppIntegrationService start= disabled
C:\OneDriveTemp
C:\Users\Arnold Arkar Moore\AppData\LocalLow\IObit
C:\Windows\IObit
C:\Users\Arnold Arkar Moore\AppData\Local\AdvinstAnalytics
C:\ProgramData\AdvinstAnalytics
C:\ProgramData\Atufetyatjok
C:\ProgramData\Fuzophmiqoward
C:\Windows\System32\Tasks\Arelient Server
C:\Users\Arnold Arkar Moore\AppData\Local\Fuzophmiqoward
C:\ProgramData\AVAST Software
C:\ProgramData\Avira
C:\Program Files (x86)\Arelient Server
C:\Users\Arnold Arkar Moore\Downloads\Adobe Premiere Pro CC 2017 v11.0.1 + Crack [SadeemPC]
C:\Users\Arnold Arkar Moore\Downloads\Adobe Premiere Pro CC 2015 v9.0 + Crack
C:\Users\Arnold Arkar Moore\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
C:\Users\Arnold Arkar Moore\Downloads\Avast Pro Antivirus - Internet Security - Premier 2016 11.2.272
C:\Users\Arnold Arkar Moore\AppData\LocalLow\BitTorrent
C:\Windows\d1f691217f3107f5919a03606ee8b0de.exe
C:\ProgramData\d1f691217f3107f5919a03606ee8b0de.exe
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Program Files (x86)\McAfee
2016-12-07 03:00 - 2016-12-07 03:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-30 05:30 - 2017-01-30 05:17 - 1620992 ____N () C:\ProgramData\trz47C4.tmp
C:\Users\Arnold Arkar Moore\AppData\Roaming\com
C:\Users\Arnold Arkar Moore\AppData\Local\IIIQF
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
reboot:
end



*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} => not found
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} => not found
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{037210A1-E61D-4DED-A910-0F23EF839A9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{037210A1-E61D-4DED-A910-0F23EF839A9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Update Application => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E0D8E35-6C83-4B96-B660-2D15F5466E92} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange v2 - 1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key not found.
C:\Program Files (x86)\Microleaves => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FD8B769-2F54-4EE1-AE63-0F8E10384185} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11E8F57E-E066-4704-9E27-CAAF4C8F98EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E8F57E-E066-4704-9E27-CAAF4C8F98EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel PTT EK Recertification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B1F00CA-C579-4415-8654-6945B0F30A6E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B1F00CA-C579-4415-8654-6945B0F30A6E} => key removed successfully
C:\Windows\System32\Tasks\AcerCMUpdateTask2.1.16258 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCMUpdateTask2.1.16258 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{459181CB-05AB-406F-B4FD-1153F2D8585C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{459181CB-05AB-406F-B4FD-1153F2D8585C} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange Guard => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guard => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46E36C17-075B-4AF1-9FF7-E9472D24C380} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46E36C17-075B-4AF1-9FF7-E9472D24C380} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53C8E822-34B3-4758-BB33-32763740825B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C8E822-34B3-4758-BB33-32763740825B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{571FC3F7-4C6F-463F-B9F5-DD1ABAA3F312} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B14AF0D-730E-48AE-A5F8-7E0DCA4846B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B14AF0D-730E-48AE-A5F8-7E0DCA4846B3} => key not found.
C:\Windows\System32\Tasks\KuaiZip_Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KuaiZip_Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FBF279C-92D9-4EA6-A75B-354AFB35BFBC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FBF279C-92D9-4EA6-A75B-354AFB35BFBC} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B6B23E-A7E3-43EA-8F11-37366DE0CBE4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78C81FA4-1ECF-4512-BDD5-72F21756D083} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange v2 - 3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C2E2976-FA8E-4A48-87EC-276B140D87F0} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange v2 - 2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97801E65-28E9-4163-ADD2-A2043D71E540} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97801E65-28E9-4163-ADD2-A2043D71E540} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0277B7C-208B-4169-8E67-26B378053F98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0277B7C-208B-4169-8E67-26B378053F98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FUBTrackingByPLD => key removed successfully
"C:\Users\Arnold Arkar Moore\AppData\Roaming\UCBrowser" => not found.
"C:\Users\Arnold Arkar Moore\AppData\Roaming\Ad-Aware Antivirus" => not found.
"C:\Users\Arnold Arkar Moore\AppData\Roaming\Microleaves" => not found.
"C:\Users\Arnold Arkar Moore\AppData\Roaming\F85A~1" => not found.
"C:\Users\Arnold Arkar Moore\AppData\Roaming\FubTracking" => not found.
"C:\Users\Arnold Arkar Moore\AppData\Roaming\Arelient Server" => not found.
"C:\ProgramData\UCBrowser" => not found.
"C:\ProgramData\Ad-Aware Antivirus" => not found.
C:\ProgramData\Microleaves => moved successfully
"C:\ProgramData\F85A~1" => not found.
"C:\ProgramData\Arelient Server" => not found.
"C:\ProgramData\BitDefender" => not found.
"C:\ProgramData\Lavasoft" => not found.
C:\ProgramData\IObit => moved successfully
"C:\Program Files\Lavasoft" => not found.
"C:\Program Files\Common Files\Lavasoft" => not found.
C:\autoexec.bat => moved successfully
C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 => moved successfully
"C:\ProgramData\trz47C4.tmp" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器" => not found.
C:\Windows\System32\Tasks\UCBrowserSecureUpdater => moved successfully
C:\Windows\Tasks\UCBrowserUpdater.job => moved successfully
"C:\Windows\System32\Tasks\UCBrowserUpdater" => not found.
C:\Windows\Tasks\UCBrowserUpdaterCore.job => moved successfully
"C:\Windows\System32\Tasks\UCBrowserUpdater" => not found.
C:\Windows\System32\Tasks\UCBrowserUpdaterCore => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk => moved successfully
C:\Users\Arnold Arkar Moore\AppData\Local\UCBrowser => moved successfully
"C:\Windows\System32\Tasks\Traffic Exchange Guardian" => not found.
"C:\Windows\System32\Tasks\Traffic Exchange Guard" => not found.
"C:\Windows\System32\Tasks\Traffic Exchange" => not found.
"C:\Windows\System32\Tasks\Traffic Exchange Updater" => not found.
"C:\Windows\System32\Tasks\Traffic Exchange v2 - 3" => not found.
"C:\Windows\System32\Tasks\Traffic Exchange v2 - 2" => not found.
"C:\Windows\System32\Tasks\Traffic Exchange v2 - 1" => not found.
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
C:\Program Files (x86)\Atufetyatjok => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\Users\Arnold Arkar Moore\AppData\LocalLow\IObit => moved successfully
"C:\Windows\System32\Tasks\KuaiZip_Update" => not found.
"C:\PROGRA~1\F85A~1\X86\Update.exe" => not found.
"C:\Program Files (x86)\UCBrowser" => not found.
"C:\Program Files (x86)\Microleaves" => not found.
"C:\Windows\Tasks\Traffic Exchange Updater.job" => not found.
"C:\Windows\Tasks\Traffic Exchange v2 - 1.job" => not found.
"C:\Windows\Tasks\Traffic Exchange v2 - 2.job" => not found.
"C:\Windows\Tasks\Traffic Exchange v2 - 3.job" => not found.
"C:\Windows\Tasks\UCBrowserUpdater.job" => not found.
"C:\Windows\Tasks\UCBrowserUpdaterCore.job" => not found.
"C:\Program Files\Lavasoft\Ad-Aware Antivirus" => not found.
C:\OEM\Preload\FubTracking\FubTracking.exe => moved successfully
C:\Program Files\CCleaner\branding.dll => moved successfully
C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\Windows\system32\drivers => ":x64" ADS removed successfully.
C:\Windows\system32\drivers => ":x86" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a62b5f24-8ed2-4c66-8bd6-a3b60f9d3ebe}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A296BD45-F90A-420E-9204-2D510F1E893B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A296BD45-F90A-420E-9204-2D510F1E893B} => key removed successfully
C:\Windows\System32\Tasks\BacKGroundAgent => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BacKGroundAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD0F2296-E830-41AF-9FFF-C43B95E5E72F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0F2296-E830-41AF-9FFF-C43B95E5E72F} => key removed successfully
C:\Windows\System32\Tasks\Arelient Server => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Arelient Server => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B58C6FDA-2AF7-471A-BC7C-0EFFAA979FF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B58C6FDA-2AF7-471A-BC7C-0EFFAA979FF9} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange Guardian => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guardian => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7A9B833-DF6B-4087-A371-1B0FBEBEE803} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7A9B833-DF6B-4087-A371-1B0FBEBEE803} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAAD8A0D-921A-4DF9-8308-B6974A388A34} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAD8A0D-921A-4DF9-8308-B6974A388A34} => key not found.
C:\Windows\System32\Tasks\Traffic Exchange => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2A749FA-83F5-4B3E-9E07-A732FE0050F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2A749FA-83F5-4B3E-9E07-A732FE0050F6} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D62D19AB-CE05-4C70-A6E8-BC34BF177EEB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62D19AB-CE05-4C70-A6E8-BC34BF177EEB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Microsoft Office Touchless Attach Notification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8155F01-585E-49B4-8650-6F5BA5F2EBC1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8155F01-585E-49B4-8650-6F5BA5F2EBC1} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserUpdaterCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E0F7ECAE-F265-4292-9014-934421B4E310} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F7ECAE-F265-4292-9014-934421B4E310} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserSecureUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F77566F1-E2E8-4E95-9CA3-AC01E46C2349} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication => key not found.
C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk => Shortcut argument removed successfully.
127.0.0.1 clients2.google.com => Error: No automatic fix found for this entry.
127.0.0.1 v1.ff.avast.com => Error: No automatic fix found for this entry.
127.0.0.1 vlcproxy.ff.avast.com => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => value not found.
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\Microsoft\Windows\CurrentVersion\Run\\comrepl => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\tu04zzgg => key not found.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order tu04zzgg => removed successfully
"C:\Program Files (x86)\Arelient Server" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSynced => key removed successfully
HKCR\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSyncing => key removed successfully
HKCR\CLSID\{C1E1456F-C2D8-4C96-870D-35F1E13941EE} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudToBeSynced => key removed successfully
HKCR\CLSID\{307523FA-DDC0-4068-983F-2A6B34627744} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0016C0E3-95C7-4D61-AA93-6FA121C1C237} => key removed successfully
HKCR\CLSID\{0016C0E3-95C7-4D61-AA93-6FA121C1C237} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => key removed successfully
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => moved successfully
HKLM\System\CurrentControlSet\Services\GamesAppIntegrationService => key removed successfully
GamesAppIntegrationService => service removed successfully

========================= File: AdminService.exe ========================

"AdminService.exe" => not found.
====== End of File: ======

isaHelperSvc => service not found.
"C:\Program Files (x86)\Intel\Intel(R) Security Assist" => not found.
LavasoftAdAwareService11 => service not found.
HKLM\System\CurrentControlSet\Services\UEIPSvc => key removed successfully
UEIPSvc => service removed successfully
C:\Program Files\Acer\User Experience Improvement Program => moved successfully
UCBrowserSvc => service not found.
avc3 => service not found.
avckf => service not found.

========= sc stop dmwappushservice =========

[SC] ControlService FAILED 1062:

The service has not been started.


========= End of CMD: =========


========= sc delete dmwappushservice =========

[SC] DeleteService SUCCESS

========= End of CMD: =========


========= sc delete DiagTrack =========

[SC] DeleteService SUCCESS

========= End of CMD: =========


========= sc delete tu04zzgg =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========

HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
ucdrv => service removed successfully
"C:\Windows\System32\DRIVERS\avckf.sys" => not found.
"C:\Windows\System32\DRIVERS\avc3.sys" => not found.
bdfwfpf => service not found.
gzflt => service not found.
ignis => service not found.
"C:\Windows\System32\drivers\ignis.sys" => not found.
Trufos => service not found.
C:\Windows\System32\DRIVERS\Trufos.sys => moved successfully
sc config GamesAppIntegrationService start= disabled => Error: No automatic fix found for this entry.
C:\OneDriveTemp => moved successfully
"C:\Users\Arnold Arkar Moore\AppData\LocalLow\IObit" => not found.
C:\Windows\IObit => moved successfully
C:\Users\Arnold Arkar Moore\AppData\Local\AdvinstAnalytics => moved successfully
"C:\ProgramData\AdvinstAnalytics" => not found.
"C:\ProgramData\Atufetyatjok" => not found.
"C:\ProgramData\Fuzophmiqoward" => not found.
"C:\Windows\System32\Tasks\Arelient Server" => not found.
C:\Users\Arnold Arkar Moore\AppData\Local\Fuzophmiqoward => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\ProgramData\Avira => moved successfully
"C:\Program Files (x86)\Arelient Server" => not found.
C:\Users\Arnold Arkar Moore\Downloads\Adobe Premiere Pro CC 2017 v11.0.1 + Crack [SadeemPC] => moved successfully
C:\Users\Arnold Arkar Moore\Downloads\Adobe Premiere Pro CC 2015 v9.0 + Crack => moved successfully
C:\Users\Arnold Arkar Moore\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack => moved successfully
C:\Users\Arnold Arkar Moore\Downloads\Avast Pro Antivirus - Internet Security - Premier 2016 11.2.272 => moved successfully
C:\Users\Arnold Arkar Moore\AppData\LocalLow\BitTorrent => moved successfully
C:\Windows\d1f691217f3107f5919a03606ee8b0de.exe => moved successfully
"C:\ProgramData\d1f691217f3107f5919a03606ee8b0de.exe" => not found.
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully

"C:\Program Files (x86)\McAfee" folder move:

Could not move "C:\Program Files (x86)\McAfee" => Scheduled to move on reboot.

C:\ProgramData\DP45977C.lfl => moved successfully
"C:\ProgramData\trz47C4.tmp" => not found.
C:\Users\Arnold Arkar Moore\AppData\Roaming\com => moved successfully
C:\Users\Arnold Arkar Moore\AppData\Local\IIIQF => moved successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14879148 B
Java, Flash, Steam htmlcache => 142464441 B
Windows/system/drivers => 903203462 B
Edge => 1409 B
Chrome => 5062704 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1406 B
systemprofile32 => 0 B
LocalService => 8202 B
NetworkService => 0 B
defaultuser0 => 258 B
Arnold Arkar Moore => 150611663 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-01-2017 15:26:49)

C:\Program Files (x86)\McAfee => Is moved successfully

==== End of Fixlog 15:26:49 ====
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
This is step 2:

Zemana AntiMalware 2.70.2.591 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/1/31
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
BIOS Mode : UEFI
CUID : 123CCA0F824B37F28EBA5F
Scan Type : System Scan
Duration : 1m 36s
Scanned Objects : 72579
Detected Objects : 6
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

COMODO RSA Certification Authority
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47\Blob = 4B0000000100000044000000350030003800300044004300370041003600350044004200360041003500390036003000450043004400380037003400300038003800460033003300320038005F0000005C000000010000000400000000080000140000000100000014000000299160FF8A4DFAEBF9A66AB8CFF9E64BBD49CE120F00000001000000300000004805A7E23D6C8FF5E149F197B744BCB2346E73F19A48835A2F64129183981109256B75EA371A331746D01FD4E135AB6E030000000100000014000000B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47190000000100000010000000B54FC222B2F6CB8E7643EB21269C3636040000000100000010000000AA374CC00BED2E1EA691EF415B808FE118000000010000001000000082218FFB91733E64136BE5719F57C3A12000000001000000E4050000308205E0308203C8A00302010202102E7C87CC0E934A52FE94FD1CB7CD34AF300D06092A864886F70D01010C0500308185310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312B302906035504031322434F4D4F444F205253412043657274696669636174696F6E20417574686F72697479301E170D3133303530393030303030305A170D3238303530383233353935395A307D310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564312330210603550403131A434F4D4F444F2052534120436F6465205369676E696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100A69890637791347F8AD1DDE9673111EBCC1EFD311DB3B962573F93BC5BE39F1E243211276BBC5191A7CF9E9E25B35F81A8180F1D1E20300EFB617B8609B3E3FDA2689D1C2C9DBF72E3E475A0E535238EC98AEE1A0C64C7D842A17BB552034B3AB08E234B4B63E02294377BD579900A1418512CE6FEC112F01C3F61610A8CA2DCF6C330AACD28187548C1795A08CDBB8C558CF7D476903A33465073985CF4854A6B0F80DD5ED6BDFDA92FC025F5F978D78D5F10C244553C903C3146CB70AE07A90AE3AFC1016F901A23E25F38DBC6085D47B38341F02E003714B912AA799252CD870F7BD86229A47E30BD1BB58C72B448F2E3E821F95E4C62798B02069F7FD50B0203010001A38201513082014D301F0603551D23041830168014BBAF7E023DFAA6F13C848EADEE3898ECD93232D4301D0603551D0E04160414299160FF8A4DFAEBF9A66AB8CFF9E64BBD49CE12300E0603551D0F0101FF04040302018630120603551D130101FF040830060101FF02010030130603551D25040C300A06082B0601050507030330110603551D20040A300830060604551D2000304C0603551D1F044530433041A03FA03D863B687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F434F4D4F444F52534143657274696669636174696F6E417574686F726974792E63726C307106082B0601050507010104653063303B06082B06010505073002862F687474703A2F2F6372742E636F6D6F646F63612E636F6D2F434F4D4F444F525341416464547275737443412E637274302406082B060105050730018618687474703A2F2F6F6373702E636F6D6F646F63612E636F6D300D06092A864886F70D01010C05000382020100023F0239C3EEF8CA3B89DE0C6D4DB1F14E924FAFC2382C04CCC56311AB0963AFABA2D7023FCC6F19C33DD61A0894FF25D8A988A72B101AE09BB107221A511C3AD4E1E909BFE62474AF1E7B16316E23EF54512D5202E27508054CF1B751E15100C687F66CEE104476576AF1DF586B21AA49D47C374EBDFFB67554401836576711CD4F02E4FEF3DAFC7517DBECB7F7650923491F435783EA7E207761C84DF2BB654DA8F7854507AF7A6927659029408BDF7B3A51398CA81F7079AD6D4220A2CF0C6C038C4CCD730794E75A8E3A04BAA2A17C1FCB633A15A7D4151BA7524732A9F4BF6447D1AA1F534E323073C26FB778829D5CFF46BB6B221D880BF81BAA34A6FC8CF5DD7F658C8C315731D036EC47A1CFCB8BA8EF1C1858C50677CA4B9B51AF4C084A7A8FE2A352E28E8ECC26E4B2D8E538C2A8EDC6819C356BA958614A0A97B44B42B6559DBE99E7706D59F86D2A0C7F19605F0C9A886C30AC520990161BFF2B9DDBD020CA89EA287E328E19DF7B48331ED765F8AEC9F8831493767D64D08ECEBE357DFF72314D9F9EBD1E6C2FA88F0C0650FB8C27B376C9F4E6D7C334E28C87218661FEBF5574E12177030A686CBBE4C9A9E6CF5925EB7CEC450E796668E822CDB8EF98854D96113C098AD07FBC282813FB6ACA548D925CCDC殺௤掏ņꨠō횀௤ðAVG Web/Mail Shield Root
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B1B0E6ECADEF3EDE58DAF19DB6CCAB1B29866C1F\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B1B0E6ECADEF3EDE58DAF19DB6CCAB1B29866C1F\Blob = 5C000000010000000400000000080000190000000100000010000000970795B433B172CB31C9D141FEBB9D240F000000010000002000000051A5FB258AA66C67514D11FB1E9C7101853D1F9A98F90E595EA27B7C5F1A60E5030000000100000014000000B1B0E6ECADEF3EDE58DAF19DB6CCAB1B29866C1F1400000001000000140000007B0FCC545E5257D8C41D84800066FC31085059EB0400000001000000100000000D9B1AC0804F95F51740CBA3E7BD7B272000000001000000F9030000308203F5308202DDA00302010202105038F6DD58A47749ABDC2148A1825D08300D06092A864886F70D01010B0500307B31383036060355040B0C2F67656E6572617465642062792041564720416E7469766972757320666F722053534C2F544C53207363616E6E696E67311C301A060355040A0C13415647205765622F4D61696C20536869656C643121301F06035504030C18415647205765622F4D61696C20536869656C6420526F6F74301E170D3130303130313132303030305A170D3430303130313132303030305A307B31383036060355040B0C2F67656E6572617465642062792041564720416E7469766972757320666F722053534C2F544C53207363616E6E696E67311C301A060355040A0C13415647205765622F4D61696C20536869656C643121301F06035504030C18415647205765622F4D61696C20536869656C6420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100BFFE282C6E806B79A171FC36C5A06A779478FD449525C3BEE645C2497586A276D8094FFD1B961A9255DD947F0A93A4429B062E94EA79FA50273461BD042B17CD272DF86534D07A3993A272876E5FDBBB1A33CBE5CDCDF4F2F61555A5F055958DB59CEAADF8104AF25F20171C059DCE57C3F8D0456D2120FEF20BCD27176BBD2188DE16AA9DA7C71593DA642F1FDDB186DC35DE48EC0D784725D833D37313F94F003D5CB9F78A01F141949B69D699F5A93EA66874BDFACE72405909F34B0DC7363920CFE76A240802A527E39758D0EC30E1AD2F70ABA9160829C1515EC350AF8A8B48FC068D819D159A5BF4723BBFCE2671AAC1738A28DBBDE9734E3E4EFEB6710203010001A3753073300F0603551D13040830060101FF020100300B0603551D0F04040302020430130603551D25040C300A06082B06010505070301301D0603551D0E041604147B0FCC545E5257D8C41D84800066FC31085059EB301F0603551D230418301680147B0FCC545E5257D8C41D84800066FC31085059EB300D06092A864886F70D01010B0500038201010099AACB358423777D4D8C87C37048D1F9DE578F65C5C12563943EF49A36E109F0609E9A0295DF7DF9725781551D36E3C481D2AF5D0093134AC75C847B3FDCD8F9629AF5F60AE1D8096BC959DB1FB447FD6F0B41AF8E92ADF5B535678FAC09F920BF81A643834570287D0E8496CEB80F9F824348933CC754747FEF71835D38C5841F599A555CE14372135EB3F195344CB22C890333EEEEC7F416D086461C859C6B9E91147380FA96A32B99D2DCCF87066BADC70BBC68F1BB322D6D0E686DC7FC3C46DD86D2D7287F864E294D19C3B588B82FC7F4020154A9F6A287B8DA0AEF00090605270159F4974E16A967EBBF0D4D4B399967BE4B642B8D94CC586C2FE385A3

VeriSign Class 3 Public Primary Certification Authority - G5
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 4B0000000100000044000000370044003200360036004400390045003100450036003900460041003100450045004600420039003600390039004200300030003900420033003400430038005F0000005C0000000100000004000000000800000400000001000000100000004DF6E0FC400CAE9C052FAE98C66D379F0F00000001000000140000004843A82ED3B1F2BFBEE9671960E1940C942F688D030000000100000014000000495847A93187CFB8C71F840CB7B41497AD95C64F140000000100000014000000CF99A9EA7B26F44BC98E8FD7F00526EFE3D2A79D1900000001000000100000003C31C095E651FA664CBFB198E9C0C008180000000100000010000000D8B5FB368468620275D142FFD2AADE3720000000010000000E0600003082060A308204F2A00302010202105200E5AA2556FC1A86ED96C9D44B33C7300D06092A864886F70D01010505003081CA310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313A3038060355040B1331286329203230303620566572695369676E2C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79314530430603550403133C566572695369676E20436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F72697479202D204735301E170D3130303230383030303030305A170D3230303230373233353935395A3081B4310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F727061202863293130312E302C06035504031325566572695369676E20436C617373203320436F6465205369676E696E67203230313020434130820122300D06092A864886F70D01010105000382010F003082010A0282010100F5234B5EA5D78ABB32E9D457F7EFE4C7267EAD1998FEA89D7D94F6366B10D77581307F04687FCB2B751ECD1D088CDF6994A737A39C7B80E099E1EE374D5FCE3B14EE86D4D0F52735BC250B38A78C639D17A308A5ABB0FBCD6A62824CD521DA1BD9F1E3843B8A2A4F855B90014FC9A776107F27037CBEAE7E7DC1DDF905BC1B489C69E7C0A43C3C41003EDF96E5C5E49471D65501C700264A403CB5A126A90CA76D808E90257BCFBF3F1CEB2F96FAE58777C6B556B27A3B5430531BDF6234FF1ED1F45A932885E54C174E7E5BFDA493997FDFCDEFA475EFEF15F647E7F81972D82E341AA6B4A74C7EBDBB4F0C3D57F130D6A6368ED68076D7192EA5CD7E342D890203010001A38201FE308201FA30120603551D130101FF040830060101FF02010030700603551D20046930673065060B6086480186F845010717033056302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F637073302A06082B06010505070202301E1A1C68747470733A2F2F7777772E766572697369676E2E636F6D2F727061300E0603551D0F0101FF040403020106306D06082B0601050507010C0461305FA15DA05B3059305730551609696D6167652F6769663021301F300706052B0E03021A04148FE5D31A86AC8D8E6BC3CF806AD448182C7B192E30251623687474703A2F2F6C6F676F2E766572697369676E2E636F6D2F76736C6F676F2E67696630340603551D1F042D302B3029A027A0258623687474703A2F2F63726C2E766572697369676E2E636F6D2F706361332D67352E63726C303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D301D0603551D250416301406082B0601050507030206082B0601050507030330280603551D110421301FA41D301B3119301706035504031310566572695369676E4D504B492D322D38301D0603551D0E04160414CF99A9EA7B26F44BC98E8FD7F00526EFE3D2A79D301F0603551D230418301680147FD365A7C2DDECBBF03009F34339FA02AF333133300D06092A864886F70D010105050003820101005622E634A4C461CB48B901AD56A8640FD98C91C4BBCC0CE5AD7AA0227FDF47384A2D6CD17F711A7CEC70A9B1F04FE40F0C53FA155EFE749849248581261C911447B04C638CBBA134D4C645E80D85267303D0A98C646DDC7192E645056015595139FC58146BFED4A4ED796B080C4172E737220609BE23E93F449A1EE9619DCCB1905CFC3DD28DAC423D6536D4B43D40288F9B10CF2326CC4B20CB901F5D8C4C34CA3CD8E537D66FA520BD34EB26D9AE0DE7C59AF7A1B42191336F86E858BB2殺௤掏ņꨠō횀௤ðChrome Startup Url
Status : Scanned
Object : http://kisscartoon.me/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url

Chrome Startup Url
Status : Scanned
Object : http://www.watchcartoononline.com/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url

Chrome Homepage
Status : Scanned
Object : http://home.sweetim.com/?st=4&barid={D691AAD4-0AC6-11E1-8877-206A8A3EB90A}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Homepage


Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
This is for step 3:

C:\FRST\Quarantine\C\Users\Arnold Arkar Moore\AppData\Local\UCBrowser
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\ucbrowser.browser
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\ucbrowser.browser
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_ca91f5e702314acf\ucbrowser.browser
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_123f2cbe16ad73d5\ucbrowser.browser
C:\Windows\prefetch\UCBROWSER.EXE-0BAB68C0.pf
C:\FRST\Quarantine\C\Windows\System32\Tasks\UCBrowserSecureUpdater.xBAD
C:\FRST\Quarantine\C\Windows\Tasks\UCBrowserUpdater.job.xBAD
C:\FRST\Quarantine\C\Windows\System32\Tasks\UCBrowserUpdater.xBAD
C:\FRST\Quarantine\C\Windows\Tasks\UCBrowserUpdaterCore.job.xBAD
C:\FRST\Quarantine\C\Windows\System32\Tasks\UCBrowserUpdaterCore.xBAD

C:\Windows\pss
C:\Windows\pss\boot.backup
C:\Windows\pss\boot.backup.LOG
C:\Windows\pss\boot.backup.LOG1
C:\Windows\pss\boot.backup.LOG2

C:\FRST\Quarantine\C\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
C:\FRST\Quarantine\C\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器\UC浏览器.lnk
C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk.xBAD

C:\FRST\Quarantine
C:\ProgramData\Avg\Antivirus\IDS\quarantine
C:\ProgramData\Malwarebytes\MBAMService\Quarantine
C:\ProgramData\Microsoft\Windows Defender\Quarantine
C:\Users\Arnold Arkar Moore\AppData\Local\Zemana\Zemana AntiMalware\quarantine

C:\FRST\Quarantine\C\Program Files (x86)\Atufetyatjok
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
I have used systemlook and searched, this is the log file,

SystemLook 04.09.10 by jpshortstuff
Log created at 16:02 on 31/01/2017 by Arnold Arkar Moore
Administrator - Elevation successful

========== regfind ==========

Searching for "d605eab97ca15d765824b797f02f3a3b"
No data found.

Searching for "浏览器 "
No data found.

-= EOF =-
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
the Wild Tangent games were pre-installed, I don't see a need to remove them though I do not use them. :)
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,413
553
Step 1: FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.



Hit Ok.



Hit next make sure to leave all items checked, for removal.



The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.
 

Attachments

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
Hi! :) this is for the FRST fix and the security check, I'm just posting this first becasue my computer will reboot.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Arnold Arkar Moore (01-02-2017 03:03:13) Run:2
Running from C:\Users\Arnold Arkar Moore\Desktop
Loaded Profiles: Arnold Arkar Moore (Available Profiles: defaultuser0 & Arnold Arkar Moore)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\ucbrowser.browser
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\ucbrowser.browser
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_ca91f5e702314acf\ucbrowser.browser
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_123f2cbe16ad73d5\ucbrowser.browser
C:\Windows\prefetch\UCBROWSER.EXE-0BAB68C0.pf

*****************

C:\Users\Arnold Arkar Moore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk => moved successfully
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\ucbrowser.browser => moved successfully
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\ucbrowser.browser => moved successfully
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_ca91f5e702314acf\ucbrowser.browser => moved successfully
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_123f2cbe16ad73d5\ucbrowser.browser => moved successfully
C:\Windows\prefetch\UCBROWSER.EXE-0BAB68C0.pf => moved successfully

==== End of Fixlog 03:03:14 ====


SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 02.02.2017 00:07:39
Path starting: C:\Users\Arnold Arkar Moore\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Arnold Arkar Moore
VersionXML: 3.87is-31.01.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 06.12.2016 03:15:28
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Windows is in Notification mode
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [237.9 Gb] Used: [55 Gb] Free: [182.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled

Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
AVG Antivirus (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
AVG Antivirus (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
AVG Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
McAfee WebAdvisor v.4.0.206
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
Zemana AntiMalware v.2.70.591
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 (x64) v.16.04
VLC media player v.2.2.4
--------------------------------- [ IM ] ----------------------------------
Telegram Desktop version 0.10.20 v.0.10.20 Warning! Download Update
^Optional update.^
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 45.0 (x86 en-US) v.45.0 Warning! Download Update
Google Chrome v.56.0.2924.76
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.56.0.2924.76
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\AVG\Antivirus\afwServ.exe v.17.1.3354.0
AVG Service (avgsvc) - The service is running
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe v.1.152.2.55487
AVG Service (avgsvc) - The service is running
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe v.17.1.3354.0
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe v.1.152.2.55487
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.912
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - The service has stopped
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
WildTangent Games v.1.0.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Update Installer for WildTangent Games App << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games App v.4.0.11.16 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
# AdwCleaner v6.043 - Logfile created 02/02/2017 at 00:17:20
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-31.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Arnold Arkar Moore - LAPTOP-5BUDBD32
# Running from : C:\Users\Arnold Arkar Moore\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\defaultuser0\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\Arnold Arkar Moore\AppData\Local\Host App Service
[-] Folder deleted: C:\Program Files\DriverSetupUtility
[-] Folder deleted: C:\ProgramData\DriverSetupUtility
[#] Folder deleted on reboot: C:\ProgramData\Application Data\DriverSetupUtility
[-] Folder deleted: C:\Users\Arnold Arkar Moore\AppData\Roaming\browsers
[#] Folder deleted on reboot: C:\Users\Arnold Arkar Moore\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\Default\AppData\Local\Host App Service


***** [ Files ] *****

[-] File deleted: C:\Users\defaultuser0\Desktop\App Explorer.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
[-] File deleted: C:\Users\Default\Desktop\App Explorer.lnk
[-] File deleted: C:\Windows\SysWoW64\kz.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Key deleted: HKU\.DEFAULT\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\dlr
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\PopWnd
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-3928280705-1540576542-3704355275-1001\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\dlr
[#] Key deleted on reboot: HKCU\Software\PopWnd
[#] Key deleted on reboot: HKCU\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\dlr
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[#] Key deleted on reboot: [x64] HKCU\Software\UpgSvr
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Value deleted: HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Value deleted: HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Value deleted: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Value deleted: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Value deleted: HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Value deleted: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Value deleted: HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Value deleted: HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Key deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe


***** [ Web browsers ] *****

[-] [C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://home.sweetim.com/?st=4&barid={D691AAD4-0AC6-11E1-8877-206A8A3EB90A}


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7066 Bytes] - [02/02/2017 00:17:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [6778 Bytes] - [02/02/2017 00:15:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7212 Bytes] ##########
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
[-] Deleted ->> Folder ->> C:\Users\Arnold Arkar Moore\AppData\Roaming\Profiles
[-] Repaired ->> File ->> C:\Users\Arnold Arkar Moore\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
so far everything seems good :), I was wondering which programs i should keep and which antivirus I should mainly use, I am mostly using AVG or Malwarebytes as of right now.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,413
553
I would personally stay away from AVG. If you choose to uninstall it then use Geek Uninstaller Force mode then reboot and run the uninstaller.

Here are two great free ones that I suggest.

Sophos Home.
Panda Free.

Keep Malwarebytes and Zemana, run scans with them once a week. :)

Glad to have helped!! Please tell a friend ...... or two about us.


Optimize your internet connection.

Click here for instructions.


suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.





Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 

shinxbug

PCHF Member
PCHF Member
Jan 29, 2017
13
3
24
I've only just checked up all the programs that you've linked me too, this is amazing, your service is really wonderful, and I am really indebted to you. I would try my best to spread word of your site as much as I can to any fellow friends that would need any help. Thank you so much once again. :)
 
Status
Not open for further replies.