Help please! CHrome infected with Melware?

jroper321 · 11-04-2015, 01:51 PM

Hey guys,

So I naively tried to download a game online (Command and conquer) and its installed a nasty melware in to my chrome.

Every 10 clicks or so, a spam-popup will open in chrome. I've literally tried everything I can possible think of to remove this.

- uninstalled chrome
- uninstalled programs
- ended processes (Which I know of)
- deleted history, cookies, cache
- installed anti-virus

Please can someone tell me how to remove/fix this?

**chemist** · 11-06-2015, 11:58 AM

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
Run AdwCleaner and select Scan

Once the Scan is done, select Cleaning

Once done it will ask to reboot, please allow the reboot.

On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt

Please copy/paste the contents of the log in your next reply.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to the disclaimer.

Make sure the Addition.txt button is ticked.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

------------------------------------------------------

jroper321 · 11-07-2015, 03:35 AM

Thank you for your help.

This is the adware log:

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 15:05:34
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 10 Home Single Language (x64)
# Username : JR - JOHN
# Running from : C:\Users\JR\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : globalUpdate
[-] Service Deleted : globalUpdatem
[-] Service Deleted : SSFK
[-] Service Deleted : WdsManPro
[-] Service Deleted : NETTCPHANDLER
[-] Service Deleted : vefevyni
[-] Service Deleted : xiqonocy
[-] Service Deleted : zoqisido

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Concom
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\ApplicationHosting
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\JR\AppData\Local\Babylon
[-] Folder Deleted : C:\Users\JR\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\JR\AppData\Local\BD58091F-1446476760-484A-9482-A0897B2FABBF
[-] Folder Deleted : C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
[-] Folder Deleted : C:\Users\JR\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\JR\AppData\Roaming\istartsurf
[-] Folder Deleted : C:\Users\JR\AppData\Roaming\mystartsearch
[-] Folder Deleted : C:\Users\JR\AppData\Roaming\RunDir
[-] Folder Deleted : C:\Users\JR\AppData\Roaming\NetService
[-] Folder Deleted : C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\LuckyBrowse

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysWOW64\findit.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : LuckyBrowse
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_ra_005010133]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fjbbjfdilbioabojmcplalojlmdngbjl

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12686 bytes] ##########
----------------------
FRST.TXT LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by JR (administrator) on JOHN (07-11-2015 15:28:13)
Running from C:\Users\JR\Downloads
Loaded Profiles: JR (Available Profiles: JR)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [606296 2014-10-03] (Waves Audio Ltd.)
HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2014-02-13] (STMicroelectronics)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-11-02] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\ProgramData\Medlight\LexiLatron.dll => C:\ProgramData\Medlight\LexiLatron.dll [518656 2015-11-02] ()
AppInit_DLLs-x32: C:\ProgramData\Medlight\Truehold.dll => C:\ProgramData\Medlight\Truehold.dll [320512 2015-11-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-02] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1298384585-687753615-1797274159-1001] => hxxp://get-access.me/wpad.dat?31390c9cc5b26ea92f5b1269e67ac766832480
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c999ec5-a45e-42aa-bf31-25d929bfa5b9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e071510lmo59-gfM0HfXNfoIVFN1vQlT78DlOdx81Q6ZhF9ISSMkiM8dwiAxznlA9wpGQyzwMO9ThPA-Q,,&q={searchTerms}
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e0715F__iKOcgtdnJTqbNjkMN90YSABo__whOwgJuq04LvbseS8A1uXdFXwHqYNfPQDjRvJ8-aDIQmNJQ,,
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e071510lmo59-gfM0HfXNfoIVFN1vQlT78DlOdx81Q6ZhF9ISSMkiM8dwiAxznlA9wpGQyzwMO9ThPA-Q,,&q={searchTerms}
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e071510lmo59-gfM0HfXNfoIVFN1vQlT78DlOdx81Q6ZhF9ISSMkiM8dwiAxznlA9wpGQyzwMO9ThPA-Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-02-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-02-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-02-14] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-02] [not signed]

Chrome:
=======
CHR Profile: C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-05]
CHR Extension: (agfjdflmdlnffhlfmjdpbcoccaeamikk) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk [2015-11-06]
CHR Extension: (Google Docs) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
CHR Extension: (Google Drive) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Google Search) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-05]
CHR Extension: (Avast Online Security) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-05]
CHR Extension: (Gmail) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-11-02] (AVAST Software)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [734912 2015-08-16] (@ByELDI) [File not signed]
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [64512 2014-10-01] (ASUS) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-09-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-11-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-11-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-11-02] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-27] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [97680 2015-08-24] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 kxspb; C:\Windows\System32\drivers\kxspb.sys [40976 2014-10-21] (Kionix, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-01] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [125104 2014-06-06] (STMicroelectronics)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 15:28 - 2015-11-07 15:29 - 00017210 _____ C:\Users\JR\Downloads\FRST.txt
2015-11-07 15:27 - 2015-11-07 15:28 - 00000000 ____D C:\FRST
2015-11-07 15:26 - 2015-11-07 15:26 - 02198528 _____ (Farbar) C:\Users\JR\Downloads\FRST64.exe
2015-11-07 15:07 - 2015-11-07 15:07 - 00016148 _____ C:\WINDOWS\system32\JOHN_JR_HistoryPrediction.bin
2015-11-07 15:04 - 2015-11-07 15:05 - 00000000 ____D C:\AdwCleaner
2015-11-06 22:33 - 2015-11-06 23:14 - 00000000 ____D C:\Users\JR\Desktop\SUP2
2015-11-05 01:32 - 2015-11-07 15:08 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-05 01:32 - 2015-11-07 14:37 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-05 01:32 - 2015-11-05 01:32 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-05 01:32 - 2015-11-05 01:32 - 00003726 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-05 01:32 - 2015-11-05 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-05 01:32 - 2015-11-05 01:32 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-05 01:26 - 2015-11-05 01:26 - 00000000 ____D C:\Users\JR\AppData\Roaming\WildTangent
2015-11-03 21:46 - 2015-11-03 21:46 - 00000000 ____D C:\Users\JR\Downloads\Website Literature
2015-11-02 21:57 - 2015-11-02 21:57 - 00000000 ____D C:\Users\JR\AppData\Roaming\AVAST Software
2015-11-02 21:56 - 2015-11-07 15:11 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-02 21:56 - 2015-11-07 15:11 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-02 21:56 - 2015-11-03 06:13 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-02 21:56 - 2015-11-02 21:56 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1446894684859
2015-11-02 21:56 - 2015-11-02 21:56 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1446894684859
2015-11-02 21:56 - 2015-11-02 21:56 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-02 21:56 - 2015-11-02 21:56 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-02 21:56 - 2015-11-02 21:56 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-02 21:55 - 2015-11-02 21:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-02 21:53 - 2015-11-02 21:53 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-02 21:11 - 2015-11-02 21:11 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-11-02 21:11 - 2015-11-02 21:11 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-11-02 21:11 - 2015-11-02 21:11 - 00003448 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-11-02 21:11 - 2015-11-02 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-11-02 21:11 - 2015-11-02 21:11 - 00000000 ____D C:\Program Files\KMSpico
2015-11-02 21:11 - 2010-12-06 06:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2015-11-02 20:44 - 2015-11-05 11:38 - 00002382 _____ C:\WINDOWS\setupact.log
2015-11-02 20:44 - 2015-11-02 20:44 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-02 20:31 - 2015-11-02 20:31 - 00000000 ____D C:\Users\JR\Documents\Outlook Files
2015-11-02 16:42 - 2015-11-02 22:09 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-11-02 15:39 - 2015-11-02 15:39 - 00003240 _____ C:\WINDOWS\System32\Tasks\{50482FF7-8DBE-4496-AE69-79E91014A701}
2015-11-02 15:38 - 2015-11-02 15:38 - 00000000 ____D C:\ProgramData\kingsoft
2015-11-02 15:37 - 2015-11-02 15:38 - 00000000 ____D C:\ProgramData\yWMiniProy
2015-11-02 15:37 - 2015-11-02 15:37 - 00000370 _____ C:\WINDOWS\SysWOW64\data.bin
2015-11-02 15:28 - 2015-11-07 15:10 - 00003540 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-11-02 15:08 - 2015-11-03 00:17 - 00000000 ____D C:\ProgramData\Medlight
2015-11-02 15:08 - 2015-11-02 15:08 - 00003346 _____ C:\WINDOWS\System32\Tasks\psv_Bamstathome
2015-11-02 15:08 - 2015-11-02 15:08 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_KinFinlax
2015-11-02 15:08 - 2015-11-02 15:08 - 00003326 _____ C:\WINDOWS\System32\Tasks\psv_Airlab
2015-11-02 15:08 - 2015-11-02 15:08 - 00000000 ____D C:\Users\JR\AppData\Roaming\Mozilla
2015-11-02 15:08 - 2015-11-02 15:08 - 00000000 ____D C:\ProgramData\Medlights
2015-11-02 15:05 - 2015-11-02 15:39 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-02 15:05 - 2015-11-02 15:37 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-02 15:05 - 2015-11-02 15:08 - 00000000 ____D C:\Users\JR\AppData\Roaming\Opera Software
2015-11-02 15:05 - 2015-11-02 15:08 - 00000000 ____D C:\Users\JR\AppData\Local\Opera Software
2015-11-02 15:05 - 2015-11-02 15:06 - 00000000 ____D C:\ProgramData\6WMiniPro6
2015-11-02 15:05 - 2015-10-12 09:17 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-11-01 11:05 - 2015-11-01 11:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-01 11:03 - 2012-09-28 02:11 - 00407552 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpcpn140.dll
2015-11-01 11:03 - 2012-09-28 02:05 - 00408576 _____ C:\WINDOWS\SysWOW64\hpcc3140.DLL
2015-11-01 11:03 - 2012-08-30 19:52 - 00512512 _____ (HP) C:\WINDOWS\SysWOW64\hpcdmc32.DLL
2015-10-31 17:38 - 2015-10-31 17:38 - 00021557 _____ C:\Users\JR\Desktop\TAA Pipeline.xlsx
2015-10-31 16:50 - 2015-11-07 14:33 - 00013356 _____ C:\Users\JR\Desktop\Accounts.xlsx
2015-10-31 08:29 - 2015-10-28 03:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-31 08:29 - 2015-10-28 03:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-31 08:29 - 2015-10-21 16:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-31 08:29 - 2015-10-21 16:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-31 08:29 - 2015-10-21 16:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-31 08:29 - 2015-10-21 16:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-31 08:29 - 2015-10-21 15:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-31 08:29 - 2015-10-21 09:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-31 08:29 - 2015-10-21 09:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-31 08:29 - 2015-10-21 09:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-31 08:29 - 2015-10-21 09:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-31 08:28 - 2015-10-21 16:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-31 08:28 - 2015-10-21 16:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-31 08:28 - 2015-10-21 15:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-31 08:28 - 2015-10-21 15:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-31 08:28 - 2015-10-21 15:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-31 08:28 - 2015-10-21 15:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-31 08:28 - 2015-10-21 15:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-31 08:28 - 2015-10-21 15:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-31 08:28 - 2015-10-21 15:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-31 08:28 - 2015-10-21 15:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-31 08:28 - 2015-10-21 15:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-31 08:28 - 2015-10-21 15:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-31 08:28 - 2015-10-21 15:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-31 08:28 - 2015-10-21 15:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-31 08:28 - 2015-10-21 15:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-31 08:28 - 2015-10-21 15:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-31 08:28 - 2015-10-21 09:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-31 08:28 - 2015-10-21 09:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-31 08:28 - 2015-10-21 09:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-31 08:28 - 2015-10-21 09:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-31 08:28 - 2015-10-21 08:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-31 08:28 - 2015-10-21 08:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-31 08:28 - 2015-10-21 08:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-26 18:47 - 2015-10-26 19:02 - 00000000 ___RD C:\Users\JR\Dropbox
2015-10-26 18:43 - 2015-10-26 18:43 - 00000000 ____D C:\Users\JR\AppData\Roaming\Dropbox
2015-10-26 18:41 - 2015-10-26 19:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-26 18:41 - 2015-10-26 19:02 - 00000000 ____D C:\Users\JR\AppData\Local\Dropbox
2015-10-26 18:41 - 2015-10-26 18:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-10-22 16:55 - 2015-10-22 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-22 16:54 - 2015-10-22 16:55 - 00000000 ____D C:\Program Files\iTunes
2015-10-22 16:54 - 2015-10-22 16:54 - 00000000 ____D C:\Program Files\iPod
2015-10-22 16:54 - 2015-10-22 16:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-20 17:49 - 2015-10-31 19:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-19 12:44 - 2015-11-07 15:06 - 00011006 _____ C:\WINDOWS\PFRO.log
2015-10-18 16:01 - 2015-11-04 22:29 - 00000000 ____D C:\Users\JR\Desktop\iEnglish
2015-10-18 12:44 - 2015-11-07 15:08 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-17 23:10 - 2015-11-07 15:05 - 00000225 _____ C:\Users\JR\Desktop\Notes.txt
2015-10-17 21:54 - 2015-10-17 21:54 - 00000000 ____D C:\Users\JR\AppData\Local\Avg2014
2015-10-17 21:50 - 2015-10-17 21:50 - 00000000 ____D C:\Users\JR\AppData\Roaming\TuneUp Software
2015-10-17 21:50 - 2015-10-17 21:50 - 00000000 ____D C:\Users\JR\AppData\Local\TuneUp Software
2015-10-17 21:48 - 2015-10-17 22:38 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-10-17 21:48 - 2015-10-17 21:53 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-17 21:12 - 2015-10-17 21:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 21:11 - 2015-10-17 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-17 20:10 - 2015-11-07 14:09 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{149492CD-CB76-4956-81FC-A7460AA17EFB}
2015-10-17 19:21 - 2015-10-17 19:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-17 19:16 - 2015-10-17 19:21 - 00000000 ____D C:\Users\JR\AppData\Roaming\SpringFiles
2015-10-16 11:09 - 2015-10-16 11:09 - 00000000 ____D C:\Program Files\Bonjour
2015-10-16 11:09 - 2015-10-16 11:09 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-14 19:28 - 2015-10-06 07:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 19:28 - 2015-10-06 06:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 19:28 - 2015-09-25 07:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 19:28 - 2015-09-25 07:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 19:27 - 2015-10-10 11:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 19:27 - 2015-10-01 08:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 19:27 - 2015-10-01 08:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 19:27 - 2015-10-01 08:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 19:27 - 2015-10-01 08:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 19:27 - 2015-10-01 08:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 19:27 - 2015-10-01 07:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 19:27 - 2015-09-25 08:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 19:27 - 2015-09-25 08:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 19:27 - 2015-09-25 07:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 19:27 - 2015-09-25 07:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 19:27 - 2015-09-25 07:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 19:27 - 2015-09-25 07:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 19:27 - 2015-09-25 07:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 19:27 - 2015-09-25 07:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 19:27 - 2015-09-25 07:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 19:27 - 2015-09-25 07:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 19:27 - 2015-09-25 07:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 19:27 - 2015-09-25 07:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 19:27 - 2015-09-25 07:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 19:27 - 2015-09-25 07:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 19:27 - 2015-09-25 07:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 19:27 - 2015-09-25 07:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 19:27 - 2015-09-25 07:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 19:27 - 2015-09-25 07:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 19:27 - 2015-09-25 07:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 19:27 - 2015-09-25 07:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 19:27 - 2015-09-25 07:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 19:27 - 2015-09-25 06:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 19:27 - 2015-09-25 06:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 19:27 - 2015-09-25 06:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 19:27 - 2015-09-25 06:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 19:27 - 2015-09-25 06:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 19:27 - 2015-09-25 06:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 19:27 - 2015-09-25 06:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 19:27 - 2015-09-25 06:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 19:27 - 2015-09-25 06:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 19:27 - 2015-09-25 06:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 19:27 - 2015-09-25 06:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-14 19:14 - 2015-10-14 19:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-12 09:31 - 2015-07-05 14:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-09 10:30 - 2015-11-07 14:56 - 00005170 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for John-JR John
2015-10-09 00:38 - 2015-10-12 16:15 - 00000000 ____D C:\Users\JR\AppData\Roaming\Apple Computer
2015-10-09 00:38 - 2015-10-09 00:38 - 00000000 ____D C:\Users\JR\AppData\Local\Apple Computer
2015-10-09 00:38 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-10-09 00:37 - 2015-10-16 11:11 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-10-09 00:37 - 2015-10-09 00:37 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-09 00:36 - 2015-11-02 16:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-09 00:36 - 2015-10-17 21:45 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-09 00:36 - 2015-10-09 00:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-10-09 00:36 - 2015-10-09 00:36 - 00000000 ____D C:\Users\JR\AppData\Local\Apple
2015-10-09 00:35 - 2015-10-22 16:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-09 00:35 - 2015-10-09 00:36 - 00000000 ____D C:\ProgramData\Apple
2015-10-08 15:47 - 2015-10-12 09:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-10-08 12:59 - 2015-10-08 12:59 - 00000000 ____D C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RandyRants.com

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 15:27 - 2015-10-07 16:18 - 00000000 ____D C:\Users\JR\AppData\Roaming\Skype
2015-11-07 15:10 - 2015-10-06 16:36 - 00000125 _____ C:\Users\JR\AppData\Roaming\sp_data.sys
2015-11-07 15:10 - 2015-08-01 06:06 - 00006469 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-11-07 15:09 - 2015-10-07 15:29 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-11-07 15:07 - 2015-10-07 11:11 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-07 15:07 - 2015-07-31 01:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-07 15:06 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-07 15:06 - 2015-07-10 13:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-07 14:03 - 2015-10-06 16:54 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-11-07 14:03 - 2015-10-06 16:54 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-11-07 07:56 - 2015-10-06 16:24 - 00000057 _____ C:\WINDOWS\SysWOW64\binfilename.txt
2015-11-07 07:42 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-06 06:37 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Dental Boutique
2015-11-06 06:27 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Smile Spa
2015-11-05 21:45 - 2015-10-07 21:54 - 00000000 ____D C:\Users\JR\Desktop\Clients
2015-11-05 18:44 - 2014-11-25 00:12 - 00000000 ____D C:\ProgramData\Skype
2015-11-05 12:47 - 2015-10-07 11:29 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-05 09:39 - 2015-10-06 16:33 - 00000000 ____D C:\Users\JR\AppData\Local\Packages
2015-11-05 01:26 - 2014-11-25 00:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 01:26 - 2014-11-25 00:14 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-04 13:45 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-03 20:49 - 2015-10-07 11:16 - 00000000 ____D C:\Users\JR\Desktop\The Media Corner
2015-11-03 19:54 - 2015-10-07 22:00 - 00000000 ____D C:\Users\JR\Desktop\Stuff
2015-11-03 11:52 - 2015-10-07 21:54 - 00017310 _____ C:\Users\JR\Desktop\TMC Master.xlsx
2015-11-02 21:55 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\restore
2015-11-01 04:15 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-01 04:14 - 2015-07-31 02:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-01 04:13 - 2015-09-10 09:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\Com
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\IME
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\Help
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\servicing
2015-11-01 04:10 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-11-01 04:04 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-11-01 04:04 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-11-01 03:03 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-31 19:48 - 2015-10-07 15:44 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-26 18:47 - 2015-10-07 11:14 - 00000000 ____D C:\Users\JR
2015-10-20 17:50 - 2015-10-07 15:42 - 00000000 ____D C:\Users\JR\AppData\Local\Adobe
2015-10-20 17:49 - 2015-10-07 15:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-19 18:15 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Company's
2015-10-19 12:44 - 2015-07-31 01:49 - 00342976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-17 22:43 - 2015-10-07 11:56 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-17 22:10 - 2015-08-01 06:05 - 00000000 ____D C:\WINDOWS\Options
2015-10-17 21:46 - 2015-10-07 16:40 - 00001025 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-10-17 21:46 - 2015-10-07 13:39 - 00002361 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-17 21:45 - 2015-10-07 11:19 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-17 21:45 - 2015-08-01 05:56 - 00002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2015-10-17 21:45 - 2015-08-01 05:52 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2015-10-17 21:29 - 2015-10-07 15:36 - 00000000 ____D C:\Users\JR\AppData\Local\Google
2015-10-17 07:40 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Mujic
2015-10-16 07:10 - 2015-07-31 02:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 07:10 - 2015-07-31 02:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 19:59 - 2015-10-07 15:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 19:52 - 2015-10-07 15:52 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-13 19:19 - 2015-08-01 06:13 - 00000000 ____D C:\ProgramData\McAfee
2015-10-13 19:19 - 2015-08-01 06:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-10-12 10:19 - 2015-10-07 11:18 - 00000000 ____D C:\Users\JR\Downloads\Generic Dental Images - Shutterstock
2015-10-12 09:21 - 2015-07-31 02:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-12 09:21 - 2015-07-10 13:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-12 09:18 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Default.migrated
2015-10-08 13:03 - 2015-10-07 21:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-08 11:27 - 2014-11-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-08 11:27 - 2014-11-25 00:11 - 00000000 ____D C:\Program Files (x86)\ASUS

==================== Files in the root of some directories =======

2015-10-06 16:36 - 2015-11-07 15:10 - 0000125 _____ () C:\Users\JR\AppData\Roaming\sp_data.sys
2015-11-02 15:05 - 2015-11-02 15:05 - 0000187 _____ () C:\Users\JR\AppData\Local\Kinnix.exe.config
2015-10-07 11:12 - 2015-10-07 11:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-01 06:23 - 2014-03-26 05:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-11-25 00:11 - 2014-03-27 00:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-11-25 00:11 - 2009-07-22 14:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-11-25 00:11 - 2012-09-07 15:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-11-02 15:05 - 2015-11-02 15:37 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\RefreshReg.vbs
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
C:\Users\JR\AppData\Local\Temp\DeltaTB.exe
C:\Users\JR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjdghl2.dll
C:\Users\JR\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\JR\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\JR\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\JR\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\JR\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-28 19:20

==================== End of FRST.txt ============================

------------------------------------------------------------------
addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by JR (2015-11-07 15:30:02)
Running from C:\Users\JR\Downloads
Windows 10 Home Single Language (X64) (2015-10-07 09:34:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1298384585-687753615-1797274159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1298384585-687753615-1797274159-503 - Limited - Disabled)
Guest (S-1-5-21-1298384585-687753615-1797274159-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298384585-687753615-1797274159-1003 - Limited - Enabled)
JR (S-1-5-21-1298384585-687753615-1797274159-1001 - Administrator - Enabled) => C:\Users\JR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.03.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.332 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0059 - ST Microelectronics)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS)
Windows Driver Package - Kionix, Inc. (kxspb) Sensor I/O devices (10/21/2014 1.2.7.9) (HKLM\...\C38347B1F2610B28BFC196DC49544B06129D43BA) (Version: 10/21/2014 1.2.7.9 - Kionix, Inc.)
Windows Driver Package - Kionix, Inc. (WUDFRd) Sensor (10/21/2014 1.0.19.2) (HKLM\...\F7038EE78CCD48375CE4C803EAA8ECE752A0B945) (Version: 10/21/2014 1.0.19.2 - Kionix, Inc.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

02-11-2015 21:55:20 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 17:25 - 2015-10-12 09:17 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0938F481-E0E5-4B6B-9A64-051ABC92D480} - System32\Tasks\psv_Bamstathome => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Latcannix.reg" & del "C:\ProgramData\Medlight\Latcannix.reg" & SCHTASKS /Delete /TN "psv_Bamstathome" /F <==== ATTENTION
Task: {113F2B0A-2A91-41EF-AA0B-0F498C4A2B08} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {120578D0-6C33-4B62-8C06-36937FAE1049} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {188290BE-2468-40DD-8074-B2EFABAFA665} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {1F1240BB-6C46-4EAC-829C-4EBBDA21B130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {20F6BC80-B526-4B3B-AABE-281F99A72667} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-11-02] ()
Task: {36A288F3-55C7-49AA-A594-D44BD21A1DA2} - System32\Tasks\{FA0D3316-E921-4297-BF68-E9B9A0DF0282} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsMain
Task: {3CAFB6AD-48E7-42BD-B98B-B0B9F745E70E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {45F7A1D3-048B-4CC4-A432-AFF86380297A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {468DF49C-8773-4533-AB42-7FF75ACCFE17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for John-JR John => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation)
Task: {48ADBA37-F472-4B59-B1B8-D213F5B11AFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52700100-FED0-4D83-9A3B-C6048E2F48FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {633E624B-3087-41A2-B21E-FBA243D54ECE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {64D72F49-60F4-4D19-AB2C-1DCD5747016B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-26] (Realtek Semiconductor)
Task: {6924880F-6C2A-475C-BADB-08F6019580CF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-09-12] (ASUS)
Task: {6C811F60-E33F-43C5-97CE-A1EC7DD9E7E7} - System32\Tasks\psv_KinFinlax => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Zummatax.reg" & del "C:\ProgramData\Medlight\Zummatax.reg" & SCHTASKS /Delete /TN "psv_KinFinlax" /F <==== ATTENTION
Task: {730157FB-06B4-4678-86CB-1ECE7E0401D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-02] (AVAST Software)
Task: {7DF67029-8DA8-4CD6-A657-BEC773201FC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {89D6E20B-2B72-4D93-8C73-47713505BEB8} - System32\Tasks\{50482FF7-8DBE-4496-AE69-79E91014A701} => pcalua.exe -a C:\Users\JR\AppData\Local\PPTAssist\utility\uninst.exe
Task: {8B1791DB-51A9-43F9-B875-9559D560EA7A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-12] (ASUSTek Computer Inc.)
Task: {9A2B6BAB-5C25-4351-A185-DE30104EA139} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
Task: {9C7855CC-D456-46E6-9AF1-F6035864F631} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI)
Task: {A1C64A33-1283-40C1-8005-6D39E20A6F31} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-13] ()
Task: {A2A1C7D0-B442-4E78-82C8-F1B90F7FA9B5} - System32\Tasks\psv_Airlab => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Tinzumfix.reg" & del "C:\ProgramData\Medlight\Tinzumfix.reg" & SCHTASKS /Delete /TN "psv_Airlab" /F <==== ATTENTION
Task: {B68CD675-CD0C-4E21-9E00-86C3F0DB9A83} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
Task: {BAF95B4B-0ED4-477D-9A20-0D63EFD52250} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-03] (ASUSTek Computer Inc.)
Task: {C6A11D47-DF14-4610-8848-41475B660020} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-12] (ASUSTek Computer Inc.)
Task: {C7CDEF01-CEF1-4D40-8659-0875E7B1F2C3} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {CC4F4678-37E5-468C-836D-4D52FA4D0E7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {D77B304D-99C9-44E9-A9B3-F2DB31030C8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {EE2B917F-32BE-4219-B034-7A122D4A5D4B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-08-24] (AsusTek)
Task: {F6110AD8-0969-40FD-86EB-D280A2EC2E2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 07:33 - 2015-07-10 07:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 09:04 - 2015-09-10 09:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 07:26 - 2015-07-10 07:26 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-09-10 09:04 - 2015-09-10 09:04 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-03-20 08:27 - 2013-03-20 08:27 - 08864936 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-18 11:35 - 2015-07-18 11:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-07 11:50 - 2015-10-07 11:50 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:13 - 2015-09-10 09:04 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-01 06:20 - 2014-02-13 03:19 - 00243200 _____ () C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_DT.dll
2015-11-02 21:56 - 2015-11-02 21:56 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-02 21:56 - 2015-11-02 21:56 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-05 19:57 - 2015-11-05 19:57 - 02990080 _____ () C:\Program Files\AVAST Software\Avast\defs\15110500\algo.dll
2015-11-07 15:08 - 2015-11-07 15:08 - 02990592 _____ () C:\Program Files\AVAST Software\Avast\defs\15110604\algo.dll
2015-11-03 06:32 - 2015-11-03 06:32 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\05a6d0e3a666ac8d0b38a6a290869c06\Windows.Foundation.ni.dll
2014-10-01 23:55 - 2014-10-01 23:55 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-11-02 21:56 - 2015-11-02 21:56 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-05 01:32 - 2015-10-20 18:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-11-05 01:32 - 2015-10-20 18:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2014-09-03 22:03 - 2014-09-03 22:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-05 01:32 - 2015-10-20 18:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JR\Downloads\984246_10207576820287471_299149897564881063_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1CC11F89-62F7-423A-ACA2-DBF2E5D3E57C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C97A3159-6932-4CDC-959B-3E826F515BE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{24CD258A-29C2-43FF-BD2F-94FA7996C2FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{485B2FE4-671A-4CE0-BD60-06C374DAE9D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{21CDAFE7-9EF1-4FD1-A2E6-391AE6A19FD8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{79A512C5-5A4D-4174-A8C1-95B65B3C4F1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1A5C59BA-CF29-4A6F-B975-C5827AD52987}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9C928D2D-6075-4D02-B09E-C10C94F995DB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB44E167-9FDD-49C6-9FE9-A2CAD3F1CCF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{43913097-E0B0-4F1A-8877-DA2BE000419F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{828C9185-6136-4455-B61A-02001CC83002}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6F5081A-E932-4FF4-941F-B306A00999EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD0043FB-6C25-4485-8F1F-A132FA5E3943}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{716E9AD9-F17B-4176-9209-AD0CFD906C8B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{AC0B3381-5EDB-42EE-86B4-EEB3AEC342DA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{BE7ECF16-A2E0-42EA-9F44-E0DD9EF638FC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{9F5A6568-FE3B-4EAA-AFFF-791A8C1B5F13}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{E2002119-EFE1-4062-90B8-40389E2D452C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{82B03896-7DDB-4001-8990-283597F7A903}] => (Allow) C:\Program Files (x86)\KMSpicoPortable\KMSServer.exe
FirewallRules: [{C0E170B9-EA4B-4B88-9A31-E14BCF83E061}] => (Allow) C:\Program Files (x86)\KMSpicoPortable\KMSServer.exe
FirewallRules: [{01B58C07-FF81-4B51-8F09-A83D69C81D15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2015 03:17:40 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/07/2015 03:08:06 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/07/2015 02:00:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21868219

Error: (11/07/2015 02:00:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21868219

Error: (11/07/2015 02:00:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2015 10:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10807531

Error: (11/07/2015 10:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10807531

Error: (11/07/2015 10:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2015 10:56:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10806234

Error: (11/07/2015 10:56:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10806234

System errors:
=============
Error: (11/07/2015 03:10:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/07/2015 03:10:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2015-11-02 15:21:03.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:21:03.149
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:59.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:59.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:59.042
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:58.942
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-01 21:42:37.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-01 21:42:37.205
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-01 14:41:27.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-31 20:13:16.101
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 65%
Total physical RAM: 3999.11 MB
Available physical RAM: 1391.46 MB
Total Virtual: 4703.11 MB
Available Virtual: 1686.11 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:91.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:263.35 GB) (Free:262.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 39803116)

Partition: GPT.

==================== End of Addition.txt ============================

**chemist** · 11-07-2015, 12:41 PM

Are you running an illegal(pirated) version of Windows or Office, or both?

jroper321 · 11-07-2015, 07:23 PM

Yes my office is. But I've never had this issue in the past whilst using the office package.

**chemist** · 11-07-2015, 07:33 PM

You will have to uninstall the pirated software before we can proceed.

Cracked (Illegal) Software

jroper321 · 11-07-2015, 07:44 PM

Thank you for your response.

I only started to have this issue when I downloaded a game from the internet (Weeks after my outlook was installed)

So before the game was downloaded, it was fine, I didn't have any issues and I never had issues in the past.

**chemist** · 11-07-2015, 08:49 PM

You're welcome, but I don't think you understand. Our forum rules prevent us from giving you assistance while the pirated software is still installed on your machine.

If you still need help, you will have to uninstall KMSpico and Microsoft Office Professional Plus 2013 before we can proceed.

jroper321 · 11-07-2015, 10:06 PM

Ahh I see. Please give me a day or so to back all my emails up and remove it.

I will inform you asap!

**chemist** · 11-07-2015, 10:20 PM

Let me know. After uninstalling KMSpico and Microsoft Office Professional Plus 2013, please run FRST64 again, making sure Addition.txt is ticked before clicking the Run button, and paste/attach the logs as before.

jroper321 · 11-08-2015, 08:08 PM

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by JR (2015-11-09 07:57:36)
Running from C:\Users\JR\Desktop\Stuff\Software
Windows 10 Home Single Language (X64) (2015-10-07 09:34:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1298384585-687753615-1797274159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1298384585-687753615-1797274159-503 - Limited - Disabled)
Guest (S-1-5-21-1298384585-687753615-1797274159-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298384585-687753615-1797274159-1003 - Limited - Enabled)
JR (S-1-5-21-1298384585-687753615-1797274159-1001 - Administrator - Enabled) => C:\Users\JR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.03.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.332 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0059 - ST Microelectronics)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS)
Windows Driver Package - Kionix, Inc. (kxspb) Sensor I/O devices (10/21/2014 1.2.7.9) (HKLM\...\C38347B1F2610B28BFC196DC49544B06129D43BA) (Version: 10/21/2014 1.2.7.9 - Kionix, Inc.)
Windows Driver Package - Kionix, Inc. (WUDFRd) Sensor (10/21/2014 1.0.19.2) (HKLM\...\F7038EE78CCD48375CE4C803EAA8ECE752A0B945) (Version: 10/21/2014 1.0.19.2 - Kionix, Inc.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
YTD Video Downloader 5.0.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.0.0 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

02-11-2015 21:55:20 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 17:25 - 2015-10-12 09:17 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F45412-B640-4FD5-A211-50FC5E95F375} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
Task: {0938F481-E0E5-4B6B-9A64-051ABC92D480} - System32\Tasks\psv_Bamstathome => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Latcannix.reg" & del "C:\ProgramData\Medlight\Latcannix.reg" & SCHTASKS /Delete /TN "psv_Bamstathome" /F <==== ATTENTION
Task: {113F2B0A-2A91-41EF-AA0B-0F498C4A2B08} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {120578D0-6C33-4B62-8C06-36937FAE1049} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {188290BE-2468-40DD-8074-B2EFABAFA665} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {1F1240BB-6C46-4EAC-829C-4EBBDA21B130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {36A288F3-55C7-49AA-A594-D44BD21A1DA2} - System32\Tasks\{FA0D3316-E921-4297-BF68-E9B9A0DF0282} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsMain
Task: {3CAFB6AD-48E7-42BD-B98B-B0B9F745E70E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {45F7A1D3-048B-4CC4-A432-AFF86380297A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {468DF49C-8773-4533-AB42-7FF75ACCFE17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for John-JR John => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation)
Task: {48ADBA37-F472-4B59-B1B8-D213F5B11AFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52700100-FED0-4D83-9A3B-C6048E2F48FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {633E624B-3087-41A2-B21E-FBA243D54ECE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {64D72F49-60F4-4D19-AB2C-1DCD5747016B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-26] (Realtek Semiconductor)
Task: {6924880F-6C2A-475C-BADB-08F6019580CF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-09-12] (ASUS)
Task: {6C811F60-E33F-43C5-97CE-A1EC7DD9E7E7} - System32\Tasks\psv_KinFinlax => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Zummatax.reg" & del "C:\ProgramData\Medlight\Zummatax.reg" & SCHTASKS /Delete /TN "psv_KinFinlax" /F <==== ATTENTION
Task: {730157FB-06B4-4678-86CB-1ECE7E0401D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-02] (AVAST Software)
Task: {7DF67029-8DA8-4CD6-A657-BEC773201FC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {89D6E20B-2B72-4D93-8C73-47713505BEB8} - System32\Tasks\{50482FF7-8DBE-4496-AE69-79E91014A701} => pcalua.exe -a C:\Users\JR\AppData\Local\PPTAssist\utility\uninst.exe
Task: {8B1791DB-51A9-43F9-B875-9559D560EA7A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-12] (ASUSTek Computer Inc.)
Task: {A1C64A33-1283-40C1-8005-6D39E20A6F31} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-13] ()
Task: {A2A1C7D0-B442-4E78-82C8-F1B90F7FA9B5} - System32\Tasks\psv_Airlab => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Tinzumfix.reg" & del "C:\ProgramData\Medlight\Tinzumfix.reg" & SCHTASKS /Delete /TN "psv_Airlab" /F <==== ATTENTION
Task: {BAF95B4B-0ED4-477D-9A20-0D63EFD52250} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-03] (ASUSTek Computer Inc.)
Task: {C6A11D47-DF14-4610-8848-41475B660020} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-12] (ASUSTek Computer Inc.)
Task: {C7CDEF01-CEF1-4D40-8659-0875E7B1F2C3} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {CC4F4678-37E5-468C-836D-4D52FA4D0E7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {D77B304D-99C9-44E9-A9B3-F2DB31030C8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {EE2B917F-32BE-4219-B034-7A122D4A5D4B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-08-24] (AsusTek)
Task: {F6110AD8-0969-40FD-86EB-D280A2EC2E2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FB82CD8F-76E9-4BD1-96F4-52E2899E95BB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 07:33 - 2015-07-10 07:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 09:04 - 2015-09-10 09:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 07:26 - 2015-07-10 07:26 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-09-10 09:04 - 2015-09-10 09:04 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-01 23:55 - 2014-10-01 23:55 - 00114688 _____ () C:\Program Files\ASUS\ASUS FlipLock\TransformNotifier.exe
2015-10-07 11:50 - 2015-10-07 11:50 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-03-20 08:27 - 2013-03-20 08:27 - 08864936 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-18 11:35 - 2015-07-18 11:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-07 11:50 - 2015-10-07 11:50 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-07 11:50 - 2015-10-07 11:50 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:13 - 2015-09-10 09:04 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-01 06:20 - 2014-02-13 03:19 - 00243200 _____ () C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_DT.dll
2015-11-05 23:23 - 2015-11-05 23:23 - 00851488 _____ () C:\Users\JR\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
2012-10-02 07:36 - 2012-10-02 07:36 - 00401024 _____ () C:\Program Files\Microsoft Office\Office15\msfad.dll
2015-11-02 21:56 - 2015-11-02 21:56 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-02 21:56 - 2015-11-02 21:56 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-07 22:50 - 2015-11-07 22:50 - 02990592 _____ () C:\Program Files\AVAST Software\Avast\defs\15110700\algo.dll
2015-11-08 15:19 - 2015-11-08 15:19 - 02990592 _____ () C:\Program Files\AVAST Software\Avast\defs\15110800\algo.dll
2015-11-03 06:32 - 2015-11-03 06:32 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\05a6d0e3a666ac8d0b38a6a290869c06\Windows.Foundation.ni.dll
2014-10-01 23:55 - 2014-10-01 23:55 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2014-09-03 22:03 - 2014-09-03 22:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-09-12 05:31 - 2014-09-12 05:31 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-11-02 21:56 - 2015-11-02 21:56 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-20 08:27 - 2013-03-20 08:27 - 08864912 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-05 01:32 - 2015-10-20 18:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-11-05 01:32 - 2015-10-20 18:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JR\Downloads\984246_10207576820287471_299149897564881063_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1CC11F89-62F7-423A-ACA2-DBF2E5D3E57C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C97A3159-6932-4CDC-959B-3E826F515BE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{24CD258A-29C2-43FF-BD2F-94FA7996C2FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{485B2FE4-671A-4CE0-BD60-06C374DAE9D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{21CDAFE7-9EF1-4FD1-A2E6-391AE6A19FD8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{79A512C5-5A4D-4174-A8C1-95B65B3C4F1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1A5C59BA-CF29-4A6F-B975-C5827AD52987}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9C928D2D-6075-4D02-B09E-C10C94F995DB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB44E167-9FDD-49C6-9FE9-A2CAD3F1CCF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{43913097-E0B0-4F1A-8877-DA2BE000419F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{828C9185-6136-4455-B61A-02001CC83002}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6F5081A-E932-4FF4-941F-B306A00999EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD0043FB-6C25-4485-8F1F-A132FA5E3943}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{716E9AD9-F17B-4176-9209-AD0CFD906C8B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{AC0B3381-5EDB-42EE-86B4-EEB3AEC342DA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{BE7ECF16-A2E0-42EA-9F44-E0DD9EF638FC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{9F5A6568-FE3B-4EAA-AFFF-791A8C1B5F13}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{E2002119-EFE1-4062-90B8-40389E2D452C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{01B58C07-FF81-4B51-8F09-A83D69C81D15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2015 03:27:43 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/08/2015 03:18:08 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/08/2015 08:21:06 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/07/2015 03:17:40 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/07/2015 03:08:06 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=Q9KHK
ACID=?
Detailed Error[?]

Error: (11/07/2015 02:00:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21868219

Error: (11/07/2015 02:00:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21868219

Error: (11/07/2015 02:00:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2015 10:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10807531

Error: (11/07/2015 10:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10807531

System errors:
=============
Error: (11/08/2015 04:27:24 PM) (Source: DCOM) (EventID: 10010) (User: John)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (11/08/2015 04:27:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.

Error: (11/08/2015 04:27:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/08/2015 03:21:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (11/08/2015 03:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/08/2015 03:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/08/2015 03:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/08/2015 03:21:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/08/2015 03:21:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/08/2015 03:21:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2015-11-02 15:21:03.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:21:03.149
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:59.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:59.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:59.042
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-02 15:20:58.942
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-01 21:42:37.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-01 21:42:37.205
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-01 14:41:27.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-31 20:13:16.101
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 68%
Total physical RAM: 3999.11 MB
Available physical RAM: 1243.73 MB
Total Virtual: 4703.11 MB
Available Virtual: 999.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:89.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:263.35 GB) (Free:262.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 39803116)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by JR (administrator) on JOHN (09-11-2015 07:55:37)
Running from C:\Users\JR\Desktop\Stuff\Software
Loaded Profiles: JR (Available Profiles: JR)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\ASUS\ASUS FlipLock\TransformNotifier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\JR\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [606296 2014-10-03] (Waves Audio Ltd.)
HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2014-02-13] (STMicroelectronics)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [MalwareProtectionLive] => C:\Users\JR\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe [851488 2015-11-05] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\ProgramData\Medlight\LexiLatron.dll => C:\ProgramData\Medlight\LexiLatron.dll [518656 2015-11-02] ()
AppInit_DLLs-x32: C:\ProgramData\Medlight\Truehold.dll => C:\ProgramData\Medlight\Truehold.dll [320512 2015-11-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-02] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1298384585-687753615-1797274159-1001] => hxxp://get-access.me/wpad.dat?31390c9cc5b26ea92f5b1269e67ac766832480
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c999ec5-a45e-42aa-bf31-25d929bfa5b9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e071510lmo59-gfM0HfXNfoIVFN1vQlT78DlOdx81Q6ZhF9ISSMkiM8dwiAxznlA9wpGQyzwMO9ThPA-Q,,&q={searchTerms}
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e0715F__iKOcgtdnJTqbNjkMN90YSABo__whOwgJuq04LvbseS8A1uXdFXwHqYNfPQDjRvJ8-aDIQmNJQ,,
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e071510lmo59-gfM0HfXNfoIVFN1vQlT78DlOdx81Q6ZhF9ISSMkiM8dwiAxznlA9wpGQyzwMO9ThPA-Q,,&q={searchTerms}
HKU\S-1-5-21-1298384585-687753615-1797274159-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqmfa3amH7L_Vax8Bh3qrO-7Y8JM4gNZODhoJv7TR5HfHslTIu3GJ02htCwbJFaZuRlT56XZO2e071510lmo59-gfM0HfXNfoIVFN1vQlT78DlOdx81Q6ZhF9ISSMkiM8dwiAxznlA9wpGQyzwMO9ThPA-Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-02-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-02-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-02-14] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-02] [not signed]

Chrome:
=======
CHR Profile: C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-05]
CHR Extension: (agfjdflmdlnffhlfmjdpbcoccaeamikk) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk [2015-11-06]
CHR Extension: (Google Docs) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
CHR Extension: (Google Drive) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Google Search) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-05]
CHR Extension: (Avast Online Security) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-05]
CHR Extension: (Gmail) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-11-02] (AVAST Software)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [64512 2014-10-01] (ASUS) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-09-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-11-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-11-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-11-02] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-27] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [97680 2015-08-24] (ASUS Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 kxspb; C:\Windows\System32\drivers\kxspb.sys [40976 2014-10-21] (Kionix, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-01] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [125104 2014-06-06] (STMicroelectronics)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 07:24 - 2015-11-09 07:24 - 00016148 _____ C:\WINDOWS\system32\JOHN_JR_HistoryPrediction.bin
2015-11-07 16:08 - 2015-11-07 16:09 - 650694303 _____ C:\Users\JR\Documents\Kevin Hart Stand Up Comedy- Seriously- Funny Standup Show 2010.mp4
2015-11-07 15:45 - 2015-11-08 05:45 - 00000000 ____D C:\Users\JR\AppData\Local\MalwareProtectionLive
2015-11-07 15:45 - 2015-11-07 15:45 - 00001328 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
2015-11-07 15:45 - 2015-11-07 15:45 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-11-07 15:45 - 2015-11-07 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-11-07 15:45 - 2015-11-07 15:45 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2015-11-07 15:27 - 2015-11-09 07:55 - 00000000 ____D C:\FRST
2015-11-07 15:04 - 2015-11-07 15:05 - 00000000 ____D C:\AdwCleaner
2015-11-05 01:32 - 2015-11-09 07:37 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-05 01:32 - 2015-11-08 23:21 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-05 01:32 - 2015-11-05 01:32 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-05 01:32 - 2015-11-05 01:32 - 00003726 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-05 01:32 - 2015-11-05 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-05 01:32 - 2015-11-05 01:32 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-05 01:26 - 2015-11-05 01:26 - 00000000 ____D C:\Users\JR\AppData\Roaming\WildTangent
2015-11-03 21:46 - 2015-11-03 21:46 - 00000000 ____D C:\Users\JR\Downloads\Website Literature
2015-11-02 21:57 - 2015-11-02 21:57 - 00000000 ____D C:\Users\JR\AppData\Roaming\AVAST Software
2015-11-02 21:56 - 2015-11-07 15:11 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-02 21:56 - 2015-11-07 15:11 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-02 21:56 - 2015-11-03 06:13 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-02 21:56 - 2015-11-02 21:56 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-02 21:56 - 2015-11-02 21:56 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-02 21:56 - 2015-11-02 21:56 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-02 21:56 - 2015-11-02 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-02 21:55 - 2015-11-02 21:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-02 21:53 - 2015-11-02 21:53 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-02 21:11 - 2015-11-02 21:11 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-11-02 21:11 - 2015-11-02 21:11 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-11-02 21:11 - 2015-11-02 21:11 - 00003448 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-11-02 21:11 - 2010-12-06 06:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2015-11-02 20:44 - 2015-11-09 00:11 - 00002538 _____ C:\WINDOWS\setupact.log
2015-11-02 20:44 - 2015-11-02 20:44 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-02 15:39 - 2015-11-02 15:39 - 00003240 _____ C:\WINDOWS\System32\Tasks\{50482FF7-8DBE-4496-AE69-79E91014A701}
2015-11-02 15:38 - 2015-11-02 15:38 - 00000000 ____D C:\ProgramData\kingsoft
2015-11-02 15:37 - 2015-11-02 15:38 - 00000000 ____D C:\ProgramData\yWMiniProy
2015-11-02 15:37 - 2015-11-02 15:37 - 00000370 _____ C:\WINDOWS\SysWOW64\data.bin
2015-11-02 15:08 - 2015-11-03 00:17 - 00000000 ____D C:\ProgramData\Medlight
2015-11-02 15:08 - 2015-11-02 15:08 - 00003346 _____ C:\WINDOWS\System32\Tasks\psv_Bamstathome
2015-11-02 15:08 - 2015-11-02 15:08 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_KinFinlax
2015-11-02 15:08 - 2015-11-02 15:08 - 00003326 _____ C:\WINDOWS\System32\Tasks\psv_Airlab
2015-11-02 15:08 - 2015-11-02 15:08 - 00000000 ____D C:\Users\JR\AppData\Roaming\Mozilla
2015-11-02 15:08 - 2015-11-02 15:08 - 00000000 ____D C:\ProgramData\Medlights
2015-11-02 15:05 - 2015-11-02 15:39 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-02 15:05 - 2015-11-02 15:37 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-02 15:05 - 2015-11-02 15:08 - 00000000 ____D C:\Users\JR\AppData\Roaming\Opera Software
2015-11-02 15:05 - 2015-11-02 15:08 - 00000000 ____D C:\Users\JR\AppData\Local\Opera Software
2015-11-02 15:05 - 2015-11-02 15:06 - 00000000 ____D C:\ProgramData\6WMiniPro6
2015-11-02 15:05 - 2015-10-12 09:17 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-11-01 11:05 - 2015-11-01 11:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-01 11:03 - 2012-09-28 02:11 - 00407552 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpcpn140.dll
2015-11-01 11:03 - 2012-09-28 02:05 - 00408576 _____ C:\WINDOWS\SysWOW64\hpcc3140.DLL
2015-11-01 11:03 - 2012-08-30 19:52 - 00512512 _____ (HP) C:\WINDOWS\SysWOW64\hpcdmc32.DLL
2015-10-31 17:38 - 2015-10-31 17:38 - 00021557 _____ C:\Users\JR\Desktop\TAA Pipeline.xlsx
2015-10-31 16:50 - 2015-11-08 14:00 - 00013394 _____ C:\Users\JR\Desktop\Accounts.xlsx
2015-10-31 08:29 - 2015-10-28 03:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-31 08:29 - 2015-10-28 03:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-31 08:29 - 2015-10-21 16:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-31 08:29 - 2015-10-21 16:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-31 08:29 - 2015-10-21 16:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-31 08:29 - 2015-10-21 16:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-31 08:29 - 2015-10-21 15:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-31 08:29 - 2015-10-21 09:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-31 08:29 - 2015-10-21 09:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-31 08:29 - 2015-10-21 09:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-31 08:29 - 2015-10-21 09:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-31 08:28 - 2015-10-21 16:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-31 08:28 - 2015-10-21 16:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-31 08:28 - 2015-10-21 15:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-31 08:28 - 2015-10-21 15:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-31 08:28 - 2015-10-21 15:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-31 08:28 - 2015-10-21 15:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-31 08:28 - 2015-10-21 15:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-31 08:28 - 2015-10-21 15:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-31 08:28 - 2015-10-21 15:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-31 08:28 - 2015-10-21 15:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-31 08:28 - 2015-10-21 15:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-31 08:28 - 2015-10-21 15:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-31 08:28 - 2015-10-21 15:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-31 08:28 - 2015-10-21 15:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-31 08:28 - 2015-10-21 15:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-31 08:28 - 2015-10-21 15:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-31 08:28 - 2015-10-21 09:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-31 08:28 - 2015-10-21 09:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-31 08:28 - 2015-10-21 09:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-31 08:28 - 2015-10-21 09:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-31 08:28 - 2015-10-21 08:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-31 08:28 - 2015-10-21 08:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-31 08:28 - 2015-10-21 08:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-26 18:47 - 2015-10-26 19:02 - 00000000 ___RD C:\Users\JR\Dropbox
2015-10-26 18:43 - 2015-10-26 18:43 - 00000000 ____D C:\Users\JR\AppData\Roaming\Dropbox
2015-10-26 18:41 - 2015-10-26 19:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-26 18:41 - 2015-10-26 19:02 - 00000000 ____D C:\Users\JR\AppData\Local\Dropbox
2015-10-26 18:41 - 2015-10-26 18:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-10-22 16:55 - 2015-10-22 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-22 16:54 - 2015-10-22 16:55 - 00000000 ____D C:\Program Files\iTunes
2015-10-22 16:54 - 2015-10-22 16:54 - 00000000 ____D C:\Program Files\iPod
2015-10-22 16:54 - 2015-10-22 16:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-20 17:49 - 2015-10-31 19:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-19 12:44 - 2015-11-08 15:16 - 00011394 _____ C:\WINDOWS\PFRO.log
2015-10-18 16:01 - 2015-11-04 22:29 - 00000000 ____D C:\Users\JR\Desktop\iEnglish
2015-10-18 12:44 - 2015-11-09 00:11 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-17 23:10 - 2015-11-08 23:45 - 00000233 _____ C:\Users\JR\Desktop\Notes.txt
2015-10-17 21:54 - 2015-10-17 21:54 - 00000000 ____D C:\Users\JR\AppData\Local\Avg2014
2015-10-17 21:50 - 2015-10-17 21:50 - 00000000 ____D C:\Users\JR\AppData\Roaming\TuneUp Software
2015-10-17 21:50 - 2015-10-17 21:50 - 00000000 ____D C:\Users\JR\AppData\Local\TuneUp Software
2015-10-17 21:48 - 2015-10-17 22:38 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-10-17 21:48 - 2015-10-17 21:53 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-17 21:12 - 2015-10-17 21:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 21:11 - 2015-10-17 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-17 20:10 - 2015-11-09 07:28 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{149492CD-CB76-4956-81FC-A7460AA17EFB}
2015-10-17 19:21 - 2015-10-17 19:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-17 19:16 - 2015-10-17 19:21 - 00000000 ____D C:\Users\JR\AppData\Roaming\SpringFiles
2015-10-16 11:09 - 2015-10-16 11:09 - 00000000 ____D C:\Program Files\Bonjour
2015-10-16 11:09 - 2015-10-16 11:09 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-14 19:28 - 2015-10-06 07:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 19:28 - 2015-10-06 06:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 19:28 - 2015-09-25 07:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 19:28 - 2015-09-25 07:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 19:27 - 2015-10-10 11:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 19:27 - 2015-10-01 08:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 19:27 - 2015-10-01 08:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 19:27 - 2015-10-01 08:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 19:27 - 2015-10-01 08:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 19:27 - 2015-10-01 08:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 19:27 - 2015-10-01 07:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 19:27 - 2015-09-25 08:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 19:27 - 2015-09-25 08:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 19:27 - 2015-09-25 07:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 19:27 - 2015-09-25 07:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 19:27 - 2015-09-25 07:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 19:27 - 2015-09-25 07:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 19:27 - 2015-09-25 07:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 19:27 - 2015-09-25 07:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 19:27 - 2015-09-25 07:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 19:27 - 2015-09-25 07:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 19:27 - 2015-09-25 07:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 19:27 - 2015-09-25 07:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 19:27 - 2015-09-25 07:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 19:27 - 2015-09-25 07:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 19:27 - 2015-09-25 07:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 19:27 - 2015-09-25 07:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 19:27 - 2015-09-25 07:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 19:27 - 2015-09-25 07:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 19:27 - 2015-09-25 07:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 19:27 - 2015-09-25 07:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 19:27 - 2015-09-25 07:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 19:27 - 2015-09-25 06:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 19:27 - 2015-09-25 06:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 19:27 - 2015-09-25 06:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 19:27 - 2015-09-25 06:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 19:27 - 2015-09-25 06:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 19:27 - 2015-09-25 06:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 19:27 - 2015-09-25 06:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 19:27 - 2015-09-25 06:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 19:27 - 2015-09-25 06:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 19:27 - 2015-09-25 06:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 19:27 - 2015-09-25 06:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 19:27 - 2015-09-25 06:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 19:27 - 2015-09-25 06:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 19:27 - 2015-09-25 06:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-14 19:14 - 2015-10-14 19:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-12 09:31 - 2015-07-05 14:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 07:57 - 2015-10-07 16:18 - 00000000 ____D C:\Users\JR\AppData\Roaming\Skype
2015-11-09 07:47 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-09 00:17 - 2015-10-06 16:24 - 00000057 _____ C:\WINDOWS\SysWOW64\binfilename.txt
2015-11-08 23:21 - 2015-10-07 15:29 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-11-08 23:21 - 2015-10-07 11:11 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-08 23:21 - 2015-10-06 16:36 - 00000125 _____ C:\Users\JR\AppData\Roaming\sp_data.sys
2015-11-08 16:23 - 2015-10-07 11:29 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-08 15:21 - 2015-08-01 06:06 - 00022234 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-11-08 15:17 - 2015-07-31 01:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-08 15:16 - 2015-07-10 13:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-08 15:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-08 13:41 - 2015-10-06 16:33 - 00000000 ____D C:\Users\JR\AppData\Local\Packages
2015-11-08 13:09 - 2015-10-06 16:54 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-11-08 13:09 - 2015-10-06 16:54 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-11-08 07:52 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-07 19:09 - 2015-10-07 22:00 - 00000000 ____D C:\Users\JR\Desktop\Stuff
2015-11-07 19:08 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Mujic
2015-11-07 18:07 - 2015-10-09 10:30 - 00005170 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for John-JR John
2015-11-06 06:37 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Dental Boutique
2015-11-06 06:27 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Smile Spa
2015-11-05 21:45 - 2015-10-07 21:54 - 00000000 ____D C:\Users\JR\Desktop\Clients
2015-11-05 18:44 - 2014-11-25 00:12 - 00000000 ____D C:\ProgramData\Skype
2015-11-05 01:26 - 2014-11-25 00:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 01:26 - 2014-11-25 00:14 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-03 20:49 - 2015-10-07 11:16 - 00000000 ____D C:\Users\JR\Desktop\The Media Corner
2015-11-03 11:52 - 2015-10-07 21:54 - 00017310 _____ C:\Users\JR\Desktop\TMC Master.xlsx
2015-11-02 21:55 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\restore
2015-11-02 16:28 - 2015-10-09 00:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-01 04:15 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-01 04:14 - 2015-07-31 02:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-01 04:13 - 2015-09-10 09:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-11-01 04:13 - 2015-09-10 09:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\Com
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\IME
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\Help
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-11-01 04:13 - 2015-07-31 02:42 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-01 04:13 - 2015-07-10 13:47 - 00000000 ____D C:\WINDOWS\servicing
2015-11-01 04:10 - 2015-07-31 02:42 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-11-01 04:04 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-11-01 04:04 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-11-01 03:03 - 2015-07-31 02:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-31 19:48 - 2015-10-07 15:44 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-26 18:47 - 2015-10-07 11:14 - 00000000 ____D C:\Users\JR
2015-10-22 16:54 - 2015-10-09 00:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-20 17:50 - 2015-10-07 15:42 - 00000000 ____D C:\Users\JR\AppData\Local\Adobe
2015-10-20 17:49 - 2015-10-07 15:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-19 18:15 - 2015-10-07 21:55 - 00000000 ____D C:\Users\JR\Desktop\Company's
2015-10-19 12:44 - 2015-07-31 01:49 - 00342976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-17 22:43 - 2015-10-07 11:56 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-17 22:10 - 2015-08-01 06:05 - 00000000 ____D C:\WINDOWS\Options
2015-10-17 21:46 - 2015-10-07 16:40 - 00001025 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-10-17 21:46 - 2015-10-07 13:39 - 00002361 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-17 21:45 - 2015-10-09 00:36 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 21:45 - 2015-10-07 11:19 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-17 21:45 - 2015-08-01 05:56 - 00002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2015-10-17 21:45 - 2015-08-01 05:52 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2015-10-17 21:29 - 2015-10-07 15:36 - 00000000 ____D C:\Users\JR\AppData\Local\Google
2015-10-16 11:11 - 2015-10-09 00:37 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-10-16 07:10 - 2015-07-31 02:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 07:10 - 2015-07-31 02:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 19:59 - 2015-10-07 15:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 19:52 - 2015-10-07 15:52 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-13 19:19 - 2015-08-01 06:13 - 00000000 ____D C:\ProgramData\McAfee
2015-10-13 19:19 - 2015-08-01 06:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-10-12 16:15 - 2015-10-09 00:38 - 00000000 ____D C:\Users\JR\AppData\Roaming\Apple Computer
2015-10-12 10:19 - 2015-10-07 11:18 - 00000000 ____D C:\Users\JR\Downloads\Generic Dental Images - Shutterstock
2015-10-12 09:21 - 2015-10-08 15:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-10-12 09:21 - 2015-07-31 02:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-12 09:21 - 2015-07-10 13:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-12 09:18 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Default.migrated

==================== Files in the root of some directories =======

2015-10-06 16:36 - 2015-11-08 23:21 - 0000125 _____ () C:\Users\JR\AppData\Roaming\sp_data.sys
2015-11-02 15:05 - 2015-11-02 15:05 - 0000187 _____ () C:\Users\JR\AppData\Local\Kinnix.exe.config
2015-10-07 11:12 - 2015-10-07 11:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-01 06:23 - 2014-03-26 05:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-11-25 00:11 - 2014-03-27 00:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-11-25 00:11 - 2009-07-22 14:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-11-25 00:11 - 2012-09-07 15:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-11-02 15:05 - 2015-11-02 15:37 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\RefreshReg.vbs
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
C:\Users\JR\AppData\Local\Temp\DeltaTB.exe
C:\Users\JR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjdghl2.dll
C:\Users\JR\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\JR\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\JR\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\JR\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\JR\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-28 19:20

==================== End of FRST.txt ============================

**chemist** · 11-09-2015, 06:33 AM

Hello again, jroper321. You still have not uninstalled Microsoft Office Professional Plus 2013.

**chemist** · 11-19-2015, 11:43 AM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------