Saidian
2016-06-29, 04:33
I have a 5MB connection and everything is running slow on this PC on the internet. other pc's on the same connection are not having any issues:
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-10-2015
Ran by Aaron (2016-06-28 19:42:50)
Running from G:\Downloads\Malware removal
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-01 22:25:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aaron (S-1-5-21-2780459401-3871315293-2221292059-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2780459401-3871315293-2221292059-500 - Administrator - Disabled)
Guest (S-1-5-21-2780459401-3871315293-2221292059-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.94 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATConsole (HKLM-x32\...\{CE029721-70F7-4B1C-9E6D-E90EC7D82D8D}) (Version: 10.0.2 - APREL Tehnologija d.o.o.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Chromium (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Chromium) (Version: 50.0.2632.0 - Chromium)
Cisco WebEx Meetings (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Digital Coupon Printer (HKLM-x32\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Imperialism II (HKLM-x32\...\Imperialism II) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )
LizardTech GeoViewer (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\9b689087b44c09fc) (Version: 5.5.0.3396 - LizardTech)
Maintenance Samsung SCX-4623 Series (HKLM-x32\...\Samsung SCX-4623 Series) (Version: - Samsung Electronics CO.,LTD)
Maintenance Samsung SCX-4623FW Series (HKLM-x32\...\Samsung SCX-4623FW Series) (Version: - Samsung Electronics Co., Ltd.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.12 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.011 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
QuickBooks (x32 Version: 24.0.4010.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.6.5 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RevTraxPrintMyCoupon (HKLM-x32\...\{A3F9A883-1D51-4D0F-83F6-2D060A26C8E9}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.23.04 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{761B7BC1-09CF-488B-8A45-010D16A5239F}) (Version: 6.1.6.0 - Husdawg, LLC)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 7.3.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.3.0.3 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
14-06-2016 04:40:46 Windows Update
15-06-2016 03:00:28 Windows Update
20-06-2016 14:40:08 Installed PrintMyCouponAnywhere
21-06-2016 19:03:50 Windows Update
24-06-2016 03:00:10 Windows Update
28-06-2016 18:21:07 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-04-09 21:04 - 00000064 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1E7B521C-0F67-4876-9FAF-59C7E1B80C41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
Task: {295A1C6B-F6B6-423B-9A70-07062BE58BC7} - System32\Tasks\{A0DC1DEF-2121-46DD-929B-143D0AFC2E50} => pcalua.exe -a C:\Users\Aaron\Desktop\populousdemo.exe -d C:\Users\Aaron\Desktop
Task: {2D399FC8-C1D2-48BD-9323-611D65670408} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
Task: {3C2F9E46-8E3D-49A4-8F74-95EA4D0BB816} - System32\Tasks\{D370B6B3-F58E-4857-8585-3DFD0F92E51F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {5682C1DD-68C4-49AC-901D-38974F4219FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {5D27FFA1-301F-4FBB-ACCD-21A4F71F278C} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {60155F0B-ADC8-4F82-850E-B16B918376D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6A1EE2E4-E381-47A6-9CD5-A6F33D057F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8C8EEE6D-7AFE-4525-A463-C73CFA3A9315} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A8307E37-05BC-42D2-9539-E6063849F18F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B03ED6B5-6DC3-45D2-8D23-EFD39F4C99A2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B56D32CB-D9EA-4E4E-993D-ADEFFB10BB55} - System32\Tasks\ATConsole => G:\Program Files (x86)\AT Console\ATConsole.Run.exe [2015-02-27] (APREL Tehnologija d.o.o.)
Task: {C32D4C09-E13C-47F3-94C2-6D7D73D140B1} - System32\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7} => C:\Users\Aaron\AppData\Local\{CF5DF~1\UNINST~1.EXE [2013-04-28] ()
Task: {D2F856D1-7C6F-4B22-BD64-D1B1ECB396F5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
Task: {D5A6A751-A8D8-40E8-90DE-FD1B34B0E5EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATConsole.job => G:\Program Files (x86)\AT Console\ATConsole.Run.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7}.job => C:\Users\Aaron\AppData\Local\{CF5DF~1\UNINST~1.EXE
==================== Loaded Modules (Whitelisted) ==============
2012-09-15 17:18 - 2009-10-28 00:34 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll
2012-09-15 17:17 - 2010-02-11 01:25 - 00750080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sso4mdu.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-28 00:04 - 2014-03-19 10:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2012-09-02 22:34 - 2014-11-12 16:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-29 00:05 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-05-07 11:34 - 2015-05-07 11:34 - 00123912 _____ () C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll
2012-10-08 21:11 - 2011-07-13 07:42 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-03-14 09:47 - 2013-03-14 09:47 - 15500800 _____ () C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
2012-10-08 21:08 - 2011-06-24 13:55 - 01990144 _____ () C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
2012-09-15 17:18 - 2010-02-11 00:55 - 01982464 _____ () C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
2012-09-15 17:18 - 2009-10-27 00:00 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-09-15 17:18 - 2009-10-28 03:09 - 00204800 _____ () C:\Windows\Twain_32\Samsung\ssQScan.exe
2015-11-11 00:36 - 2005-07-18 14:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-28 00:04 - 2014-03-06 17:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2016-05-11 03:24 - 2016-05-11 03:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-09-01 19:23 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00020480 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00069632 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00126976 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00159744 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2012-10-08 21:08 - 2008-11-11 20:51 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623\ssole.dll
2012-09-15 17:18 - 2009-10-28 03:10 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623W\ssole.dll
2012-09-15 17:19 - 2010-01-03 23:39 - 00242176 _____ () C:\Windows\twain_32\Samsung\SCX4623W\NetModule2.dll
2014-08-29 00:05 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-29 00:05 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-31 13:16 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-12-24 21:05 - 2015-12-24 21:05 - 36632000 _____ () C:\Program Files (x86)\Quicken\libcef.dll
2016-06-17 18:22 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 18:22 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-17 18:22 - 2016-06-15 04:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
2012-09-15 17:18 - 2009-10-28 03:09 - 00184320 _____ () C:\Windows\Twain_32\Samsung\SecSNMPR.dll
2009-10-28 03:08 - 2009-10-28 03:08 - 00155648 _____ () C:\Windows\Twain_32\Samsung\qfilter.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123simsen.com -> www.123simsen.com
There are 7795 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{0217D790-5A0B-4926-AED5-0349C66E5845}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4DF23F10-595B-44D6-88D5-4EB05292BDC3}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{807B0FBE-527D-4CF2-AB25-A6DAF45E7CE7}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{647371F3-6C5B-4590-901B-D950BE7A0599}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{000A763F-E59A-4B61-B25C-BCA30E3BF000}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{92132E02-6C28-4E3F-9A40-76F227D2ECAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8CF40CB2-4C5E-46C6-9CC9-056DF2A02E3B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{EE14C1D6-50B6-40D9-BCBB-D762955D0F31}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{24E55F8D-F01E-4A21-A4EB-A35C38E13473}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{D2A69D5E-0DC2-4188-AD48-BD85210CD5C8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{029998F5-7064-4074-8611-3D5D4DA5D50D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{09CD2CA2-F607-4AEB-A0FF-163ABA175AC1}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{7EB35FC4-A89D-45D2-BA02-D69524AD65B0}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{8085ED9E-EADB-431A-B282-0164C2AAB947}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{A0FFC28F-1425-4DAC-8A05-7D481DB098D5}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{2D5C4C14-990F-47A4-90D7-457BBABB289B}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{5160711B-CF7C-4E3D-B87F-898FF819DF60}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{3A5630A9-83B6-44B4-ADC3-62F520EA45BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D090A75C-525E-4A75-9D56-6EBF8D21CE04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64D7CF1A-7F60-4570-B54E-820B870FA6C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F3471A5-FAC8-4D04-9AD5-FFB1BD2A2340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B092329-1752-421C-817F-BC74736C0FC0}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{49C509F9-01A1-4395-8676-CB7004AFF665}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{6488F17B-D4E1-440A-A976-018BDCFD1429}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [{583FC695-87FC-4778-BBBA-B28AAC4A5D66}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [TCP Query User{939F4DFE-70F4-4BF5-9A3A-9E8FE5FA387E}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [UDP Query User{0BF28297-A08B-4FF6-B7C7-D0A405459CBA}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{81B5AA9E-E5C0-4C4A-8024-539276718B86}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{17777220-47DA-474D-9AF4-321755C13CA2}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [TCP Query User{88A73253-ED0B-4527-B77C-8874DAACDAB3}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{C7E19288-4D88-43D9-BAE2-306A9F30F0A5}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{B58D2DFF-66D7-480D-8618-1605430444A7}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{685A77A0-34AB-47DF-B8BD-E670E32B51C8}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{515EEFDD-259C-4676-B23F-F94D4B9A9B44}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{C4F3CBDF-46D5-4AD2-8A67-05581FA19335}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{EF1B562A-9655-409A-A934-C36B5BE3C257}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{6AA3ACBA-BD16-4B0E-BA8D-A81CC2C4793D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{007E4B09-0B56-4895-8D4E-F6DCFE7283BA}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F6B757B5-307F-46A4-9FFE-52451D03DFD1}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0725FF3A-769D-41C2-A289-A9A84A88F286}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{792CCAA8-A680-414C-AE91-DCC151C84A51}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{3367A23D-97C2-4749-940F-6D514AE6672F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5BD4A1FC-D6AA-4C52-8B0B-CA3F9E86ED47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B7A76FB-4724-4FE6-B196-6B06CBADD793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C5E6FD03-1E3C-4CCD-A7D4-A3298D6C5C78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{385F3167-C5AD-4CF5-B351-7A86732A43BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7A7C0C33-D121-47B6-9D41-718945A85791}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8E80AB15-E4CD-4036-A157-672707862741}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{39E3449E-C699-4E28-90FB-E06F88334D95}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{D113A492-7756-4F49-85B5-F7BD5A1E8A20}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{3826C67F-BAB1-4373-8C9F-1EBEF6453A3C}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{212AA332-EC1E-42B1-BFB1-0CC6EB6BF954}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54DC90E6-1D2E-491E-A85C-DBBB8A3A664C}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{044F4BD9-C563-4FD2-AEA3-B02116760FEE}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{36202C0E-2357-42C6-BA8A-DBE0EC2D8721}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{A3C4DB23-6990-4A53-A9B7-B61945751091}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0ECDDE80-FA5E-40B7-8B9D-5D72F64742D4}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E4066D09-D13F-4B51-9EB1-69CDACB8FB73}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [UDP Query User{0109CF3E-4B39-45D2-82BB-AEFAA0420CD0}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{C2C2BCE8-1594-4AC2-B550-79D8F85EACE7}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{8766A6F0-FAC2-4FBB-AD31-B730A87305AB}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [TCP Query User{C0961C7C-E162-447A-98EF-3592A6DC8CF9}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [UDP Query User{1095EE0E-48B6-4A9C-BD54-C51996BCC79D}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{670D0A41-209C-4E40-943B-02114E9FD0D3}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{062B4869-47F9-46D5-92F8-E524F70A7A55}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{F4BAD991-2E3A-4594-A695-C4262646BF25}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81BCE1E4-4FC0-470D-8C28-0313355E18DF}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90481295-BB13-4D32-A77E-1A13FB749236}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7F73812-5374-4932-86D9-1BD9F90B6D08}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58A2B39B-1180-4EE3-BCAB-FA6B658E5F93}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6312911C-5EF6-4E71-AFCF-A31E1EC944CD}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5FDB9E24-9DFB-4E28-99E9-1C473FC3023E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{8C844D3F-1A63-4882-A732-9530887F98B5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B18BD1A8-F169-48A7-A2FE-695972E0E094}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{17F56712-C452-4E5D-BA33-8B0917F50083}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4FC4A00D-D59B-4E3B-B958-664EC6E56F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{817BB168-CBDD-4062-8C11-2EAADA1949CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A86C17B5-0A02-41B2-8AB9-B58665CABA74}] => (Allow) LPort=15600
FirewallRules: [TCP Query User{36474C56-EA37-46B9-BD3D-C68BDED81617}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{96BC5ABF-B1DA-4567-872B-982061CFDA35}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{8FB55FC7-0025-4A3A-9E79-B952FC977CC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00D30FAC-F1B4-47A7-BB8F-13B0F4533CD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5722600-A349-4137-99F6-8B256D87081E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C52BEA8-5C93-45E0-80E3-AD6A9934C318}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E088082F-6A4D-4302-8DE6-3B83197FA395}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D9A6317-004C-4412-8214-F5F6F5F9A5EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C911CDFB-32E3-455D-A432-4C9B84530EAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FAD4D0EE-73EA-42BF-AC21-11CB13608918}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C3AEB49A-1289-47FA-A500-6F0997C20554}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{08FFB907-5708-4631-83C2-F9B7A18B7019}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{89CD940C-9C67-4A5D-AC84-A07E3EF27EB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9181AAA1-5CA1-4C50-981C-285A6EE35D7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C70E8461-ED80-49B4-807E-8EC142DFEF33}] => (Allow) C:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{31982D3E-0DC5-4803-87AE-47C6587CD3FD}] => (Allow) C:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{989AF1D3-C6B6-48A9-B2CD-F75C0E18D186}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{501BAEB9-DE26-4EFD-88B1-EF17F3014023}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EED4ECDB-E3B1-47EB-BF71-B107E588AE42}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8AE8D19-0ABA-4486-BCF1-0EAE8E11053A}] => (Allow) LPort=5556
FirewallRules: [{D9F19A89-DC3C-439D-8196-E71423725A88}] => (Allow) LPort=5558
FirewallRules: [{6EA070DA-3FCC-4EB2-B297-50AB412EB562}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{748B9199-488F-4ABB-A71A-946C9F9E79A2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9B45498D-44CA-4F62-84A4-74E2AA2BA683}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{84029931-34BD-46A0-A5BB-029CBC56A979}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A920B8B4-5AD6-4410-847F-362DAF341DB8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4EB60917-EEEB-4D6A-8DC3-5E2E7CDD6D88}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5C62F8B3-3189-4DBE-A526-0A1D8E2A7A14}] => (Allow) C:\Users\Aaron\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{8534B141-72A5-4B44-8D00-9447FA738795}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{7DA3D94B-3DD6-44CA-A3C3-27FBB69E3F6F}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{129B6FE1-6697-4108-8C9E-787395372FF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2016 05:26:12 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CREDITCARDCHARGE, TxnID: 18062
Error: (06/28/2016 05:23:42 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CREDITCARDCHARGE, TxnID: 18068
Error: (06/28/2016 05:18:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CREDITCARDCHARGE, TxnID: 15627
Error: (06/28/2016 05:16:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 18027
Error: (06/28/2016 05:14:44 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 13783
Error: (06/28/2016 05:14:21 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 15660
Error: (06/28/2016 05:13:48 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 18569
Error: (06/28/2016 05:04:15 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBENDDATE
Error: (06/28/2016 05:04:15 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::WriteExcelVariable Com Error#: 800a03ec
Error: (06/28/2016 05:04:15 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSTARTDATE
System errors:
=============
Error: (06/15/2016 03:18:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/09/2016 07:32:34 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (0).
Error: (06/09/2016 07:32:34 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (0).
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x405840=0xa0040800
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Shader Program Header 18 Error
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Shader Program Header 11 Error
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x405848=0x80000000
Error: (05/16/2016 07:22:53 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffff80000003, 0xfffff800032cf210, 0xfffff8800b2da3f8, 0xfffff8800b2d9c50)C:\Windows\MEMORY.DMP051616-13790-01
Error: (05/07/2016 05:13:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053
Error: (05/07/2016 05:13:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
CodeIntegrity:
===================================
Date: 2015-10-31 10:26:29.847
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-31 10:26:29.807
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 52%
Total physical RAM: 8159.13 MB
Available physical RAM: 3862.32 MB
Total Virtual: 16316.45 MB
Available Virtual: 10277.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:312.19 GB) NTFS
Drive g: (2TB) (Fixed) (Total:1863.01 GB) (Free:1614.91 GB) NTFS
Drive h: (TurboTax 2015) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C8526F36)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 954F3D56)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015
Ran by Aaron (administrator) on BLACKPC (28-06-2016 19:42:35)
Running from G:\Downloads\Malware removal
Loaded Profiles: Aaron (Available Profiles: Aaron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
() C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Intuit Inc. All rights reserved.) C:\Users\Aaron\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Samsung Electronics) C:\Windows\twain_32\Samsung\ScanMgr.exe
() C:\Windows\twain_32\Samsung\ssQscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [SCX4623_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623 Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623FW Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe [1982464 2010-02-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3484624 2014-10-24] (Micro-Star International)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-08-12] (SlySoft, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Steam] => G:\Program Files (x86)\Steam\Steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Google Update] => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-09] (Google Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Chromium] => c:\users\aaron\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [2013-10-12]
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-10-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-10-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-10-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> G:\QuickBooks Pro 2014\QBW32.EXE (Intuit Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23578A93-21A1-47F2-A51B-97699C7B3824}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6588490C-9C39-4614-8E15-1D116A942169}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> DefaultScope {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-07-29] (Wondershare)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - G:\QuickBooks Pro 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2016-01-18] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-10-03] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\searchplugins\Search Provided by Yahoo.xml [2016-04-09]
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-06-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-08-29] [not signed]
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FunCustomCreations) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aloclllfpfjnbhenpnopmemkdjnoimki [2016-06-27]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (Search Manager) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-06-23]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Cast) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-06-15]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock development build) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-28]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1730000 2014-10-24] (Micro-Star International)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-07-12] (Samsung Electronics Co., Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-07] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-07] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-18] (GFI Software)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-15] (Malwarebytes)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-11-01] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-20 14:39 - 2016-06-20 14:39 - 00950272 _____ C:\Users\Aaron\Downloads\PrintMyCouponAnywhereInstaller.msi
2016-06-15 09:31 - 2016-06-15 09:31 - 00000000 ___RD C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-06-14 23:42 - 2016-06-06 11:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 23:42 - 2016-06-06 11:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 23:42 - 2016-06-03 08:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-14 23:42 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 23:42 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-14 23:42 - 2016-05-22 08:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 23:42 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 23:42 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 23:42 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-14 23:42 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-14 23:42 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-14 23:42 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-14 23:42 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 23:42 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-14 23:42 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-14 23:42 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 23:42 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-14 23:42 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 23:42 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-14 23:42 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-14 23:42 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 23:42 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-14 23:42 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-14 23:42 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-14 23:42 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-14 23:42 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 23:42 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 23:42 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 23:42 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-14 23:42 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-14 23:42 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 23:42 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-14 23:42 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-14 23:42 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-14 23:42 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-14 23:42 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 23:42 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-14 23:42 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-14 23:42 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-14 23:42 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-14 23:42 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 23:42 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-14 23:42 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 23:42 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-14 23:42 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 23:42 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-14 23:42 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-14 23:42 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 23:42 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-14 23:42 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-14 23:42 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-14 23:42 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 23:42 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-14 23:42 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 23:42 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 23:42 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 23:42 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 23:42 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-14 23:42 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 23:42 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 23:42 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 23:42 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-14 23:42 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-14 23:42 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 23:42 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 23:42 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 23:42 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 23:42 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 23:42 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 23:42 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-14 23:42 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 23:42 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 23:42 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-14 23:42 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 23:42 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-14 23:42 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 23:42 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-14 23:42 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 23:42 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 23:42 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-14 23:42 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 23:42 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-14 23:42 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-14 23:42 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-14 23:42 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-14 23:42 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-14 23:42 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-14 23:42 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 23:42 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 23:42 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 23:42 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-14 23:42 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-14 23:42 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 23:42 - 2016-04-14 11:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-14 23:42 - 2016-04-14 11:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-14 23:42 - 2016-04-14 10:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-14 23:42 - 2016-04-14 10:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-14 23:42 - 2016-04-09 01:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 23:42 - 2016-04-09 01:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-14 23:42 - 2016-04-09 01:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-14 23:42 - 2016-04-09 01:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-14 23:42 - 2016-04-09 00:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 23:42 - 2016-04-09 00:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-14 23:42 - 2016-03-09 14:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-14 23:42 - 2016-03-09 13:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-11 12:31 - 2016-06-11 19:40 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Acrylic Wi-Fi Home
2016-06-11 12:31 - 2016-06-11 19:40 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2016-06-11 12:31 - 2016-06-11 12:31 - 00000875 _____ C:\Users\Aaron\Desktop\Acrylic Wi-Fi Home.lnk
2016-06-11 12:31 - 2016-06-11 12:31 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2016-06-07 16:29 - 2016-06-28 09:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-28 19:42 - 2016-04-19 21:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-28 19:42 - 2015-10-28 22:01 - 00000000 ____D C:\FRST
2016-06-28 19:36 - 2015-05-09 10:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job
2016-06-28 19:36 - 2012-09-01 17:25 - 00000000 ____D C:\Users\Aaron
2016-06-28 19:35 - 2015-10-28 21:59 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-28 19:31 - 2012-09-02 11:45 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Skype
2016-06-28 19:21 - 2014-05-24 22:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 19:18 - 2015-03-21 01:17 - 00000498 _____ C:\Windows\Tasks\ATConsole.job
2016-06-28 19:13 - 2012-09-15 17:27 - 00000072 _____ C:\Users\Public\LMDebug.log
2016-06-28 19:03 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-28 19:03 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-28 18:45 - 2016-04-09 15:45 - 00000270 _____ C:\Windows\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7}.job
2016-06-28 18:30 - 2012-09-01 16:53 - 01480000 _____ C:\Windows\WindowsUpdate.log
2016-06-28 17:21 - 2014-05-24 22:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-28 15:36 - 2015-05-09 10:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job
2016-06-27 00:45 - 2016-04-09 16:45 - 00000267 _____ C:\Users\Aaron\AppData\Roaming\WB.CFG
2016-06-24 12:57 - 2012-09-01 22:09 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-06-24 03:00 - 2015-12-31 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-24 03:00 - 2015-12-31 20:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 03:00 - 2015-12-31 20:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 09:13 - 2013-09-04 18:56 - 00000000 ____D C:\Users\Aaron\AppData\Local\Deployment
2016-06-20 17:55 - 2009-07-13 23:51 - 00082356 _____ C:\Windows\setupact.log
2016-06-20 17:48 - 2012-10-04 20:29 - 00000000 ____D C:\Users\Aaron\AppData\Local\CrashDumps
2016-06-17 18:22 - 2014-05-24 22:47 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 18:22 - 2014-05-24 22:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 01:42 - 2016-04-19 21:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 01:42 - 2012-09-01 22:33 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 01:42 - 2012-09-01 22:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 09:30 - 2014-08-29 09:33 - 00000040 ___SH C:\ProgramData\.zreglib
2016-06-15 09:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-06-15 03:26 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-15 03:19 - 2015-04-15 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 03:19 - 2012-10-22 19:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-15 03:19 - 2012-09-01 19:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-15 03:19 - 2010-11-20 22:47 - 01682678 _____ C:\Windows\PFRO.log
2016-06-15 03:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 03:19 - 2009-07-13 23:45 - 00425960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 03:03 - 2013-03-16 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-06-13 19:31 - 2010-11-20 22:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-12-16 22:19 - 2014-04-24 08:04 - 0099678 _____ () C:\Program Files (x86)\7a528302-651c-415a-b73e-d6f647cf6467-avery-icon_02.ico
2014-12-16 22:19 - 2014-04-30 11:01 - 0131584 _____ () C:\Program Files (x86)\DesktopDPO.exe
2014-12-16 22:19 - 2014-05-08 12:14 - 9809519 _____ () C:\Program Files (x86)\DesktopDPO.swf
2014-12-16 22:19 - 2014-03-24 05:50 - 0000059 _____ () C:\Program Files (x86)\mimetype
2014-12-16 22:19 - 2014-12-16 22:19 - 0063594 _____ () C:\Program Files (x86)\uninstall.dat
2016-04-09 16:45 - 2016-06-27 00:45 - 0000267 _____ () C:\Users\Aaron\AppData\Roaming\WB.CFG
2013-03-09 19:40 - 2013-04-07 10:39 - 0919244 _____ () C:\Users\Aaron\AppData\Local\a.zip
2012-09-01 21:04 - 2015-08-27 21:31 - 0007616 _____ () C:\Users\Aaron\AppData\Local\resmon.resmoncfg
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\Aaron\AppData\Local\setup.txt
2014-08-29 09:33 - 2016-06-15 09:30 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-03-21 01:18 - 2015-03-21 01:18 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-03-21 20:17 - 2016-04-07 19:54 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-10 15:47 - 2016-04-10 15:47 - 3730356 _____ () C:\ProgramData\SamPCFax00004C6C0001
Files to move or delete:
====================
C:\Windows\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7}.job
Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\AutoWifi.exe
C:\Users\Aaron\AppData\Local\Temp\devcon64.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\nvStInst.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-27 00:59
==================== End of FRST.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-28 19:44:31
-----------------------------
19:44:31.912 OS Version: Windows x64 6.1.7601 Service Pack 1
19:44:31.912 Number of processors: 4 586 0x2A07
19:44:31.913 ComputerName: BLACKPC UserName: Aaron
19:44:32.096 Initialize success
19:44:32.106 VM: initialized successfully
19:44:32.107 VM: Intel CPU BiosDisabled
19:45:32.270 AVAST engine defs: 16062801
20:18:12.690 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:18:12.693 Disk 0 Vendor: ST2000DM CC27 Size: 1907729MB BusType: 3
20:18:12.696 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port3Path0Target1Lun0
20:18:12.699 Disk 1 Vendor: Samsung_ EMT0 Size: 476940MB BusType: 11
20:18:12.706 Disk 1 MBR read successfully
20:18:12.709 Disk 1 MBR scan
20:18:12.714 Disk 1 Windows VISTA default MBR code
20:18:12.716 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:18:12.719 Disk 1 default boot code
20:18:12.723 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
20:18:12.732 Disk 1 scanning C:\Windows\system32\drivers
20:18:15.134 Service scanning
20:18:18.617 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
20:18:19.022 Service NTIOLib_1_0_C E:\NTIOLib_X64.sys **LOCKED** 21
20:18:23.151 Modules scanning
20:18:23.158 Disk 1 trace - called modules:
20:18:23.167 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
20:18:23.172 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006fb0060]
20:18:23.178 3 CLASSPNP.SYS[fffff880017a643f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port3Path0Target1Lun0[0xfffffa8006c8b050]
20:18:23.362 AVAST engine scan C:\Windows
20:18:23.954 AVAST engine scan C:\Windows\system32
20:19:38.917 AVAST engine scan C:\Windows\system32\drivers
20:19:42.177 AVAST engine scan C:\Users\Aaron
20:21:10.735 File: C:\Users\Aaron\AppData\Local\{CF5DF901-EBF5-95B9-866D-B051A2054CC9}\uninstall.exe **INFECTED** Win32:Adware-gen [Adw]
20:21:35.872 File: C:\Users\Aaron\Desktop\Saved Filed From Harddrive\F - Programs\Malware Programs\DDS\dds.scr **INFECTED** Win32:Malware-gen
20:21:48.131 AVAST engine scan C:\ProgramData
20:22:04.178 Disk 1 statistics 5400913/0/0 @ 21.88 MB/s
20:22:04.183 Scan finished successfully
20:26:27.789 Disk 1 MBR has been saved successfully to "G:\Downloads\Malware removal\MBR.dat"
20:26:27.792 The log file has been saved successfully to "G:\Downloads\Malware removal\aswMBR 06.28.2016.txt"
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-10-2015
Ran by Aaron (2016-06-28 19:42:50)
Running from G:\Downloads\Malware removal
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-01 22:25:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aaron (S-1-5-21-2780459401-3871315293-2221292059-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2780459401-3871315293-2221292059-500 - Administrator - Disabled)
Guest (S-1-5-21-2780459401-3871315293-2221292059-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.94 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATConsole (HKLM-x32\...\{CE029721-70F7-4B1C-9E6D-E90EC7D82D8D}) (Version: 10.0.2 - APREL Tehnologija d.o.o.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Chromium (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Chromium) (Version: 50.0.2632.0 - Chromium)
Cisco WebEx Meetings (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Digital Coupon Printer (HKLM-x32\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Imperialism II (HKLM-x32\...\Imperialism II) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )
LizardTech GeoViewer (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\9b689087b44c09fc) (Version: 5.5.0.3396 - LizardTech)
Maintenance Samsung SCX-4623 Series (HKLM-x32\...\Samsung SCX-4623 Series) (Version: - Samsung Electronics CO.,LTD)
Maintenance Samsung SCX-4623FW Series (HKLM-x32\...\Samsung SCX-4623FW Series) (Version: - Samsung Electronics Co., Ltd.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.12 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.011 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
QuickBooks (x32 Version: 24.0.4010.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.6.5 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RevTraxPrintMyCoupon (HKLM-x32\...\{A3F9A883-1D51-4D0F-83F6-2D060A26C8E9}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.23.04 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{761B7BC1-09CF-488B-8A45-010D16A5239F}) (Version: 6.1.6.0 - Husdawg, LLC)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 7.3.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.3.0.3 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
14-06-2016 04:40:46 Windows Update
15-06-2016 03:00:28 Windows Update
20-06-2016 14:40:08 Installed PrintMyCouponAnywhere
21-06-2016 19:03:50 Windows Update
24-06-2016 03:00:10 Windows Update
28-06-2016 18:21:07 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-04-09 21:04 - 00000064 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1E7B521C-0F67-4876-9FAF-59C7E1B80C41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
Task: {295A1C6B-F6B6-423B-9A70-07062BE58BC7} - System32\Tasks\{A0DC1DEF-2121-46DD-929B-143D0AFC2E50} => pcalua.exe -a C:\Users\Aaron\Desktop\populousdemo.exe -d C:\Users\Aaron\Desktop
Task: {2D399FC8-C1D2-48BD-9323-611D65670408} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
Task: {3C2F9E46-8E3D-49A4-8F74-95EA4D0BB816} - System32\Tasks\{D370B6B3-F58E-4857-8585-3DFD0F92E51F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {5682C1DD-68C4-49AC-901D-38974F4219FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {5D27FFA1-301F-4FBB-ACCD-21A4F71F278C} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {60155F0B-ADC8-4F82-850E-B16B918376D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6A1EE2E4-E381-47A6-9CD5-A6F33D057F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8C8EEE6D-7AFE-4525-A463-C73CFA3A9315} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A8307E37-05BC-42D2-9539-E6063849F18F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B03ED6B5-6DC3-45D2-8D23-EFD39F4C99A2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B56D32CB-D9EA-4E4E-993D-ADEFFB10BB55} - System32\Tasks\ATConsole => G:\Program Files (x86)\AT Console\ATConsole.Run.exe [2015-02-27] (APREL Tehnologija d.o.o.)
Task: {C32D4C09-E13C-47F3-94C2-6D7D73D140B1} - System32\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7} => C:\Users\Aaron\AppData\Local\{CF5DF~1\UNINST~1.EXE [2013-04-28] ()
Task: {D2F856D1-7C6F-4B22-BD64-D1B1ECB396F5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
Task: {D5A6A751-A8D8-40E8-90DE-FD1B34B0E5EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATConsole.job => G:\Program Files (x86)\AT Console\ATConsole.Run.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7}.job => C:\Users\Aaron\AppData\Local\{CF5DF~1\UNINST~1.EXE
==================== Loaded Modules (Whitelisted) ==============
2012-09-15 17:18 - 2009-10-28 00:34 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll
2012-09-15 17:17 - 2010-02-11 01:25 - 00750080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sso4mdu.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-28 00:04 - 2014-03-19 10:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2012-09-02 22:34 - 2014-11-12 16:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-29 00:05 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-05-07 11:34 - 2015-05-07 11:34 - 00123912 _____ () C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll
2012-10-08 21:11 - 2011-07-13 07:42 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-03-14 09:47 - 2013-03-14 09:47 - 15500800 _____ () C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
2012-10-08 21:08 - 2011-06-24 13:55 - 01990144 _____ () C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
2012-09-15 17:18 - 2010-02-11 00:55 - 01982464 _____ () C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
2012-09-15 17:18 - 2009-10-27 00:00 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-09-15 17:18 - 2009-10-28 03:09 - 00204800 _____ () C:\Windows\Twain_32\Samsung\ssQScan.exe
2015-11-11 00:36 - 2005-07-18 14:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-28 00:04 - 2014-03-06 17:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2016-05-11 03:24 - 2016-05-11 03:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-09-01 19:23 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00020480 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00069632 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00126976 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00159744 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2012-10-08 21:08 - 2008-11-11 20:51 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623\ssole.dll
2012-09-15 17:18 - 2009-10-28 03:10 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623W\ssole.dll
2012-09-15 17:19 - 2010-01-03 23:39 - 00242176 _____ () C:\Windows\twain_32\Samsung\SCX4623W\NetModule2.dll
2014-08-29 00:05 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-29 00:05 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-31 13:16 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-12-24 21:05 - 2015-12-24 21:05 - 36632000 _____ () C:\Program Files (x86)\Quicken\libcef.dll
2016-06-17 18:22 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 18:22 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-17 18:22 - 2016-06-15 04:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
2012-09-15 17:18 - 2009-10-28 03:09 - 00184320 _____ () C:\Windows\Twain_32\Samsung\SecSNMPR.dll
2009-10-28 03:08 - 2009-10-28 03:08 - 00155648 _____ () C:\Windows\Twain_32\Samsung\qfilter.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123simsen.com -> www.123simsen.com
There are 7795 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{0217D790-5A0B-4926-AED5-0349C66E5845}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4DF23F10-595B-44D6-88D5-4EB05292BDC3}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{807B0FBE-527D-4CF2-AB25-A6DAF45E7CE7}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{647371F3-6C5B-4590-901B-D950BE7A0599}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{000A763F-E59A-4B61-B25C-BCA30E3BF000}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{92132E02-6C28-4E3F-9A40-76F227D2ECAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8CF40CB2-4C5E-46C6-9CC9-056DF2A02E3B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{EE14C1D6-50B6-40D9-BCBB-D762955D0F31}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{24E55F8D-F01E-4A21-A4EB-A35C38E13473}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{D2A69D5E-0DC2-4188-AD48-BD85210CD5C8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{029998F5-7064-4074-8611-3D5D4DA5D50D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{09CD2CA2-F607-4AEB-A0FF-163ABA175AC1}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{7EB35FC4-A89D-45D2-BA02-D69524AD65B0}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{8085ED9E-EADB-431A-B282-0164C2AAB947}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{A0FFC28F-1425-4DAC-8A05-7D481DB098D5}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{2D5C4C14-990F-47A4-90D7-457BBABB289B}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{5160711B-CF7C-4E3D-B87F-898FF819DF60}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{3A5630A9-83B6-44B4-ADC3-62F520EA45BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D090A75C-525E-4A75-9D56-6EBF8D21CE04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64D7CF1A-7F60-4570-B54E-820B870FA6C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F3471A5-FAC8-4D04-9AD5-FFB1BD2A2340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B092329-1752-421C-817F-BC74736C0FC0}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{49C509F9-01A1-4395-8676-CB7004AFF665}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{6488F17B-D4E1-440A-A976-018BDCFD1429}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [{583FC695-87FC-4778-BBBA-B28AAC4A5D66}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [TCP Query User{939F4DFE-70F4-4BF5-9A3A-9E8FE5FA387E}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [UDP Query User{0BF28297-A08B-4FF6-B7C7-D0A405459CBA}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{81B5AA9E-E5C0-4C4A-8024-539276718B86}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{17777220-47DA-474D-9AF4-321755C13CA2}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [TCP Query User{88A73253-ED0B-4527-B77C-8874DAACDAB3}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{C7E19288-4D88-43D9-BAE2-306A9F30F0A5}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{B58D2DFF-66D7-480D-8618-1605430444A7}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{685A77A0-34AB-47DF-B8BD-E670E32B51C8}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{515EEFDD-259C-4676-B23F-F94D4B9A9B44}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{C4F3CBDF-46D5-4AD2-8A67-05581FA19335}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{EF1B562A-9655-409A-A934-C36B5BE3C257}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{6AA3ACBA-BD16-4B0E-BA8D-A81CC2C4793D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{007E4B09-0B56-4895-8D4E-F6DCFE7283BA}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F6B757B5-307F-46A4-9FFE-52451D03DFD1}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0725FF3A-769D-41C2-A289-A9A84A88F286}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{792CCAA8-A680-414C-AE91-DCC151C84A51}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{3367A23D-97C2-4749-940F-6D514AE6672F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5BD4A1FC-D6AA-4C52-8B0B-CA3F9E86ED47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B7A76FB-4724-4FE6-B196-6B06CBADD793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C5E6FD03-1E3C-4CCD-A7D4-A3298D6C5C78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{385F3167-C5AD-4CF5-B351-7A86732A43BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7A7C0C33-D121-47B6-9D41-718945A85791}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8E80AB15-E4CD-4036-A157-672707862741}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{39E3449E-C699-4E28-90FB-E06F88334D95}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{D113A492-7756-4F49-85B5-F7BD5A1E8A20}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{3826C67F-BAB1-4373-8C9F-1EBEF6453A3C}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{212AA332-EC1E-42B1-BFB1-0CC6EB6BF954}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54DC90E6-1D2E-491E-A85C-DBBB8A3A664C}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{044F4BD9-C563-4FD2-AEA3-B02116760FEE}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{36202C0E-2357-42C6-BA8A-DBE0EC2D8721}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{A3C4DB23-6990-4A53-A9B7-B61945751091}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0ECDDE80-FA5E-40B7-8B9D-5D72F64742D4}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E4066D09-D13F-4B51-9EB1-69CDACB8FB73}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [UDP Query User{0109CF3E-4B39-45D2-82BB-AEFAA0420CD0}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{C2C2BCE8-1594-4AC2-B550-79D8F85EACE7}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{8766A6F0-FAC2-4FBB-AD31-B730A87305AB}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [TCP Query User{C0961C7C-E162-447A-98EF-3592A6DC8CF9}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [UDP Query User{1095EE0E-48B6-4A9C-BD54-C51996BCC79D}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{670D0A41-209C-4E40-943B-02114E9FD0D3}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{062B4869-47F9-46D5-92F8-E524F70A7A55}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{F4BAD991-2E3A-4594-A695-C4262646BF25}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81BCE1E4-4FC0-470D-8C28-0313355E18DF}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90481295-BB13-4D32-A77E-1A13FB749236}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7F73812-5374-4932-86D9-1BD9F90B6D08}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58A2B39B-1180-4EE3-BCAB-FA6B658E5F93}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6312911C-5EF6-4E71-AFCF-A31E1EC944CD}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5FDB9E24-9DFB-4E28-99E9-1C473FC3023E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{8C844D3F-1A63-4882-A732-9530887F98B5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B18BD1A8-F169-48A7-A2FE-695972E0E094}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{17F56712-C452-4E5D-BA33-8B0917F50083}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4FC4A00D-D59B-4E3B-B958-664EC6E56F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{817BB168-CBDD-4062-8C11-2EAADA1949CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A86C17B5-0A02-41B2-8AB9-B58665CABA74}] => (Allow) LPort=15600
FirewallRules: [TCP Query User{36474C56-EA37-46B9-BD3D-C68BDED81617}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{96BC5ABF-B1DA-4567-872B-982061CFDA35}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{8FB55FC7-0025-4A3A-9E79-B952FC977CC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00D30FAC-F1B4-47A7-BB8F-13B0F4533CD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5722600-A349-4137-99F6-8B256D87081E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C52BEA8-5C93-45E0-80E3-AD6A9934C318}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E088082F-6A4D-4302-8DE6-3B83197FA395}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D9A6317-004C-4412-8214-F5F6F5F9A5EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C911CDFB-32E3-455D-A432-4C9B84530EAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FAD4D0EE-73EA-42BF-AC21-11CB13608918}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C3AEB49A-1289-47FA-A500-6F0997C20554}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{08FFB907-5708-4631-83C2-F9B7A18B7019}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{89CD940C-9C67-4A5D-AC84-A07E3EF27EB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9181AAA1-5CA1-4C50-981C-285A6EE35D7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C70E8461-ED80-49B4-807E-8EC142DFEF33}] => (Allow) C:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{31982D3E-0DC5-4803-87AE-47C6587CD3FD}] => (Allow) C:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{989AF1D3-C6B6-48A9-B2CD-F75C0E18D186}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{501BAEB9-DE26-4EFD-88B1-EF17F3014023}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EED4ECDB-E3B1-47EB-BF71-B107E588AE42}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8AE8D19-0ABA-4486-BCF1-0EAE8E11053A}] => (Allow) LPort=5556
FirewallRules: [{D9F19A89-DC3C-439D-8196-E71423725A88}] => (Allow) LPort=5558
FirewallRules: [{6EA070DA-3FCC-4EB2-B297-50AB412EB562}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{748B9199-488F-4ABB-A71A-946C9F9E79A2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9B45498D-44CA-4F62-84A4-74E2AA2BA683}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{84029931-34BD-46A0-A5BB-029CBC56A979}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A920B8B4-5AD6-4410-847F-362DAF341DB8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4EB60917-EEEB-4D6A-8DC3-5E2E7CDD6D88}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5C62F8B3-3189-4DBE-A526-0A1D8E2A7A14}] => (Allow) C:\Users\Aaron\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{8534B141-72A5-4B44-8D00-9447FA738795}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{7DA3D94B-3DD6-44CA-A3C3-27FBB69E3F6F}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{129B6FE1-6697-4108-8C9E-787395372FF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2016 05:26:12 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CREDITCARDCHARGE, TxnID: 18062
Error: (06/28/2016 05:23:42 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CREDITCARDCHARGE, TxnID: 18068
Error: (06/28/2016 05:18:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CREDITCARDCHARGE, TxnID: 15627
Error: (06/28/2016 05:16:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 18027
Error: (06/28/2016 05:14:44 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 13783
Error: (06/28/2016 05:14:21 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 15660
Error: (06/28/2016 05:13:48 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: CHECK, TxnID: 18569
Error: (06/28/2016 05:04:15 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBENDDATE
Error: (06/28/2016 05:04:15 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::WriteExcelVariable Com Error#: 800a03ec
Error: (06/28/2016 05:04:15 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSTARTDATE
System errors:
=============
Error: (06/15/2016 03:18:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/09/2016 07:32:34 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (0).
Error: (06/09/2016 07:32:34 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (0).
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x405840=0xa0040800
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Shader Program Header 18 Error
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Shader Program Header 11 Error
Error: (06/01/2016 09:43:32 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x405848=0x80000000
Error: (05/16/2016 07:22:53 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffff80000003, 0xfffff800032cf210, 0xfffff8800b2da3f8, 0xfffff8800b2d9c50)C:\Windows\MEMORY.DMP051616-13790-01
Error: (05/07/2016 05:13:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053
Error: (05/07/2016 05:13:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
CodeIntegrity:
===================================
Date: 2015-10-31 10:26:29.847
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-31 10:26:29.807
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 52%
Total physical RAM: 8159.13 MB
Available physical RAM: 3862.32 MB
Total Virtual: 16316.45 MB
Available Virtual: 10277.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:312.19 GB) NTFS
Drive g: (2TB) (Fixed) (Total:1863.01 GB) (Free:1614.91 GB) NTFS
Drive h: (TurboTax 2015) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C8526F36)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 954F3D56)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015
Ran by Aaron (administrator) on BLACKPC (28-06-2016 19:42:35)
Running from G:\Downloads\Malware removal
Loaded Profiles: Aaron (Available Profiles: Aaron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
() C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Intuit Inc. All rights reserved.) C:\Users\Aaron\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Samsung Electronics) C:\Windows\twain_32\Samsung\ScanMgr.exe
() C:\Windows\twain_32\Samsung\ssQscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [SCX4623_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623 Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623FW Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe [1982464 2010-02-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3484624 2014-10-24] (Micro-Star International)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-08-12] (SlySoft, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Steam] => G:\Program Files (x86)\Steam\Steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Google Update] => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-09] (Google Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Chromium] => c:\users\aaron\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [2013-10-12]
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-10-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-10-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-10-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> G:\QuickBooks Pro 2014\QBW32.EXE (Intuit Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23578A93-21A1-47F2-A51B-97699C7B3824}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6588490C-9C39-4614-8E15-1D116A942169}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> DefaultScope {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-07-29] (Wondershare)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - G:\QuickBooks Pro 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_14¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtC0B0CtCzzyEyB0BzzzytN0D0Tzu0StCyDyCtDtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAzz0C0EtAtC0AtGyC0A0C0CtGtC0CyBtDtGtB0FyDtCtG0F0C0CzyyCzyyEtBtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0A0EtBzytAtDtG0DtBtAyEtGyE0FtAtCtG0BtA0D0EtGyByEyEyDtBtAzytDtA0FtA0A2QtN0A0LzutB%26cr%3D1200912582%26a%3Dwbf_pwrisofs_16_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2016-01-18] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-10-03] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\searchplugins\Search Provided by Yahoo.xml [2016-04-09]
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-06-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-08-29] [not signed]
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FunCustomCreations) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aloclllfpfjnbhenpnopmemkdjnoimki [2016-06-27]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (Search Manager) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-06-23]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Cast) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-06-15]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock development build) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-28]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1730000 2014-10-24] (Micro-Star International)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-07-12] (Samsung Electronics Co., Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-07] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-07] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-18] (GFI Software)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-15] (Malwarebytes)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-11-01] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-20 14:39 - 2016-06-20 14:39 - 00950272 _____ C:\Users\Aaron\Downloads\PrintMyCouponAnywhereInstaller.msi
2016-06-15 09:31 - 2016-06-15 09:31 - 00000000 ___RD C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-06-14 23:42 - 2016-06-06 11:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 23:42 - 2016-06-06 11:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 23:42 - 2016-06-03 08:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 23:42 - 2016-05-27 08:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-14 23:42 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 23:42 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-14 23:42 - 2016-05-22 08:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 23:42 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 23:42 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 23:42 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-14 23:42 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-14 23:42 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-14 23:42 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-14 23:42 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 23:42 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-14 23:42 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-14 23:42 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 23:42 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-14 23:42 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 23:42 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-14 23:42 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-14 23:42 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 23:42 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-14 23:42 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-14 23:42 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-14 23:42 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-14 23:42 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 23:42 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 23:42 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 23:42 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-14 23:42 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-14 23:42 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 23:42 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-14 23:42 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-14 23:42 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-14 23:42 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-14 23:42 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 23:42 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-14 23:42 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-14 23:42 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-14 23:42 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-14 23:42 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 23:42 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-14 23:42 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 23:42 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-14 23:42 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 23:42 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-14 23:42 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-14 23:42 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 23:42 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-14 23:42 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-14 23:42 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-14 23:42 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 23:42 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-14 23:42 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 23:42 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 23:42 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 23:42 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 23:42 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-14 23:42 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 23:42 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 23:42 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 23:42 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-14 23:42 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-14 23:42 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 23:42 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 23:42 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 23:42 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 23:42 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 23:42 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 23:42 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-14 23:42 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 23:42 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 23:42 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-14 23:42 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-14 23:42 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 23:42 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-14 23:42 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 23:42 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-14 23:42 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 23:42 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 23:42 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-14 23:42 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-14 23:42 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 23:42 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-14 23:42 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-14 23:42 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-14 23:42 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-14 23:42 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-14 23:42 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-14 23:42 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-14 23:42 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-14 23:42 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-14 23:42 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 23:42 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 23:42 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 23:42 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 23:42 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 23:42 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-14 23:42 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-14 23:42 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 23:42 - 2016-04-14 11:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-14 23:42 - 2016-04-14 11:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-14 23:42 - 2016-04-14 11:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-14 23:42 - 2016-04-14 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-14 23:42 - 2016-04-14 10:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-14 23:42 - 2016-04-14 10:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-14 23:42 - 2016-04-09 01:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 23:42 - 2016-04-09 01:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-14 23:42 - 2016-04-09 01:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-14 23:42 - 2016-04-09 01:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-14 23:42 - 2016-04-09 00:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 23:42 - 2016-04-09 00:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-14 23:42 - 2016-03-09 14:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-14 23:42 - 2016-03-09 13:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-11 12:31 - 2016-06-11 19:40 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Acrylic Wi-Fi Home
2016-06-11 12:31 - 2016-06-11 19:40 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2016-06-11 12:31 - 2016-06-11 12:31 - 00000875 _____ C:\Users\Aaron\Desktop\Acrylic Wi-Fi Home.lnk
2016-06-11 12:31 - 2016-06-11 12:31 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2016-06-07 16:29 - 2016-06-28 09:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-28 19:42 - 2016-04-19 21:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-28 19:42 - 2015-10-28 22:01 - 00000000 ____D C:\FRST
2016-06-28 19:36 - 2015-05-09 10:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job
2016-06-28 19:36 - 2012-09-01 17:25 - 00000000 ____D C:\Users\Aaron
2016-06-28 19:35 - 2015-10-28 21:59 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-28 19:31 - 2012-09-02 11:45 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Skype
2016-06-28 19:21 - 2014-05-24 22:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 19:18 - 2015-03-21 01:17 - 00000498 _____ C:\Windows\Tasks\ATConsole.job
2016-06-28 19:13 - 2012-09-15 17:27 - 00000072 _____ C:\Users\Public\LMDebug.log
2016-06-28 19:03 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-28 19:03 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-28 18:45 - 2016-04-09 15:45 - 00000270 _____ C:\Windows\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7}.job
2016-06-28 18:30 - 2012-09-01 16:53 - 01480000 _____ C:\Windows\WindowsUpdate.log
2016-06-28 17:21 - 2014-05-24 22:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-28 15:36 - 2015-05-09 10:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job
2016-06-27 00:45 - 2016-04-09 16:45 - 00000267 _____ C:\Users\Aaron\AppData\Roaming\WB.CFG
2016-06-24 12:57 - 2012-09-01 22:09 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-06-24 03:00 - 2015-12-31 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-24 03:00 - 2015-12-31 20:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 03:00 - 2015-12-31 20:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 09:13 - 2013-09-04 18:56 - 00000000 ____D C:\Users\Aaron\AppData\Local\Deployment
2016-06-20 17:55 - 2009-07-13 23:51 - 00082356 _____ C:\Windows\setupact.log
2016-06-20 17:48 - 2012-10-04 20:29 - 00000000 ____D C:\Users\Aaron\AppData\Local\CrashDumps
2016-06-17 18:22 - 2014-05-24 22:47 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 18:22 - 2014-05-24 22:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 01:42 - 2016-04-19 21:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 01:42 - 2012-09-01 22:33 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 01:42 - 2012-09-01 22:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 09:30 - 2014-08-29 09:33 - 00000040 ___SH C:\ProgramData\.zreglib
2016-06-15 09:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-06-15 03:26 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-15 03:19 - 2015-04-15 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 03:19 - 2012-10-22 19:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-15 03:19 - 2012-09-01 19:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-15 03:19 - 2010-11-20 22:47 - 01682678 _____ C:\Windows\PFRO.log
2016-06-15 03:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 03:19 - 2009-07-13 23:45 - 00425960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 03:03 - 2013-03-16 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-06-13 19:31 - 2010-11-20 22:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-12-16 22:19 - 2014-04-24 08:04 - 0099678 _____ () C:\Program Files (x86)\7a528302-651c-415a-b73e-d6f647cf6467-avery-icon_02.ico
2014-12-16 22:19 - 2014-04-30 11:01 - 0131584 _____ () C:\Program Files (x86)\DesktopDPO.exe
2014-12-16 22:19 - 2014-05-08 12:14 - 9809519 _____ () C:\Program Files (x86)\DesktopDPO.swf
2014-12-16 22:19 - 2014-03-24 05:50 - 0000059 _____ () C:\Program Files (x86)\mimetype
2014-12-16 22:19 - 2014-12-16 22:19 - 0063594 _____ () C:\Program Files (x86)\uninstall.dat
2016-04-09 16:45 - 2016-06-27 00:45 - 0000267 _____ () C:\Users\Aaron\AppData\Roaming\WB.CFG
2013-03-09 19:40 - 2013-04-07 10:39 - 0919244 _____ () C:\Users\Aaron\AppData\Local\a.zip
2012-09-01 21:04 - 2015-08-27 21:31 - 0007616 _____ () C:\Users\Aaron\AppData\Local\resmon.resmoncfg
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\Aaron\AppData\Local\setup.txt
2014-08-29 09:33 - 2016-06-15 09:30 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-03-21 01:18 - 2015-03-21 01:18 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-03-21 20:17 - 2016-04-07 19:54 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-10 15:47 - 2016-04-10 15:47 - 3730356 _____ () C:\ProgramData\SamPCFax00004C6C0001
Files to move or delete:
====================
C:\Windows\Tasks\{35DBB725-81D3-AA29-EBC0-7F4D3013D3D7}.job
Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\AutoWifi.exe
C:\Users\Aaron\AppData\Local\Temp\devcon64.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\nvStInst.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-27 00:59
==================== End of FRST.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-28 19:44:31
-----------------------------
19:44:31.912 OS Version: Windows x64 6.1.7601 Service Pack 1
19:44:31.912 Number of processors: 4 586 0x2A07
19:44:31.913 ComputerName: BLACKPC UserName: Aaron
19:44:32.096 Initialize success
19:44:32.106 VM: initialized successfully
19:44:32.107 VM: Intel CPU BiosDisabled
19:45:32.270 AVAST engine defs: 16062801
20:18:12.690 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:18:12.693 Disk 0 Vendor: ST2000DM CC27 Size: 1907729MB BusType: 3
20:18:12.696 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port3Path0Target1Lun0
20:18:12.699 Disk 1 Vendor: Samsung_ EMT0 Size: 476940MB BusType: 11
20:18:12.706 Disk 1 MBR read successfully
20:18:12.709 Disk 1 MBR scan
20:18:12.714 Disk 1 Windows VISTA default MBR code
20:18:12.716 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:18:12.719 Disk 1 default boot code
20:18:12.723 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
20:18:12.732 Disk 1 scanning C:\Windows\system32\drivers
20:18:15.134 Service scanning
20:18:18.617 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
20:18:19.022 Service NTIOLib_1_0_C E:\NTIOLib_X64.sys **LOCKED** 21
20:18:23.151 Modules scanning
20:18:23.158 Disk 1 trace - called modules:
20:18:23.167 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
20:18:23.172 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006fb0060]
20:18:23.178 3 CLASSPNP.SYS[fffff880017a643f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port3Path0Target1Lun0[0xfffffa8006c8b050]
20:18:23.362 AVAST engine scan C:\Windows
20:18:23.954 AVAST engine scan C:\Windows\system32
20:19:38.917 AVAST engine scan C:\Windows\system32\drivers
20:19:42.177 AVAST engine scan C:\Users\Aaron
20:21:10.735 File: C:\Users\Aaron\AppData\Local\{CF5DF901-EBF5-95B9-866D-B051A2054CC9}\uninstall.exe **INFECTED** Win32:Adware-gen [Adw]
20:21:35.872 File: C:\Users\Aaron\Desktop\Saved Filed From Harddrive\F - Programs\Malware Programs\DDS\dds.scr **INFECTED** Win32:Malware-gen
20:21:48.131 AVAST engine scan C:\ProgramData
20:22:04.178 Disk 1 statistics 5400913/0/0 @ 21.88 MB/s
20:22:04.183 Scan finished successfully
20:26:27.789 Disk 1 MBR has been saved successfully to "G:\Downloads\Malware removal\MBR.dat"
20:26:27.792 The log file has been saved successfully to "G:\Downloads\Malware removal\aswMBR 06.28.2016.txt"