Updatechecker, Crossrider? causing issues incl windows update webcam idle photos etc

[Alpherio]

Having a handful of software issues including windows update functionality being gone/unrepairable,
computer restarting instead of shutting off,
performance speeds,
the integrated webcam seems to take stills(hundreds) when it is idle+closed(no image, just blank screen),
driver issues that won't fix such as sound problems when HDMI connection to tv used. The sound cuts out and fades back in every time the sound stops during video use.
A couple issues have shown up in Spybot scans that weren't showing up before even though these problems were going on well before these issues reared their heads. They don't want to fix, and the second scan took over three hrs to complete. Top of log posted below as well as other required logs.
Thanks so much for the time/ assistance!
-I have donated and pay for full Spybot, I love your products and company!!

Farbar:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Matt (administrator) on ONEPUTER (01-11-2015 09:05:55)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt & Sarah (Available Profiles: Matt & Sarah)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot Anti-Beacon\SDCutTheLine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-01] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AE6BC52A-FEAC-49D8-AB5D-FDE9F836AD83}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BC48F90C-37A5-4AD2-AD2E-8127DC1EAB34}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3521546551-3123563252-608694627-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-3521546551-3123563252-608694627-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Matt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)
FF HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-14]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-04]
CHR Extension: (Netflix) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-14]
CHR Extension: (Pandora) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-06-14]
CHR Extension: (iCloud Bookmarks) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-26]
CHR Extension: (Widthie) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [8704 2014-04-15] (ASUS) [File not signed]
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 09:05 - 2015-11-01 09:06 - 00025202 _____ C:\Users\Matt\Desktop\FRST.txt
2015-11-01 09:04 - 2015-11-01 09:04 - 00000000 ____D C:\Users\Matt\Desktop\FRST-OlderVersion
2015-10-31 15:04 - 2015-10-31 15:04 - 00023480 _____ C:\Windows\SysWOW64\bddel.exe
2015-10-31 13:20 - 2015-10-25 11:43 - 00452043 ____R C:\Windows\system32\Drivers\etc\hosts.20151031-142055.backup
2015-10-24 15:22 - 2015-10-24 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-24 14:45 - 2015-10-24 14:45 - 00290408 _____ C:\Windows\Minidump\102415-31578-01.dmp
2015-10-24 11:34 - 2015-10-24 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-24 11:31 - 2015-10-24 11:31 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-24 11:31 - 2015-10-24 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-24 11:30 - 2015-10-24 11:31 - 00000000 ____D C:\Program Files\iTunes
2015-10-24 11:30 - 2015-10-24 11:30 - 00000000 ____D C:\Program Files\iPod
2015-10-24 11:30 - 2015-10-24 11:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-18 12:33 - 2015-10-18 12:33 - 00001111 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
2015-10-18 12:33 - 2015-10-18 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2015-10-18 12:33 - 2015-10-18 12:33 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2015-10-18 12:08 - 2015-10-18 12:08 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-10-18 10:26 - 2015-09-12 10:01 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151018-112641.backup
2015-10-14 21:56 - 2015-10-14 21:56 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\uTorrent
2015-10-09 21:55 - 2015-10-09 21:55 - 00290496 _____ C:\Windows\Minidump\100915-40203-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 09:06 - 2015-06-10 18:54 - 00000000 ____D C:\FRST
2015-11-01 09:06 - 2015-06-03 16:10 - 00000376 _____ C:\Windows\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001.job
2015-11-01 09:04 - 2015-06-10 18:53 - 02198016 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2015-11-01 09:00 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-01 08:58 - 2015-02-27 12:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521546551-3123563252-608694627-1001
2015-11-01 08:52 - 2015-02-27 18:52 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2015-11-01 08:50 - 2015-02-26 22:21 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-01 08:14 - 2014-03-18 02:03 - 00863596 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-01 08:11 - 2015-02-27 12:37 - 00000093 _____ C:\Users\Matt\AppData\Roaming\sp_data.sys
2015-10-31 19:08 - 2015-07-07 21:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-31 15:04 - 2015-06-03 16:31 - 00070202 _____ C:\Windows\SysWOW64\bddel.dat
2015-10-31 15:02 - 2015-06-03 15:46 - 00000000 ____D C:\Program Files (x86)\HQCinema Pro 2.1V03.06
2015-10-31 13:17 - 2015-07-07 22:04 - 00000000 ___RD C:\Users\Matt\Dropbox
2015-10-31 13:17 - 2015-07-07 21:57 - 00000000 ____D C:\Users\Matt\AppData\Local\Dropbox
2015-10-31 13:16 - 2015-07-07 21:57 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-31 13:16 - 2015-06-02 11:23 - 00000000 ___RD C:\Users\Matt\iCloudDrive
2015-10-31 13:16 - 2015-02-27 12:39 - 00000000 ___DO C:\Users\Matt\Desktop\OneDrive
2015-10-31 13:16 - 2015-02-26 22:21 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 11:04 - 2014-08-14 08:37 - 01350459 _____ C:\Windows\WindowsUpdate.log
2015-10-31 10:54 - 2013-08-22 06:46 - 00079931 _____ C:\Windows\setupact.log
2015-10-31 10:54 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 10:53 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-31 10:52 - 2015-02-27 12:33 - 00000000 ____D C:\Users\Matt
2015-10-31 05:52 - 2015-02-27 12:44 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EDBD8DFB-6D84-4E3D-B9AD-7E72DA0E9CF5}
2015-10-30 19:36 - 2015-02-28 11:51 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2015-10-30 16:10 - 2015-06-03 16:10 - 00000410 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001.job
2015-10-24 15:22 - 2015-07-07 21:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-24 14:49 - 2015-02-26 22:24 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-24 14:45 - 2015-08-30 06:14 - 00000000 ____D C:\Windows\Minidump
2015-10-24 14:44 - 2015-08-30 06:14 - 2098379375 _____ C:\Windows\MEMORY.DMP
2015-10-24 11:34 - 2015-06-02 11:23 - 00000000 ____D C:\Users\Matt\AppData\Local\Apple Inc
2015-10-24 11:30 - 2015-02-27 15:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-18 09:49 - 2015-07-08 18:54 - 00000000 ____D C:\Users\Matt\AppData\Local\Citrix
2015-10-16 21:09 - 2015-05-04 21:51 - 00000000 ____D C:\Users\Matt\Desktop\Galactica
2015-10-15 06:37 - 2015-09-13 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-14 22:42 - 2015-03-03 17:51 - 00464384 ___SH C:\Users\Matt\Desktop\Thumbs.db
2015-10-12 21:11 - 2015-05-09 18:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2015-10-09 21:54 - 2014-03-18 01:54 - 00635338 _____ C:\Windows\PFRO.log
2015-10-02 23:52 - 2015-03-20 20:42 - 00000593 _____ C:\Windows\wininit.ini
2015-10-02 23:52 - 2015-02-27 19:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

==================== Files in the root of some directories =======

2015-02-27 12:37 - 2015-11-01 08:11 - 0000093 _____ () C:\Users\Matt\AppData\Roaming\sp_data.sys
2015-06-03 17:05 - 2015-06-03 17:04 - 0613255 _____ (CMI Limited) C:\Users\Matt\AppData\Local\nsh2DCA.tmp
2015-06-03 17:08 - 2015-06-03 17:08 - 0628688 _____ (CMI Limited) C:\Users\Matt\AppData\Local\nsn4312.tmp
2015-06-03 16:36 - 2015-06-03 16:36 - 0613255 _____ (CMI Limited) C:\Users\Matt\AppData\Local\nsu2942.tmp
2015-06-08 21:24 - 2015-06-12 17:18 - 0007605 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2014-08-14 08:52 - 2014-08-14 08:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-14 09:14 - 2014-03-25 17:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-14 20:43 - 2014-03-26 12:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-14 20:43 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-14 20:43 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\RefreshReg.vbs


Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcq9ry.dll
C:\Users\Sarah\AppData\Local\Temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-01 08:20

==================== End of FRST.txt ============================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Matt (2015-11-01 09:06:41)
Running from C:\Users\Matt\Desktop
Windows 8.1 (X64) (2015-02-27 20:35:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3521546551-3123563252-608694627-500 - Administrator - Disabled)
Guest (S-1-5-21-3521546551-3123563252-608694627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3521546551-3123563252-608694627-1003 - Limited - Enabled)
Matt (S-1-5-21-3521546551-3123563252-608694627-1001 - Administrator - Enabled) => C:\Users\Matt
Sarah (S-1-5-21-3521546551-3123563252-608694627-1004 - Administrator - Enabled) => C:\Users\Sarah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
FLAC To MP3 V4.1 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.4 - Safer-Networking Ltd.)
System Requirements Lab Detection (HKLM-x32\...\{CC656969-7AE7-415C-A3EB-BA687F3AB03F}) (Version: 6.1.6.0 - Husdawg, LLC)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-10-2015 10:39:17 Scheduled Checkpoint
18-10-2015 12:07:41 Installed System Requirements Lab Detection
31-10-2015 11:49:43 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2015-10-31 13:20 - 00452043 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15487 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C393F25-613E-41FC-9DE3-6E999983FCEF} - System32\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {2435A1F2-FC3A-456C-BC02-8D182D59AD04} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-11-01] ()
Task: {24A0BD95-2087-417F-BBA6-F3D508D95A27} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {349A602C-FEED-4556-9741-904302CA0DDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {351DAD53-AA32-4624-AF85-9896C179051F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {451A682B-E5A9-4E74-92E5-665A0F62477F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-14] (Realtek Semiconductor)
Task: {45CC27D6-7D5B-4DF7-9333-9290DE8502A7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-11-01] ()
Task: {4D3CBEF1-974C-4CA1-A5BB-DD41A8EE04D1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
Task: {4E94B278-A383-4EB1-BD76-38027ADFC74E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
Task: {55B667DD-DAB3-417B-B384-05574B9AE119} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {632E5C78-6BAE-4D48-A906-D95223FA5850} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {708DADE6-0A79-478F-8CEB-D528FBAC2867} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
Task: {78A3D0CD-B5B0-4856-8F99-23497EBB9AFC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {82B8E927-55E0-42A5-BC19-2BB9CE7A9C42} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {83B71413-109F-4F33-8BD5-A3202E5636A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A16E75AB-AB14-4BAE-AF48-393D0BF6E322} - System32\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {D95E1D65-8FB1-4E31-91C4-692BBE3A040F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {E3C7E82D-A594-4911-AECE-B09DF1C6B31A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {ECC7EE87-28FB-4390-A463-40BF93A6AE79} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {EDB36471-01F6-42EE-B9C7-A025B4A09664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
Task: {EFC10CC2-9655-47BC-867D-3551C92B7E04} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-15 16:36 - 2014-04-15 16:36 - 00016384 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-09-07 18:34 - 2015-09-01 23:23 - 00074752 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-04-15 16:36 - 2014-04-15 16:36 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-08-14 09:12 - 2013-05-02 10:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2015-02-27 19:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-27 19:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-27 19:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-27 19:35 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-27 19:35 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-14 08:47 - 2013-10-23 12:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-10-24 14:49 - 2015-10-20 06:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-24 14:49 - 2015-10-20 06:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-31 13:17 - 2015-10-31 13:17 - 00071168 _____ () c:\users\matt\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcq9ry.dll
2015-07-07 22:02 - 2015-09-23 15:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-07 22:02 - 2015-09-23 15:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 18:45 - 2015-09-23 15:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-07 22:02 - 2015-09-23 15:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-02-27 19:35 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1004\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\Desktop\Galactica\carina.jpg
HKU\S-1-5-21-3521546551-3123563252-608694627-1004\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Rowan Wolfe Buchanan 9.2014\31_2.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "FlashGamesRockstar"
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99653552-2740-4A0A-8B29-7EE97257AA12}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0F757B8E-21C2-43B9-B86C-4463B66FF786}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B33362BB-E669-4EEF-9C38-FC49092CF823}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5D1F7E76-D2E6-4F55-A128-44E2EA2EA06C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{301DCFD4-F980-4FAD-A9B1-45A160697CB8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E3D22119-1654-42AF-BCD0-B3F697269BB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72FCB0D1-2CC8-4820-AEC4-5BC889A4F102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{125066DC-67E5-411F-B621-8A6903D5B67B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCD9183A-2943-4697-A704-A7666A1388CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF7AE39D-526A-4773-AB48-4C86BDC58981}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{18C10A00-C1F4-4667-B3A7-6D325DB86CB4}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0D258B23-1380-43BD-96F3-5069C4BF449A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{626CEFE1-EE00-4D03-B60A-9507AE49DDB2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5403D72F-ABC9-4B24-AA0B-A6373F41DED8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A5B3357A-EC7A-4B49-BB0B-090A277B3F21}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AFD50EB2-E97B-4FB6-ABFD-1AFC1DC5ED97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AED42A45-8ACA-4DAC-9040-93AEEAF4F16D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED7DE36D-3689-48A4-BD3A-06ACD3E8261D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBF4C46A-75B4-42E6-80E3-25387C028192}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BCE46DB-9D73-4381-836E-397709B38931}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{04AFBF30-2273-4593-93C3-48805E36250B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8F3C79AA-5E4F-44F9-B74B-A2229C63C5D6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2015 12:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (11/01/2015 12:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (11/01/2015 12:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2015 12:12:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5796

Error: (11/01/2015 12:12:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5796

Error: (11/01/2015 12:12:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2015 12:12:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19d04

Start Time: 01d1145d3b8ff0dc

Termination Time: 4294967295

Application Path: C:\Windows\system32\backgroundTaskHost.exe

Report Id: 3f92d08b-8070-11e5-8298-f81654531587

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (10/31/2015 06:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14d90

Start Time: 01d1143945df5ad8

Termination Time: 4294967295

Application Path: C:\Windows\system32\backgroundTaskHost.exe

Report Id: f6477396-803d-11e5-8298-f81654531587

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (10/31/2015 05:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 899765

Error: (10/31/2015 05:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 899765


System errors:
=============
Error: (11/01/2015 08:09:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (11/01/2015 08:09:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (11/01/2015 08:09:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (11/01/2015 08:09:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (11/01/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (11/01/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (11/01/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (11/01/2015 08:09:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405

Error: (11/01/2015 12:12:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147942405

Error: (11/01/2015 12:12:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147942405


CodeIntegrity:
===================================
Date: 2015-11-01 09:04:12.288
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 08:50:28.644
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 08:40:21.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 08:37:42.646
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2015-11-01 08:37:40.927
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2015-11-01 08:37:39.192
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2015-11-01 08:36:41.379
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-01 08:36:40.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-01 08:36:39.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-01 08:36:37.937
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 62%
Total physical RAM: 8075.16 MB
Available physical RAM: 2999.24 MB
Total Virtual: 16267.16 MB
Available Virtual: 10183.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:673.19 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B118416D)

Partition: GPT.

==================== End of Addition.txt ============================

Avast Scan:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-01 09:17:37
-----------------------------
09:17:37.715 OS Version: Windows x64 6.2.9200
09:17:37.715 Number of processors: 4 586 0x4501
09:17:37.715 ComputerName: ONEPUTER UserName: Matt
09:17:39.692 Initialize success
09:17:39.723 VM: initialized successfully
09:17:39.723 VM: Intel CPU supported
09:18:17.713 VM: disk I/O iaStorA.sys
09:30:38.087 AVAST engine defs: 15110100
09:30:52.849 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000037
09:30:52.849 Disk 0 Vendor: HGST_HTS541010A9E680 JA0OA560 Size: 953869MB BusType: 11
09:30:53.021 Disk 0 MBR read successfully
09:30:53.021 Disk 0 MBR scan
09:30:53.021 Disk 0 unknown MBR code
09:30:53.036 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
09:30:53.146 Disk 0 scanning C:\Windows\system32\drivers
09:31:07.577 Service scanning
09:32:33.186 Modules scanning
09:32:33.186 Disk 0 trace - called modules:
09:32:33.217 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
09:32:33.217 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000c54da060]
09:32:33.217 3 CLASSPNP.SYS[fffff800af40227b] -> nt!IofCallDriver -> [0xffffe000c2feca20]
09:32:33.217 5 ACPI.sys[fffff800aeb687aa] -> nt!IofCallDriver -> [0xffffe000c2ffee50]
09:32:33.233 7 ACPI.sys[fffff800aeb687aa] -> nt!IofCallDriver -> \Device\00000037[0xffffe000c2fec060]
09:32:35.643 AVAST engine scan C:\Windows
09:32:39.379 AVAST engine scan C:\Windows\system32
09:35:53.254 AVAST engine scan C:\Windows\system32\drivers
09:36:10.923 AVAST engine scan C:\Users\Matt
09:42:53.927 File: C:\Users\Matt\AppData\Roaming\ACB54807-1433375465-4647-92DA-54A050389562\vnsfC217.tmp **INFECTED** Win32:Adware-gen [Adw]
10:08:31.550 AVAST engine scan C:\ProgramData
10:10:03.611 Disk 0 statistics 3904859/0/0 @ 0.94 MB/s
10:10:03.611 Scan finished successfully
10:16:23.321 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
10:16:23.321 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

Top of Spybot Scan+Version info:
Search results from Spybot - Search & Destroy

11/1/2015 8:22:52 AM
Scan took 03:34:47.
7 items found.

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)


Adware.Agent.PYY;Adware.Agent.PYY;Adware.Agent.PSO;Adware.JS.Crossrider.E;Adware.Agent.PSO: [SBI $SpybotAV] Executable (File, nothing done)
C:\Program Files (x86)\HQCinema Pro 2.1V03.06\352fa450-46da-438d-b3b9-fd5c07333a80.crx
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Trojan.Agent.BKLE: [SBI $SpybotAV] Executable (File, nothing done)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\UpdateCheck.exe.vir
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

[ken545]

You have a bit going on malwarewise. I want to point out if you continue to use the torrents that you will just get infected again, not quite but almost 100% of files or programs downloaded via the torrents are infected.

Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please

Code:

Start
CloseProcesses:
CreateRestorePoint: 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3521546551-3123563252-608694627-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (Widthie) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-14]
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run [X]
2015-10-31 13:20 - 2015-10-25 11:43 - 00452043 ____R C:\Windows\system32\Drivers\etc\hosts.20151031-142055.backup
2015-10-18 10:26 - 2015-09-12 10:01 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151018-112641.backup
2015-10-14 21:56 - 2015-10-14 21:56 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\uTorrent
2015-11-01 08:52 - 2015-02-27 18:52 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2015-10-31 15:02 - 2015-06-03 15:46 - 00000000 ____D C:\Program Files (x86)\HQCinema Pro 2.1V03.06
Task: {1C393F25-613E-41FC-9DE3-6E999983FCEF} - System32\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {A16E75AB-AB14-4BAE-AF48-393D0BF6E322} - System32\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input
FirewallRules: [{FF7AE39D-526A-4773-AB48-4C86BDC58981}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{18C10A00-C1F4-4667-B3A7-6D325DB86CB4}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End

==========================================================





-AdwCleaner-by Xplode


Click on this link to download : ADWCleaner TO YOUR DESKTOP
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers




Do not click on any links in the top Advertisment.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================






Please download Junkware Removal Tool TO YOUR DESKTOP

• Download the one from Bleeping Computer
• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

===============================================================================


Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

• On the Dashboard click on Update Now
• Go to the Setting Tab
• Under Setting go to Detection and Protection
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
• Then on the Dashboard click on Scan
• Make sure to select THREAT SCAN
• Then click on Scan
• When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
• Please paste the log back into this thread for review
• Exit Malwarebytes

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

[Alpherio]

MBAM results:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2015
Scan Time: 9:46 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.04.01
Rootkit Database: v2015.10.28.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385421
Time Elapsed: 23 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 142
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, , [8e7386f4157685b106e3be671ce6bc44],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, , [c33e2456bfcc77bf5ecf60ce7c8655ab],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, , [c33e2456bfcc77bf5ecf60ce7c8655ab],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, , [c33e2456bfcc77bf5ecf60ce7c8655ab],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService.1.0, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, , [b34e502a39529c9a8961b37223df06fa],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachineFallback, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachineFallback.1.0, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}, , [9d646f0bdbb0f145489882a37092817f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreMachineClass, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreMachineClass.1, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, , [3bc60e6ce7a48aac31c955d8ae54a759],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass.1, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, , [fe03d9a1ddae1f17fee3d055c33f50b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}, , [b150e595315a8ea86f8cf53838ca04fc],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}, , [b150e595315a8ea86f8cf53838ca04fc],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CredentialDialogMachine, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CredentialDialogMachine.1.0, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}, , [30d1c5b5068553e329b95cc917ebcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc.1.0, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, , [19e8007a0685092d8c57fd28e022bd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.ProcessLauncher, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.ProcessLauncher.1.0, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}, , [16eb73071d6e31054e96da4bae549c64],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}, , [d928c4b6c3c86bcb1fc629fcf60cbd43],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost.1, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost.1, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost.1, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, , [58a94a306b2088aee8144ae3986a54ac],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoCreateAsync, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoCreateAsync.1.0, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}, , [e71a02788cff2e08be28fc297092f709],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachine, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}, , [a65b403a45463cfadf084dd8c83a1ce4],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachine, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachine.1.0, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, , [728f9dddcfbc6dc94ab330fd867cbf41],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInput.OneClickProcessLauncherMachine, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInput.OneClickProcessLauncherMachine.1.0, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, , [4db4bdbd6724eb4b3ead0e170ff350b0],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, , [33ce05752962ed49daadcf8c7093ac54],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe, , [0cf5bfbb26653bfb04ecfe9d31d228d8],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ConsumerInputUpdate.exe, , [c73a7cfe0c7fae88abdcbd9e748fd12f],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\dca-host.exe, , [758c98e24a4170c66d83f4a79a69c33d],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, , [e41dbebcc0cb171f7612f96245beb848],
PUP.Optional.GigaClicks, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, , [c23f97e3f19a0036bbe1ce9a40c354ac],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V03.06, , [24ddc2b8ff8c0b2b23a8b3accf34a759],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V03.06-nv, , [8879cab09dee092dc7048bd4bf448878],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V03.06-nv-ie, , [12ef1664a0eba0961daea8b717ecd828],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ConsumerInputUpdate.exe, , [3cc5dc9ee9a2c670424587d40bf8f10f],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\dca-host.exe, , [966bd6a4d4b7d75ff6fab1ea27dc936d],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.compete.cinm, , [2fd2a8d29dee6ec8d02336632dd6659b],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, , [19e87a001477979f93fb510a0cf7d42c],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\ConsumerInput, , [14ed502a9af1a39387feeb70d72c50b0],
PUP.Optional.CrossRider, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\HQCinema Pro 2.1V03.06-nv, , [fb0681f94942c373bae2203e1fe47789],
PUP.Optional.CrossRider, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\HQCinema Pro 2.1V03.06-nv-ie, , [5fa22654c7c4d95d1a82ef6fed167c84],

Registry Values: 3
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, , [0100d4a62b6041f59e569207669d8e72]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, , [53ae86f4474490a6995b930619ea748c]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, Consumer Input Update Helper, , [19e87a001477979f93fb510a0cf7d42c]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.CrossRider, C:\Program Files (x86)\9b5af7f8-571f-4257-ac86-b814c6c63b4a\23147add-be82-4481-9cd2-124fad3f36b3.dll, , [847dde9cf695b77f8c8fcb58679a9769],
PUP.Optional.CrossRider, C:\Program Files (x86)\ASUS\9b5af7f8-571f-4257-ac86-b814c6c63b4a.dll, , [c0411b5f4d3e280ead6e9d8623dec937],

Physical Sectors: 0
(No malicious items detected)


(end)

JRT Results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Matt on Tue 11/03/2015 at 17:44:46.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Matt\AppData\Roaming\sp_data.sys
Successfully deleted: [File] C:\Users\Matt\Appdata\Local\nsh2DCA.tmp
Successfully deleted: [File] C:\Users\Matt\Appdata\Local\nsn4312.tmp
Successfully deleted: [File] C:\Users\Matt\Appdata\Local\nsu2942.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\ACB54807-1433375465-4647-92DA-54A050389562



~~~ Chrome


[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gegdfeiahlfolhcfioipjlkombmgbakh

[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gegdfeiahlfolhcfioipjlkombmgbakh
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/03/2015 at 21:09:10.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWCleanber Results:

# AdwCleaner v5.017 - Logfile created 03/11/2015 at 17:33:53
# Updated 03/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Matt - ONEPUTER
# Running from : C:\Users\Matt\Desktop\Downloads\adwcleaner_5.017.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\abc
Folder Found : C:\ProgramData\28341ff220e0446c9fff27c4493d622e

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C875948-9C60-4381-9248-0DF180542D53}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\maxcomputerclenner
Key Found : HKCU\Software\OB
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\coupoon
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\coupoon

***** [ Web browsers ] *****

[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2828 bytes] ##########

FIXLOG:

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Matt (2015-11-02 18:21:27) Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt & Sarah)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3521546551-3123563252-608694627-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (Widthie) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-06-14]
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run [X]
2015-10-31 13:20 - 2015-10-25 11:43 - 00452043 ____R C:\Windows\system32\Drivers\etc\hosts.20151031-142055.backup
2015-10-18 10:26 - 2015-09-12 10:01 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151018-112641.backup
2015-10-14 21:56 - 2015-10-14 21:56 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\uTorrent
2015-11-01 08:52 - 2015-02-27 18:52 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2015-10-31 15:02 - 2015-06-03 15:46 - 00000000 ____D C:\Program Files (x86)\HQCinema Pro 2.1V03.06
Task: {1C393F25-613E-41FC-9DE3-6E999983FCEF} - System32\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {A16E75AB-AB14-4BAE-AF48-393D0BF6E322} - System32\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input
FirewallRules: [{FF7AE39D-526A-4773-AB48-4C86BDC58981}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{18C10A00-C1F4-4667-B3A7-6D325DB86CB4}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Could not restore Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh => moved successfully
UpdateCheck => service removed successfully
C:\Windows\system32\Drivers\etc\hosts.20151031-142055.backup => moved successfully
C:\Windows\system32\Drivers\etc\hosts.20151018-112641.backup => moved successfully
C:\Users\Matt\AppData\LocalLow\uTorrent => moved successfully
C:\Users\Matt\AppData\Roaming\uTorrent => moved successfully
C:\Program Files (x86)\HQCinema Pro 2.1V03.06 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C393F25-613E-41FC-9DE3-6E999983FCEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C393F25-613E-41FC-9DE3-6E999983FCEF}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A16E75AB-AB14-4BAE-AF48-393D0BF6E322}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A16E75AB-AB14-4BAE-AF48-393D0BF6E322}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001" => key removed successfully
C:\Windows\Tasks\CIMT_daily_S-1-5-21-3521546551-3123563252-608694627-1001.job => moved successfully
C:\Windows\Tasks\CIMT_S-1-5-21-3521546551-3123563252-608694627-1001.job => moved successfully
"C:\Program Files (x86)\Consumer Input" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF7AE39D-526A-4773-AB48-4C86BDC58981} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18C10A00-C1F4-4667-B3A7-6D325DB86CB4} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 11 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:23:19 ====

[ken545]

Good Morning

AdwCleaner , did you have the program remove all those entries, they need to be gone, if not you will need to run it again and when its done scanning click on the Clean option


Malwarebytes, did it remove and Quarantine all those entries, they need to be gone as well

• You can highlight one of the detections by left clicking on it.
• Then, right click on the highlighted detection, and select 'Check All Items'.
• Next, click 'Remove Selected'. That should remove them all

[Alpherio]

Both programs rerun and cleaned etc.

New results from each:

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/4/2015
Scan Time: 9:02 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.05.01
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385732
Time Elapsed: 23 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 142
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [86dfa5d55b3094a2ff22a087ac56d62a],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [2441e1994d3e73c30f56210eaf53b24e],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [2441e1994d3e73c30f56210eaf53b24e],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [2441e1994d3e73c30f56210eaf53b24e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [4e17fe7c800b8babc55d35f29f63f808],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}, Quarantined, [99cc2753dfac84b259bfd354fc06f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreMachineClass, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [b6af1961f992e3538fa370bf6d95c739],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass.1, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, Quarantined, [3f26f189711ad660f22782a5e2208878],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}, Quarantined, [cd98c3b7f49756e0979cf03f4eb4f60a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}, Quarantined, [cd98c3b7f49756e0979cf03f4eb4f60a],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}, Quarantined, [f2732357b3d869cd5dbd0c1bf40ea15f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, Quarantined, [432290ea8605a78fca510d1a02009070],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.ProcessLauncher, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}, Quarantined, [d59021594d3eaf878d8fd4538c7614ec],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}, Quarantined, [93d2f189800ba88e75a896913cc627d9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost.1, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost.1, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost.1, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [84e159210c7f13236cc8919eb052aa56],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoCreateAsync, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}, Quarantined, [d88dfb7f23682016e13ded3ae81a728e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}, Quarantined, [5b0a730752393ef80718a780867c0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachine, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [234235455a31092d85b036f9ff03d12f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, Quarantined, [96cf45354744d85e4cd7e740e51dac54],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [c5a0c2b87a11b48205d6f4688083a65a],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe, Quarantined, [cb9a09718605f83e90b3633a699ac33d],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ConsumerInputUpdate.exe, Quarantined, [c1a4f684a6e5ae8837a463f910f39967],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\dca-host.exe, Quarantined, [adb8ceac3f4ccf6743007726c83bb24e],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, Quarantined, [5213f3875635ff37b32946163ac99e62],
PUP.Optional.GigaClicks, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, Quarantined, [3b2a94e6ddaea78ff2fe2c3dba491ae6],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V03.06, Quarantined, [fa6b64164f3cbf7709167ae7e91ade22],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V03.06-nv, Quarantined, [471eea90dab1b97d3ce3fd640ff4e51b],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V03.06-nv-ie, Quarantined, [95d00e6c9bf0c76fe23d19487b88f40c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [e77e94e6b2d94ee88655c3991ae901ff],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\dca-host.exe, Quarantined, [4c196e0cfa91132386bd6d301de605fb],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.compete.cinm, Quarantined, [76efa9d1860511257cca6437a55e37c9],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, Quarantined, [2e377ffbaae1a492578bfc6053b06799],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\ConsumerInput, Quarantined, [82e3067434578aac6376bba1897a4cb4],
PUP.Optional.CrossRider, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\HQCinema Pro 2.1V03.06-nv, Quarantined, [8bdae7934f3c91a5767a045b3ac9cc34],
PUP.Optional.CrossRider, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\HQCinema Pro 2.1V03.06-nv-ie, Quarantined, [df867a0093f8f541d71991ce4cb722de],

Registry Values: 3
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [c5a05f1bf89302343c0b5f3cc93a0ff1]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [d68fd7a36922f14520277724c3402dd3]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, Consumer Input Update Helper, Quarantined, [2e377ffbaae1a492578bfc6053b06799]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\_metadata, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],

Files: 14
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\extension.js, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\icon-128.png, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\icon-16.png, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\icon-48.png, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\jquery-1.11.0.min.js, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\manifest.json, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\style.css, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\0.1_0\_metadata\verified_contents.json, Quarantined, [1f46d1a9c6c515210224b1c9fc06bb45],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh\000003.log, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh\CURRENT, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh\LOCK, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh\LOG, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh\LOG.old, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],
PUP.Optional.CrossRider, C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh\MANIFEST-000001, Quarantined, [d98c3d3d97f478beb176c7b36c968a76],

Physical Sectors: 0
(No malicious items detected)


(end)

ADWCleaner:

# AdwCleaner v5.017 - Logfile created 04/11/2015 at 20:55:30
# Updated 03/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Matt - ONEPUTER
# Running from : C:\Users\Matt\Desktop\adwcleaner_5.017.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1068 bytes] ##########

[ken545]

Good Morning

Open up FRST, make sure that Additions is checked, run a new scan and post both the new FRST and Additions logs

[Alpherio]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Matt (administrator) on ONEPUTER (06-11-2015 07:01:29)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt & Sarah)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-01] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AE6BC52A-FEAC-49D8-AB5D-FDE9F836AD83}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BC48F90C-37A5-4AD2-AD2E-8127DC1EAB34}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-3521546551-3123563252-608694627-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Matt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-14]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-04]
CHR Extension: (Netflix) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-14]
CHR Extension: (Pandora) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-06-14]
CHR Extension: (iCloud Bookmarks) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-26]
CHR Extension: (Skype Click to Call) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [8704 2014-04-15] (ASUS) [File not signed]
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 22:02 - 2015-11-04 22:02 - 00026871 _____ C:\Users\Matt\Desktop\mbamcleanedresult.txt
2015-11-03 21:44 - 2015-11-06 07:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-03 21:43 - 2015-11-03 21:43 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-03 21:43 - 2015-11-03 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-03 21:43 - 2015-11-03 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-03 21:43 - 2015-11-03 21:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-03 21:43 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-03 21:43 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-03 21:43 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-03 21:38 - 2015-11-06 07:00 - 00000093 _____ C:\Users\Matt\AppData\Roaming\sp_data.sys
2015-11-03 21:20 - 2015-11-03 21:22 - 22908888 _____ (Malwarebytes ) C:\Users\Matt\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-03 21:09 - 2015-11-03 21:09 - 00001681 _____ C:\Users\Matt\Desktop\JRT.txt
2015-11-03 17:31 - 2015-11-03 17:32 - 01708032 _____ C:\Users\Matt\Desktop\adwcleaner_5.017.exe
2015-11-02 20:24 - 2015-11-02 20:24 - 01801288 _____ (Malwarebytes) C:\Users\Matt\Desktop\JRT.exe
2015-11-01 10:16 - 2015-11-01 10:16 - 00002208 _____ C:\Users\Matt\Desktop\aswMBR.txt
2015-11-01 10:16 - 2015-11-01 10:16 - 00000512 _____ C:\Users\Matt\Desktop\MBR.dat
2015-11-01 09:16 - 2015-11-01 09:17 - 05198336 _____ (AVAST Software) C:\Users\Matt\Desktop\aswMBR.exe
2015-11-01 09:06 - 2015-11-01 09:08 - 00041058 _____ C:\Users\Matt\Desktop\Addition.txt
2015-11-01 09:05 - 2015-11-06 07:01 - 00024169 _____ C:\Users\Matt\Desktop\FRST.txt
2015-11-01 09:04 - 2015-11-06 07:01 - 00000000 ____D C:\Users\Matt\Desktop\FRST-OlderVersion
2015-10-24 15:22 - 2015-10-24 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-24 14:45 - 2015-10-24 14:45 - 00290408 _____ C:\Windows\Minidump\102415-31578-01.dmp
2015-10-24 11:34 - 2015-10-24 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-24 11:31 - 2015-10-24 11:31 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-24 11:31 - 2015-10-24 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-24 11:30 - 2015-10-24 11:31 - 00000000 ____D C:\Program Files\iTunes
2015-10-24 11:30 - 2015-10-24 11:30 - 00000000 ____D C:\Program Files\iPod
2015-10-24 11:30 - 2015-10-24 11:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-18 12:33 - 2015-10-18 12:33 - 00001111 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
2015-10-18 12:33 - 2015-10-18 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2015-10-18 12:33 - 2015-10-18 12:33 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2015-10-18 12:08 - 2015-10-18 12:08 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-10-09 21:55 - 2015-10-09 21:55 - 00290496 _____ C:\Windows\Minidump\100915-40203-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-06 07:02 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-06 07:01 - 2015-07-07 22:04 - 00000000 ___RD C:\Users\Matt\Dropbox
2015-11-06 07:01 - 2015-07-07 21:57 - 00000000 ____D C:\Users\Matt\AppData\Local\Dropbox
2015-11-06 07:01 - 2015-06-10 18:54 - 00000000 ____D C:\FRST
2015-11-06 07:01 - 2015-06-10 18:53 - 02198528 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2015-11-06 07:00 - 2015-06-02 11:23 - 00000000 ___RD C:\Users\Matt\iCloudDrive
2015-11-06 06:59 - 2015-07-07 21:57 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-06 06:59 - 2015-02-27 12:39 - 00000000 __RDO C:\Users\Matt\Desktop\OneDrive
2015-11-06 06:59 - 2015-02-26 22:21 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 22:08 - 2015-07-07 21:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-04 21:49 - 2015-02-26 22:21 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 21:06 - 2014-08-14 08:37 - 01436582 _____ C:\Windows\WindowsUpdate.log
2015-11-04 21:03 - 2014-03-18 02:03 - 00863596 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 20:57 - 2013-08-22 06:46 - 00080959 _____ C:\Windows\setupact.log
2015-11-04 20:56 - 2014-03-18 01:54 - 00657302 _____ C:\Windows\PFRO.log
2015-11-04 20:56 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 20:56 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-04 20:55 - 2015-06-09 20:49 - 00000000 ____D C:\AdwCleaner
2015-11-04 20:48 - 2015-06-03 15:47 - 00000000 ____D C:\Program Files (x86)\9b5af7f8-571f-4257-ac86-b814c6c63b4a
2015-11-04 20:48 - 2014-05-14 20:44 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-11-04 20:42 - 2015-02-27 12:44 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EDBD8DFB-6D84-4E3D-B9AD-7E72DA0E9CF5}
2015-11-03 22:27 - 2015-02-27 12:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521546551-3123563252-608694627-1001
2015-11-02 18:25 - 2015-03-03 17:51 - 00464384 ___SH C:\Users\Matt\Desktop\Thumbs.db
2015-11-01 09:07 - 2015-05-04 21:51 - 00000000 ____D C:\Users\Matt\Desktop\Galactica
2015-10-31 15:04 - 2015-06-03 16:31 - 00070202 _____ C:\Windows\SysWOW64\bddel.dat
2015-10-31 10:52 - 2015-02-27 12:33 - 00000000 ____D C:\Users\Matt
2015-10-30 19:36 - 2015-02-28 11:51 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2015-10-24 15:22 - 2015-07-07 21:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-24 14:49 - 2015-02-26 22:24 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-24 14:45 - 2015-08-30 06:14 - 00000000 ____D C:\Windows\Minidump
2015-10-24 14:44 - 2015-08-30 06:14 - 2098379375 _____ C:\Windows\MEMORY.DMP
2015-10-24 11:34 - 2015-06-02 11:23 - 00000000 ____D C:\Users\Matt\AppData\Local\Apple Inc
2015-10-24 11:30 - 2015-02-27 15:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-18 09:49 - 2015-07-08 18:54 - 00000000 ____D C:\Users\Matt\AppData\Local\Citrix
2015-10-15 06:37 - 2015-09-13 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-12 21:11 - 2015-05-09 18:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2015-11-03 21:38 - 2015-11-06 07:00 - 0000093 _____ () C:\Users\Matt\AppData\Roaming\sp_data.sys
2015-06-08 21:24 - 2015-06-12 17:18 - 0007605 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2014-08-14 08:52 - 2014-08-14 08:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-14 09:14 - 2014-03-25 17:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-14 20:43 - 2014-03-26 12:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-14 20:43 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-14 20:43 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\RefreshReg.vbs


Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp_otqh.dll
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-01 08:20

==================== End of FRST.txt ============================


Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Matt (2015-11-06 07:03:23)
Running from C:\Users\Matt\Desktop
Windows 8.1 (X64) (2015-02-27 20:35:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3521546551-3123563252-608694627-500 - Administrator - Disabled)
Guest (S-1-5-21-3521546551-3123563252-608694627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3521546551-3123563252-608694627-1003 - Limited - Enabled)
Matt (S-1-5-21-3521546551-3123563252-608694627-1001 - Administrator - Enabled) => C:\Users\Matt
Sarah (S-1-5-21-3521546551-3123563252-608694627-1004 - Administrator - Enabled) => C:\Users\Sarah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
FLAC To MP3 V4.1 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.4 - Safer-Networking Ltd.)
System Requirements Lab Detection (HKLM-x32\...\{CC656969-7AE7-415C-A3EB-BA687F3AB03F}) (Version: 6.1.6.0 - Husdawg, LLC)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-10-2015 12:07:41 Installed System Requirements Lab Detection
31-10-2015 11:49:43 Scheduled Checkpoint
02-11-2015 18:21:37 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2015-11-02 18:22 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2435A1F2-FC3A-456C-BC02-8D182D59AD04} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-11-03] ()
Task: {24A0BD95-2087-417F-BBA6-F3D508D95A27} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {349A602C-FEED-4556-9741-904302CA0DDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {351DAD53-AA32-4624-AF85-9896C179051F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {451A682B-E5A9-4E74-92E5-665A0F62477F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-14] (Realtek Semiconductor)
Task: {45CC27D6-7D5B-4DF7-9333-9290DE8502A7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-11-03] ()
Task: {4D3CBEF1-974C-4CA1-A5BB-DD41A8EE04D1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
Task: {4E94B278-A383-4EB1-BD76-38027ADFC74E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
Task: {55B667DD-DAB3-417B-B384-05574B9AE119} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {632E5C78-6BAE-4D48-A906-D95223FA5850} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {708DADE6-0A79-478F-8CEB-D528FBAC2867} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
Task: {78A3D0CD-B5B0-4856-8F99-23497EBB9AFC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {82B8E927-55E0-42A5-BC19-2BB9CE7A9C42} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {83B71413-109F-4F33-8BD5-A3202E5636A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D95E1D65-8FB1-4E31-91C4-692BBE3A040F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {E3C7E82D-A594-4911-AECE-B09DF1C6B31A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {ECC7EE87-28FB-4390-A463-40BF93A6AE79} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {EDB36471-01F6-42EE-B9C7-A025B4A09664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
Task: {EFC10CC2-9655-47BC-867D-3551C92B7E04} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-15 16:36 - 2014-04-15 16:36 - 00016384 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-09-07 18:34 - 2015-09-01 23:23 - 00074752 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-04-15 16:36 - 2014-04-15 16:36 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-08-14 09:12 - 2013-05-02 10:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-08-14 09:12 - 2013-05-02 10:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2015-02-27 19:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-27 19:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-27 19:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-27 19:35 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-27 19:35 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-14 08:47 - 2013-10-23 12:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 13:46 - 2014-04-02 13:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-10-24 14:49 - 2015-10-20 06:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-24 14:49 - 2015-10-20 06:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-11-06 07:00 - 2015-11-06 07:00 - 00071168 _____ () c:\users\matt\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp_otqh.dll
2015-07-07 22:02 - 2015-09-23 15:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-07 22:02 - 2015-09-23 15:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 18:45 - 2015-09-23 15:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-07 22:02 - 2015-09-23 15:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\Desktop\Galactica\carina.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "FlashGamesRockstar"
HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99653552-2740-4A0A-8B29-7EE97257AA12}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0F757B8E-21C2-43B9-B86C-4463B66FF786}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B33362BB-E669-4EEF-9C38-FC49092CF823}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5D1F7E76-D2E6-4F55-A128-44E2EA2EA06C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{301DCFD4-F980-4FAD-A9B1-45A160697CB8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E3D22119-1654-42AF-BCD0-B3F697269BB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72FCB0D1-2CC8-4820-AEC4-5BC889A4F102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{125066DC-67E5-411F-B621-8A6903D5B67B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCD9183A-2943-4697-A704-A7666A1388CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{0D258B23-1380-43BD-96F3-5069C4BF449A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{626CEFE1-EE00-4D03-B60A-9507AE49DDB2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5403D72F-ABC9-4B24-AA0B-A6373F41DED8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A5B3357A-EC7A-4B49-BB0B-090A277B3F21}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AFD50EB2-E97B-4FB6-ABFD-1AFC1DC5ED97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AED42A45-8ACA-4DAC-9040-93AEEAF4F16D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED7DE36D-3689-48A4-BD3A-06ACD3E8261D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBF4C46A-75B4-42E6-80E3-25387C028192}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BCE46DB-9D73-4381-836E-397709B38931}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{04AFBF30-2273-4593-93C3-48805E36250B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8F3C79AA-5E4F-44F9-B74B-A2229C63C5D6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 08:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.4.40.11, time stamp: 0x535a5123
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x2d20
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3
Faulting package full name: SDOnAccess.exe4
Faulting package-relative application ID: SDOnAccess.exe5

Error: (11/04/2015 08:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.4.40.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0xc84
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3
Faulting package full name: SDOnAccess.exe4
Faulting package-relative application ID: SDOnAccess.exe5

Error: (11/04/2015 08:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.4.40.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x1654
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3
Faulting package full name: SDOnAccess.exe4
Faulting package-relative application ID: SDOnAccess.exe5

Error: (11/04/2015 05:49:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.4.40.11, time stamp: 0x535a5123
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x2730
Faulting application start time: 0xSDOnAccess.exe0
Faulting application path: SDOnAccess.exe1
Faulting module path: SDOnAccess.exe2
Report Id: SDOnAccess.exe3
Faulting package full name: SDOnAccess.exe4
Faulting package-relative application ID: SDOnAccess.exe5

Error: (11/03/2015 06:12:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (11/03/2015 06:12:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (11/02/2015 07:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (11/02/2015 07:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234

Error: (11/02/2015 07:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2015 07:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 899812


System errors:
=============
Error: (11/06/2015 06:59:36 AM) (Source: DCOM) (EventID: 10010) (User: ONEPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/04/2015 10:19:51 PM) (Source: DCOM) (EventID: 10010) (User: ONEPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/04/2015 10:19:50 PM) (Source: DCOM) (EventID: 10010) (User: ONEPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/04/2015 10:19:50 PM) (Source: DCOM) (EventID: 10010) (User: ONEPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/04/2015 08:59:02 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (11/04/2015 08:59:02 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005http://+:10243/WMPNSSv4/1257424468/

Error: (11/04/2015 08:59:02 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (11/04/2015 08:59:02 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005http://+:10243/WMPNSSv4/1257424456/

Error: (11/04/2015 08:59:02 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (11/04/2015 08:59:02 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005http://+:10243/WMPNSSv4/1257424468/


CodeIntegrity:
===================================
Date: 2015-11-04 22:07:21.490
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-04 21:30:45.834
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2015-11-04 21:30:43.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2015-11-04 21:30:40.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2015-11-04 21:29:39.779
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-04 21:29:38.598
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-04 21:29:37.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-04 21:29:36.300
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-04 21:29:34.998
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-04 21:29:33.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 34%
Total physical RAM: 8075.16 MB
Available physical RAM: 5286.54 MB
Total Virtual: 16267.16 MB
Available Virtual: 13218.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:684.33 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B118416D)

Partition: GPT.

==================== End of Addition.txt ============================

[ken545]

Logs look ok.

Freemake <-- When your downloading and sharing files with unknown people its not a good idea, your call if you want to keep using this

System Requirements Lab <--This has been know to not be to reliable and has caused some problems on some systems, again its your call to use it or not

How is your system behaving now ???

[Alpherio]

Sorry I didn't reply until now. I was out of town in the desert! The system appears to be running better now, although Windows Update isn't running and doesn't appear to want to start. Trying to reset it with DISM cleanup, but otherwise I don't appear to be suffering from any other issues but I haven't tried connecting to the TV via HDMI yet. That had been having sound issues which, from my rudimentary digging and forum reading, appear to be some sort of driver issue but I don't know what.

[ken545]

Good Morning,

You have a lot of errors running Spybot Search and Destroy, I would uninstall it and see if it helps, you can always download and reinstall it later if you wish

Since the issue with Windows Updates do not appear to be malware related why dont you post here on a site we use quite frequently, like Safer Networking its free but you will have to register and then post in there windows forum. You can link them to this thread if you wish so they can see what we have done.

http://forums.whatthetech.com/index.php?showforum=119




Double click on AdwCleaner.exe to run the tool again.

• Click on the Uninstall button.
• Click Yes when asked are you sure you want to uninstall.
• Both AdwCleaner.exe, its folder and all logs will be removed.

==========================================================




Please download DelFix and save the file to your Desktop.

• Windows XP Double Click DelFix.exe to run the program.
• Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
• Checkmark " Remove Disinfection Tools"
• Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually






==========================================================






So How did I get infected in the first place




Safe Surfn
Ken