Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-10-2015
Ran by Aaron (2015-10-28 22:02:11)
Running from G:\Downloads\Malware removal
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-01 22:25:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aaron (S-1-5-21-2780459401-3871315293-2221292059-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2780459401-3871315293-2221292059-500 - Administrator - Disabled)
Guest (S-1-5-21-2780459401-3871315293-2221292059-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2780459401-3871315293-2221292059-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.94 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATConsole (HKLM-x32\...\{CE029721-70F7-4B1C-9E6D-E90EC7D82D8D}) (Version: 10.0.2 - APREL Tehnologija d.o.o.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
ChromecastApp (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Coupon Companion (HKLM-x32\...\Coupon Companion) (Version: 1.24.151.151 - 215 Apps) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Digital Coupon Printer (HKLM-x32\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Imperialism II (HKLM-x32\...\Imperialism II) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )
LizardTech GeoViewer (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\9b689087b44c09fc) (Version: 5.5.0.3396 - LizardTech)
Maintenance Samsung SCX-4623 Series (HKLM-x32\...\Samsung SCX-4623 Series) (Version: - Samsung Electronics CO.,LTD)
Maintenance Samsung SCX-4623FW Series (HKLM-x32\...\Samsung SCX-4623FW Series) (Version: - Samsung Electronics Co., Ltd.)
marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.23.04 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings Manager (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Settings Manager) (Version: 23.2.0.2 - Spigot, Inc.) <==== ATTENTION
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 7.3.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.3.0.3 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2015-09-05 23:48 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1E7B521C-0F67-4876-9FAF-59C7E1B80C41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
Task: {295A1C6B-F6B6-423B-9A70-07062BE58BC7} - System32\Tasks\{A0DC1DEF-2121-46DD-929B-143D0AFC2E50} => pcalua.exe -a C:\Users\Aaron\Desktop\populousdemo.exe -d C:\Users\Aaron\Desktop
Task: {3C2F9E46-8E3D-49A4-8F74-95EA4D0BB816} - System32\Tasks\{D370B6B3-F58E-4857-8585-3DFD0F92E51F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {60155F0B-ADC8-4F82-850E-B16B918376D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6A1EE2E4-E381-47A6-9CD5-A6F33D057F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8C8EEE6D-7AFE-4525-A463-C73CFA3A9315} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A8307E37-05BC-42D2-9539-E6063849F18F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B03ED6B5-6DC3-45D2-8D23-EFD39F4C99A2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B56D32CB-D9EA-4E4E-993D-ADEFFB10BB55} - System32\Tasks\ATConsole => G:\Program Files (x86)\AT Console\ATConsole.Run.exe [2015-02-27] (APREL Tehnologija d.o.o.)
Task: {D5A6A751-A8D8-40E8-90DE-FD1B34B0E5EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\ATConsole.job => G:\Program Files (x86)\AT Console\ATConsole.Run.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-09-02 22:34 - 2013-01-18 10:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-15 17:18 - 2009-10-28 00:34 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll
2012-09-15 17:17 - 2010-02-11 01:25 - 00750080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sso4mdu.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-28 00:04 - 2014-03-19 10:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-29 00:05 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-09-30 03:24 - 2015-09-30 03:24 - 00954992 _____ () C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.exe
2015-04-28 04:27 - 2015-10-06 03:15 - 00806064 _____ () C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
2012-10-08 21:11 - 2011-07-13 07:42 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-10-08 21:08 - 2011-06-24 13:55 - 01990144 _____ () C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
2013-03-14 09:47 - 2013-03-14 09:47 - 15500800 _____ () C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
2012-09-15 17:18 - 2010-02-11 00:55 - 01982464 _____ () C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
2012-09-15 17:18 - 2009-10-27 00:00 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-04-30 14:43 - 2015-04-30 14:43 - 00090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
2014-12-28 00:04 - 2014-03-06 17:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2012-10-08 21:08 - 2008-11-11 20:51 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623\ssole.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00020480 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00069632 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00126976 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00159744 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2012-09-15 17:18 - 2009-10-28 03:10 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623W\ssole.dll
2012-09-15 17:19 - 2010-01-03 23:39 - 00242176 _____ () C:\Windows\twain_32\Samsung\SCX4623W\NetModule2.dll
2014-08-29 00:05 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-29 00:05 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-31 13:16 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-11-11 11:47 - 2015-10-05 11:18 - 00778752 _____ () G:\Program Files (x86)\Steam\SDL2.dll
2015-02-06 14:43 - 2015-07-03 11:12 - 04962816 _____ () G:\Program Files (x86)\Steam\v8.dll
2015-02-06 14:43 - 2015-07-03 11:12 - 01556992 _____ () G:\Program Files (x86)\Steam\icui18n.dll
2015-02-06 14:43 - 2015-07-03 11:12 - 01187840 _____ () G:\Program Files (x86)\Steam\icuuc.dll
2014-11-18 13:23 - 2015-10-14 15:56 - 02423376 _____ () G:\Program Files (x86)\Steam\video.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 02549248 _____ () G:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00442880 _____ () G:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00491008 _____ () G:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00332800 _____ () G:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00485888 _____ () G:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-18 13:23 - 2015-10-14 15:56 - 00705104 _____ () G:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-12 06:29 - 2015-10-09 13:13 - 00193024 _____ () G:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-11-11 11:48 - 2015-10-08 17:20 - 45010208 _____ () G:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-16 03:33 - 2014-10-16 03:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-09-01 19:23 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-21 19:02 - 2013-02-21 19:02 - 00491304 _____ () C:\Program Files (x86)\Quicken\alrtint8.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2015-10-23 13:05 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-23 13:05 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123simsen.com -> www.123simsen.com
There are 7797 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{0217D790-5A0B-4926-AED5-0349C66E5845}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4DF23F10-595B-44D6-88D5-4EB05292BDC3}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{807B0FBE-527D-4CF2-AB25-A6DAF45E7CE7}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{647371F3-6C5B-4590-901B-D950BE7A0599}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{000A763F-E59A-4B61-B25C-BCA30E3BF000}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{92132E02-6C28-4E3F-9A40-76F227D2ECAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8CF40CB2-4C5E-46C6-9CC9-056DF2A02E3B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{EE14C1D6-50B6-40D9-BCBB-D762955D0F31}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{24E55F8D-F01E-4A21-A4EB-A35C38E13473}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{D2A69D5E-0DC2-4188-AD48-BD85210CD5C8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{029998F5-7064-4074-8611-3D5D4DA5D50D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{09CD2CA2-F607-4AEB-A0FF-163ABA175AC1}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{7EB35FC4-A89D-45D2-BA02-D69524AD65B0}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{8085ED9E-EADB-431A-B282-0164C2AAB947}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{A0FFC28F-1425-4DAC-8A05-7D481DB098D5}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{2D5C4C14-990F-47A4-90D7-457BBABB289B}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{5160711B-CF7C-4E3D-B87F-898FF819DF60}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{3A5630A9-83B6-44B4-ADC3-62F520EA45BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D090A75C-525E-4A75-9D56-6EBF8D21CE04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64D7CF1A-7F60-4570-B54E-820B870FA6C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F3471A5-FAC8-4D04-9AD5-FFB1BD2A2340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B092329-1752-421C-817F-BC74736C0FC0}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{49C509F9-01A1-4395-8676-CB7004AFF665}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{6488F17B-D4E1-440A-A976-018BDCFD1429}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [{583FC695-87FC-4778-BBBA-B28AAC4A5D66}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [TCP Query User{939F4DFE-70F4-4BF5-9A3A-9E8FE5FA387E}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [UDP Query User{0BF28297-A08B-4FF6-B7C7-D0A405459CBA}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{81B5AA9E-E5C0-4C4A-8024-539276718B86}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{17777220-47DA-474D-9AF4-321755C13CA2}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [TCP Query User{88A73253-ED0B-4527-B77C-8874DAACDAB3}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{C7E19288-4D88-43D9-BAE2-306A9F30F0A5}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{B58D2DFF-66D7-480D-8618-1605430444A7}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{685A77A0-34AB-47DF-B8BD-E670E32B51C8}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{515EEFDD-259C-4676-B23F-F94D4B9A9B44}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{C4F3CBDF-46D5-4AD2-8A67-05581FA19335}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{EF1B562A-9655-409A-A934-C36B5BE3C257}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{6AA3ACBA-BD16-4B0E-BA8D-A81CC2C4793D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{007E4B09-0B56-4895-8D4E-F6DCFE7283BA}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F6B757B5-307F-46A4-9FFE-52451D03DFD1}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0725FF3A-769D-41C2-A289-A9A84A88F286}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{792CCAA8-A680-414C-AE91-DCC151C84A51}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{A6CF07EF-7C15-4208-9C2A-77229FAB2E08}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEEACF0D-7AA9-4B83-A526-D9291A3111BB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3367A23D-97C2-4749-940F-6D514AE6672F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5BD4A1FC-D6AA-4C52-8B0B-CA3F9E86ED47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B7A76FB-4724-4FE6-B196-6B06CBADD793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C5E6FD03-1E3C-4CCD-A7D4-A3298D6C5C78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{385F3167-C5AD-4CF5-B351-7A86732A43BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7A7C0C33-D121-47B6-9D41-718945A85791}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8E80AB15-E4CD-4036-A157-672707862741}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{39E3449E-C699-4E28-90FB-E06F88334D95}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{D113A492-7756-4F49-85B5-F7BD5A1E8A20}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{3826C67F-BAB1-4373-8C9F-1EBEF6453A3C}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{212AA332-EC1E-42B1-BFB1-0CC6EB6BF954}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54DC90E6-1D2E-491E-A85C-DBBB8A3A664C}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{044F4BD9-C563-4FD2-AEA3-B02116760FEE}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{36202C0E-2357-42C6-BA8A-DBE0EC2D8721}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{A3C4DB23-6990-4A53-A9B7-B61945751091}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0ECDDE80-FA5E-40B7-8B9D-5D72F64742D4}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E4066D09-D13F-4B51-9EB1-69CDACB8FB73}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [UDP Query User{0109CF3E-4B39-45D2-82BB-AEFAA0420CD0}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{C2C2BCE8-1594-4AC2-B550-79D8F85EACE7}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{8766A6F0-FAC2-4FBB-AD31-B730A87305AB}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [TCP Query User{C0961C7C-E162-447A-98EF-3592A6DC8CF9}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [UDP Query User{1095EE0E-48B6-4A9C-BD54-C51996BCC79D}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{670D0A41-209C-4E40-943B-02114E9FD0D3}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{062B4869-47F9-46D5-92F8-E524F70A7A55}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{F4BAD991-2E3A-4594-A695-C4262646BF25}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81BCE1E4-4FC0-470D-8C28-0313355E18DF}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90481295-BB13-4D32-A77E-1A13FB749236}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7F73812-5374-4932-86D9-1BD9F90B6D08}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58A2B39B-1180-4EE3-BCAB-FA6B658E5F93}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6312911C-5EF6-4E71-AFCF-A31E1EC944CD}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5FDB9E24-9DFB-4E28-99E9-1C473FC3023E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{8C844D3F-1A63-4882-A732-9530887F98B5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B18BD1A8-F169-48A7-A2FE-695972E0E094}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{17F56712-C452-4E5D-BA33-8B0917F50083}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4FC4A00D-D59B-4E3B-B958-664EC6E56F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{817BB168-CBDD-4062-8C11-2EAADA1949CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCBB7FB2-72BC-40B7-A3CE-E3C544593F52}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{E9DD4A79-572E-4CF2-A9C1-822EDE329252}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{08ED72C1-D8BD-40F5-A76E-0FA707376680}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F4681EF7-39A5-4679-8B55-9D971122D163}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DADFD933-02FA-4440-B3FF-10B3DD424298}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F03356DE-9402-452B-A88A-F51CC48DA3C9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A86C17B5-0A02-41B2-8AB9-B58665CABA74}] => (Allow) LPort=15600
FirewallRules: [TCP Query User{36474C56-EA37-46B9-BD3D-C68BDED81617}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{96BC5ABF-B1DA-4567-872B-982061CFDA35}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{8FB55FC7-0025-4A3A-9E79-B952FC977CC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00D30FAC-F1B4-47A7-BB8F-13B0F4533CD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5722600-A349-4137-99F6-8B256D87081E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C52BEA8-5C93-45E0-80E3-AD6A9934C318}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98A415FF-DC83-4FA3-9E21-2690DC15CB68}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A6526E95-2122-4EB7-9B1F-C985A62189BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2015 11:10:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (10/27/2015 12:00:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (10/26/2015 01:15:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (10/25/2015 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (10/24/2015 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (10/23/2015 07:42:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (10/23/2015 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (10/22/2015 12:00:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (10/21/2015 04:58:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (10/20/2015 03:50:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
System errors:
=============
Error: (10/28/2015 07:40:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 07:40:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 06:25:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 06:25:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 05:11:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 05:11:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 05:11:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 05:11:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 05:11:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (10/28/2015 05:11:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 50%
Total physical RAM: 8170.01 MB
Available physical RAM: 4068.64 MB
Total Virtual: 26209.77 MB
Available Virtual: 17765.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:342.49 GB) NTFS
Drive d: (BROODWAR_UK) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
Drive g: (2TB) (Fixed) (Total:1863.01 GB) (Free:1653.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C8526F36)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 954F3D56)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-28 22:03:37
-----------------------------
22:03:37.918 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:37.918 Number of processors: 4 586 0x2A07
22:03:37.919 ComputerName: BLACKPC UserName: Aaron
22:03:38.272 Initialize success
22:03:38.282 VM: initialized successfully
22:03:38.282 VM: Intel CPU BiosDisabled
22:05:36.201 AVAST engine defs: 15102801
22:05:48.964 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:05:48.964 Disk 0 Vendor: ST2000DM CC27 Size: 1907729MB BusType: 3
22:05:48.964 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port1Path0Target1Lun0
22:05:48.974 Disk 1 Vendor: Samsung_ EMT0 Size: 476940MB BusType: 11
22:05:48.974 Disk 1 MBR read successfully
22:05:48.974 Disk 1 MBR scan
22:05:48.984 Disk 1 Windows VISTA default MBR code
22:05:48.984 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:05:48.984 Disk 1 default boot code
22:05:48.984 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
22:05:48.994 Disk 1 scanning C:\Windows\system32\drivers
22:05:51.307 Service scanning
22:05:58.017 Modules scanning
22:05:58.017 Disk 1 trace - called modules:
22:05:58.017 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
22:05:58.017 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8008d26060]
22:05:58.027 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port1Path0Target1Lun0[0xfffffa8008b33050]
22:05:58.317 AVAST engine scan C:\Windows
22:05:59.144 AVAST engine scan C:\Windows\system32
22:07:30.104 AVAST engine scan C:\Windows\system32\drivers
22:07:37.410 AVAST engine scan C:\Users\Aaron
22:11:50.628 Disk 1 MBR has been saved successfully to "G:\Downloads\Malware removal\MBR.dat"
22:11:50.638 The log file has been saved successfully to "G:\Downloads\Malware removal\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015
Ran by Aaron (administrator) on BLACKPC (28-10-2015 22:01:50)
Running from G:\Downloads\Malware removal
Loaded Profiles: Aaron (Available Profiles: Aaron & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.exe
() C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
(Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Valve Corporation) G:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [SCX4623_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623 Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623FW Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe [1982464 2010-02-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-04-20] (Inmar, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-08-12] (SlySoft, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Steam] => G:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Settings Manager] => C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.EXE [954992 2015-09-30] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [UM] => C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE [806064 2015-10-06] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Google Update] => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-09] (Google Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\MountPoints2: {494bc095-037e-11e2-86ac-00268314e930} - D:\SETUP.EXE
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\MountPoints2: {494bc1ba-037e-11e2-86ac-00268314e930} - H:\LaunchU3.exe -a
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [2013-10-12]
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-10-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-10-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-10-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> G:\QuickBooks Pro 2014\QBW32.EXE (Intuit Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23578A93-21A1-47F2-A51B-97699C7B3824}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6588490C-9C39-4614-8E15-1D116A942169}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> DefaultScope {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Coupon Companion -> {11111111-1111-1111-1111-110011441193} -> C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-07-29] (Wondershare)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - G:\QuickBooks Pro 2014\HelpAsyncPluggableProtocol.dll [2014-06-26] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Aaron\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Aaron\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2013-02-28] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-10-03] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\searchplugins\yahoo_ff.xml [2015-07-21]
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-08-29] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Cast) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-13]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-10-28]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici [2014-08-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Coupon Companion) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm [2014-05-24] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/4493.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [iijmpjamifmplbakhgikofogdfackici] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com.crx [2014-08-29]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Aaron\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2012-11-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-07-12] (Samsung Electronics Co., Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-18] (GFI Software)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-28 22:01 - 2015-10-28 22:01 - 00000000 ____D C:\FRST
2015-10-28 22:00 - 2015-10-28 22:00 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BLACKPC-Windows-7-Home-Premium-(64-bit).dat
2015-10-28 22:00 - 2015-10-28 22:00 - 00000000 ____D C:\RegBackup
2015-10-28 21:59 - 2015-10-28 21:59 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-28 21:59 - 2015-10-28 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-28 21:59 - 2015-10-28 21:59 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-28 21:23 - 2015-10-28 21:23 - 00000000 ___RD C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-26 15:16 - 2015-10-26 15:16 - 00003090 _____ C:\Windows\System32\Tasks\{D370B6B3-F58E-4857-8585-3DFD0F92E51F}
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\Program Files\iTunes
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\Program Files\iPod
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-19 22:56 - 2015-10-19 22:56 - 00000000 ____D C:\Program Files\Bonjour
2015-10-19 22:56 - 2015-10-19 22:56 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-19 22:55 - 2015-10-19 22:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-19 22:55 - 2015-10-19 22:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-19 22:53 - 2015-10-19 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-19 22:53 - 2015-10-19 22:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-17 12:18 - 2015-10-17 12:20 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-16 19:26 - 2015-10-16 19:26 - 00002303 _____ C:\Users\Aaron\Desktop\Chrome App Launcher.lnk
2015-10-16 19:26 - 2015-10-16 19:26 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-15 03:04 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 03:04 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 03:04 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 12:17 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 12:17 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 12:17 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 12:17 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 12:17 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 12:17 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 12:17 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 12:17 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 12:17 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 12:17 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 12:17 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 12:17 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 12:17 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 12:17 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 12:17 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 12:17 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 12:17 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 12:17 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 12:17 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 12:17 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 12:17 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 12:17 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 12:17 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 12:17 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 12:17 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 12:17 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 12:17 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 12:17 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 12:17 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 12:17 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 12:17 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 12:17 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 12:17 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 12:17 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 12:17 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 12:17 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 12:17 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 12:17 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 12:17 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 12:17 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 12:17 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 12:17 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 12:17 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 12:17 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 12:17 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 12:17 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 12:17 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 12:17 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 12:17 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 12:17 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 12:17 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 12:17 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 12:17 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 12:17 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 12:17 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 12:17 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 12:17 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 12:17 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 12:17 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 12:17 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 12:15 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 12:15 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 12:15 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 12:15 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 12:12 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 12:12 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 12:12 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 12:12 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 12:12 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 12:12 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 12:12 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 12:12 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 12:12 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 12:12 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 12:12 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 12:12 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 12:12 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 12:12 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 12:12 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 12:12 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 12:12 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 12:12 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 12:12 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 12:12 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 12:12 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 12:12 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 12:12 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 12:12 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 12:12 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 12:12 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 12:12 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 12:12 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 12:12 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 12:12 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-13 12:12 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 12:12 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 12:12 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 12:12 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 12:12 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 12:12 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 12:12 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 12:12 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 12:12 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 12:12 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 12:12 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 12:12 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 12:12 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 12:12 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-03 18:42 - 2015-10-03 19:10 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\webex
2015-10-03 18:42 - 2015-10-03 19:10 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\WebEx
2015-10-03 18:42 - 2015-10-03 18:42 - 00000000 ____D C:\Users\Aaron\AppData\Local\WebEx
2015-10-03 18:42 - 2015-10-03 18:42 - 00000000 ____D C:\ProgramData\WebEx
2015-10-03 12:25 - 2015-10-25 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-29 14:19 - 2015-09-29 14:19 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-28 21:54 - 2012-09-01 16:53 - 01477887 _____ C:\Windows\WindowsUpdate.log
2015-10-28 21:48 - 2015-03-21 01:17 - 00000498 _____ C:\Windows\Tasks\ATConsole.job
2015-10-28 21:28 - 2014-03-16 21:27 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\uTorrent
2015-10-28 21:23 - 2012-09-01 22:09 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-10-28 21:23 - 2012-09-01 22:01 - 00000000 ____D C:\Users\Aaron\Documents\Bluetooth Folder
2015-10-28 21:19 - 2015-05-09 10:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job
2015-10-28 21:19 - 2012-09-02 11:45 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Skype
2015-10-28 21:04 - 2014-05-24 22:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 20:47 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-28 20:47 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-28 16:44 - 2012-09-15 17:27 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-10-28 11:01 - 2012-09-01 17:25 - 00000000 ____D C:\Users\Aaron
2015-10-28 09:19 - 2015-05-09 10:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job
2015-10-27 23:55 - 2009-07-13 23:51 - 00066937 _____ C:\Windows\setupact.log
2015-10-27 22:04 - 2014-05-24 22:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-25 18:14 - 2012-10-25 22:48 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\vlc
2015-10-23 13:05 - 2014-05-24 22:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-19 23:04 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 22:59 - 2014-08-29 09:33 - 00000040 ___SH C:\ProgramData\.zreglib
2015-10-19 22:59 - 2013-04-18 12:27 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2015-10-19 22:58 - 2012-09-01 19:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-19 22:58 - 2010-11-20 22:47 - 01535460 _____ C:\Windows\PFRO.log
2015-10-19 22:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-19 22:57 - 2012-12-20 21:30 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-19 22:57 - 2012-09-29 16:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-19 22:56 - 2014-08-28 22:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-10-19 22:55 - 2012-09-29 16:19 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-19 22:53 - 2012-12-20 21:29 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-18 09:22 - 2012-10-04 20:29 - 00000000 ____D C:\Users\Aaron\AppData\Local\CrashDumps
2015-10-16 03:00 - 2015-04-15 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 03:00 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 16:22 - 2012-09-01 17:25 - 00000000 ____D C:\Users\Aaron\AppData\Local\VirtualStore
2015-10-14 11:58 - 2014-12-16 22:48 - 00203739 _____ C:\Users\Aaron\Documents\Address Labels.avery
2015-10-14 03:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 03:20 - 2012-10-22 19:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-14 03:03 - 2013-03-16 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 03:02 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-10-12 23:40 - 2012-09-23 08:28 - 00000000 ____D C:\Users\Aaron\AppData\Local\Adobe
2015-10-12 23:40 - 2012-09-01 22:33 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-12 23:40 - 2012-09-01 22:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-08 07:36 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-06 03:15 - 2015-05-01 10:22 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Update Manager
2015-10-03 18:42 - 2014-05-31 20:07 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Temp
2015-10-03 18:42 - 2012-09-01 23:48 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Mozilla
2015-09-29 14:19 - 2015-05-09 10:08 - 00001209 _____ C:\Users\Aaron\Desktop\Chromecast.lnk
2015-09-29 14:19 - 2012-11-08 23:29 - 00000000 ____D C:\Users\Aaron\AppData\Local\Google
==================== Files in the root of some directories =======
2014-12-16 22:19 - 2014-04-24 08:04 - 0099678 _____ () C:\Program Files (x86)\7a528302-651c-415a-b73e-d6f647cf6467-avery-icon_02.ico
2014-12-16 22:19 - 2014-04-30 11:01 - 0131584 _____ () C:\Program Files (x86)\DesktopDPO.exe
2014-12-16 22:19 - 2014-05-08 12:14 - 9809519 _____ () C:\Program Files (x86)\DesktopDPO.swf
2014-12-16 22:19 - 2014-03-24 05:50 - 0000059 _____ () C:\Program Files (x86)\mimetype
2014-12-16 22:19 - 2014-12-16 22:19 - 0063594 _____ () C:\Program Files (x86)\uninstall.dat
2014-12-16 22:19 - 2014-12-16 22:19 - 4077314 _____ (Avery Products Corporation) C:\Program Files (x86)\uninstall.exe
2013-03-09 19:40 - 2013-04-07 10:39 - 0919244 _____ () C:\Users\Aaron\AppData\Local\a.zip
2013-03-09 19:40 - 2013-04-07 10:39 - 2151080 _____ (Catalina Marketing Corp) C:\Users\Aaron\AppData\Local\BcsKtYcHW.dll
2012-09-01 21:04 - 2015-08-27 21:31 - 0007616 _____ () C:\Users\Aaron\AppData\Local\resmon.resmoncfg
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\Aaron\AppData\Local\setup.txt
2015-07-08 02:08 - 2015-07-08 02:08 - 0253196 _____ () C:\Users\Aaron\AppData\Local\Tempdivx02ce
2015-07-17 10:39 - 2015-07-17 10:39 - 0043494 _____ () C:\Users\Aaron\AppData\Local\Tempdivx0ec8
2014-08-29 09:33 - 2015-10-19 22:59 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-03-21 01:18 - 2015-03-21 01:18 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-03-21 20:17 - 2015-04-04 13:49 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\Abspdf.exe
C:\Users\Aaron\AppData\Local\Temp\acfpdfu.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfui.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Aaron\AppData\Local\Temp\cdintf.dll
C:\Users\Aaron\AppData\Local\Temp\e70afd24-2734-4518-8b65-03a9229821de.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe
C:\Users\Aaron\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SMSetup.exe
C:\Users\Aaron\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aaron\AppData\Local\Temp\Uninstaller-11068.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Aaron\AppData\Local\Temp\xmllite.dll
C:\Users\Aaron\AppData\Local\Temp\_is67B9.exe
C:\Users\Aaron\AppData\Local\Temp\_is86B.exe
C:\Users\Aaron\AppData\Local\Temp\_isDA29.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-21 23:35
==================== End of FRST.txt ============================
My PC is running conhost/cmd.exe/msiexec.exe/ etc all in the 100k+ memory range and PC usage over 50%. this has just happened.
I had Utorrent but removed it (you will see it in the logs), but had not used it in some time.
any help is appreciated.
THanks,
aaron Franke