CMD.exe and other process hogs

[Saidian]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-10-2015
Ran by Aaron (2015-10-28 22:02:11)
Running from G:\Downloads\Malware removal
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-01 22:25:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Aaron (S-1-5-21-2780459401-3871315293-2221292059-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2780459401-3871315293-2221292059-500 - Administrator - Disabled)
Guest (S-1-5-21-2780459401-3871315293-2221292059-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2780459401-3871315293-2221292059-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.94 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATConsole (HKLM-x32\...\{CE029721-70F7-4B1C-9E6D-E90EC7D82D8D}) (Version: 10.0.2 - APREL Tehnologija d.o.o.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
ChromecastApp (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Coupon Companion (HKLM-x32\...\Coupon Companion) (Version: 1.24.151.151 - 215 Apps) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Digital Coupon Printer (HKLM-x32\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Imperialism II (HKLM-x32\...\Imperialism II) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )
LizardTech GeoViewer (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\9b689087b44c09fc) (Version: 5.5.0.3396 - LizardTech)
Maintenance Samsung SCX-4623 Series (HKLM-x32\...\Samsung SCX-4623 Series) (Version: - Samsung Electronics CO.,LTD)
Maintenance Samsung SCX-4623FW Series (HKLM-x32\...\Samsung SCX-4623FW Series) (Version: - Samsung Electronics Co., Ltd.)
marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.23.04 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings Manager (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Settings Manager) (Version: 23.2.0.2 - Spigot, Inc.) <==== ATTENTION
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 7.3.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.3.0.3 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-09-05 23:48 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E7B521C-0F67-4876-9FAF-59C7E1B80C41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)
Task: {295A1C6B-F6B6-423B-9A70-07062BE58BC7} - System32\Tasks\{A0DC1DEF-2121-46DD-929B-143D0AFC2E50} => pcalua.exe -a C:\Users\Aaron\Desktop\populousdemo.exe -d C:\Users\Aaron\Desktop
Task: {3C2F9E46-8E3D-49A4-8F74-95EA4D0BB816} - System32\Tasks\{D370B6B3-F58E-4857-8585-3DFD0F92E51F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {60155F0B-ADC8-4F82-850E-B16B918376D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6A1EE2E4-E381-47A6-9CD5-A6F33D057F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8C8EEE6D-7AFE-4525-A463-C73CFA3A9315} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A8307E37-05BC-42D2-9539-E6063849F18F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B03ED6B5-6DC3-45D2-8D23-EFD39F4C99A2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B56D32CB-D9EA-4E4E-993D-ADEFFB10BB55} - System32\Tasks\ATConsole => G:\Program Files (x86)\AT Console\ATConsole.Run.exe [2015-02-27] (APREL Tehnologija d.o.o.)
Task: {D5A6A751-A8D8-40E8-90DE-FD1B34B0E5EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ATConsole.job => G:\Program Files (x86)\AT Console\ATConsole.Run.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-09-02 22:34 - 2013-01-18 10:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-15 17:18 - 2009-10-28 00:34 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll
2012-09-15 17:17 - 2010-02-11 01:25 - 00750080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sso4mdu.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-28 00:04 - 2014-03-19 10:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-29 00:05 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-09-30 03:24 - 2015-09-30 03:24 - 00954992 _____ () C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.exe
2015-04-28 04:27 - 2015-10-06 03:15 - 00806064 _____ () C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
2012-10-08 21:11 - 2011-07-13 07:42 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-10-08 21:08 - 2011-06-24 13:55 - 01990144 _____ () C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
2013-03-14 09:47 - 2013-03-14 09:47 - 15500800 _____ () C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
2012-09-15 17:18 - 2010-02-11 00:55 - 01982464 _____ () C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
2012-09-15 17:18 - 2009-10-27 00:00 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-04-30 14:43 - 2015-04-30 14:43 - 00090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
2014-12-28 00:04 - 2014-03-06 17:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2012-10-08 21:08 - 2008-11-11 20:51 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623\ssole.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00020480 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00069632 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00126976 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00159744 _____ () C:\Users\Aaron\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2012-09-15 17:18 - 2009-10-28 03:10 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX4623W\ssole.dll
2012-09-15 17:19 - 2010-01-03 23:39 - 00242176 _____ () C:\Windows\twain_32\Samsung\SCX4623W\NetModule2.dll
2014-08-29 00:05 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-29 00:05 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-31 13:16 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-11-11 11:47 - 2015-10-05 11:18 - 00778752 _____ () G:\Program Files (x86)\Steam\SDL2.dll
2015-02-06 14:43 - 2015-07-03 11:12 - 04962816 _____ () G:\Program Files (x86)\Steam\v8.dll
2015-02-06 14:43 - 2015-07-03 11:12 - 01556992 _____ () G:\Program Files (x86)\Steam\icui18n.dll
2015-02-06 14:43 - 2015-07-03 11:12 - 01187840 _____ () G:\Program Files (x86)\Steam\icuuc.dll
2014-11-18 13:23 - 2015-10-14 15:56 - 02423376 _____ () G:\Program Files (x86)\Steam\video.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 02549248 _____ () G:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00442880 _____ () G:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00491008 _____ () G:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00332800 _____ () G:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-11 11:48 - 2015-09-23 19:33 - 00485888 _____ () G:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-18 13:23 - 2015-10-14 15:56 - 00705104 _____ () G:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-12 06:29 - 2015-10-09 13:13 - 00193024 _____ () G:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-11-11 11:48 - 2015-10-08 17:20 - 45010208 _____ () G:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-16 03:33 - 2014-10-16 03:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-09-01 19:23 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-21 19:02 - 2013-02-21 19:02 - 00491304 _____ () C:\Program Files (x86)\Quicken\alrtint8.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2015-10-23 13:05 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-23 13:05 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\123simsen.com -> www.123simsen.com

There are 7797 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0217D790-5A0B-4926-AED5-0349C66E5845}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4DF23F10-595B-44D6-88D5-4EB05292BDC3}C:\users\aaron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{807B0FBE-527D-4CF2-AB25-A6DAF45E7CE7}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{647371F3-6C5B-4590-901B-D950BE7A0599}] => (Block) C:\users\aaron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{000A763F-E59A-4B61-B25C-BCA30E3BF000}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{92132E02-6C28-4E3F-9A40-76F227D2ECAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8CF40CB2-4C5E-46C6-9CC9-056DF2A02E3B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{EE14C1D6-50B6-40D9-BCBB-D762955D0F31}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{24E55F8D-F01E-4A21-A4EB-A35C38E13473}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{D2A69D5E-0DC2-4188-AD48-BD85210CD5C8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{029998F5-7064-4074-8611-3D5D4DA5D50D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{09CD2CA2-F607-4AEB-A0FF-163ABA175AC1}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{7EB35FC4-A89D-45D2-BA02-D69524AD65B0}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{8085ED9E-EADB-431A-B282-0164C2AAB947}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{A0FFC28F-1425-4DAC-8A05-7D481DB098D5}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
FirewallRules: [{2D5C4C14-990F-47A4-90D7-457BBABB289B}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{5160711B-CF7C-4E3D-B87F-898FF819DF60}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623W\Sscan2io.exe
FirewallRules: [{3A5630A9-83B6-44B4-ADC3-62F520EA45BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D090A75C-525E-4A75-9D56-6EBF8D21CE04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64D7CF1A-7F60-4570-B54E-820B870FA6C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F3471A5-FAC8-4D04-9AD5-FFB1BD2A2340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B092329-1752-421C-817F-BC74736C0FC0}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{49C509F9-01A1-4395-8676-CB7004AFF665}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
FirewallRules: [{6488F17B-D4E1-440A-A976-018BDCFD1429}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [{583FC695-87FC-4778-BBBA-B28AAC4A5D66}] => (Allow) C:\Windows\twain_32\Samsung\SCX4623\Sscan2io.exe
FirewallRules: [TCP Query User{939F4DFE-70F4-4BF5-9A3A-9E8FE5FA387E}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [UDP Query User{0BF28297-A08B-4FF6-B7C7-D0A405459CBA}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{81B5AA9E-E5C0-4C4A-8024-539276718B86}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [{17777220-47DA-474D-9AF4-321755C13CA2}] => (Block) C:\program files (x86)\leechftp\leechftp.exe
FirewallRules: [TCP Query User{88A73253-ED0B-4527-B77C-8874DAACDAB3}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{C7E19288-4D88-43D9-BAE2-306A9F30F0A5}C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{B58D2DFF-66D7-480D-8618-1605430444A7}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{685A77A0-34AB-47DF-B8BD-E670E32B51C8}C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe] => (Allow) C:\users\aaron\desktop\downloads\aoe\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{515EEFDD-259C-4676-B23F-F94D4B9A9B44}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{C4F3CBDF-46D5-4AD2-8A67-05581FA19335}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{EF1B562A-9655-409A-A934-C36B5BE3C257}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{6AA3ACBA-BD16-4B0E-BA8D-A81CC2C4793D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{007E4B09-0B56-4895-8D4E-F6DCFE7283BA}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F6B757B5-307F-46A4-9FFE-52451D03DFD1}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0725FF3A-769D-41C2-A289-A9A84A88F286}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{792CCAA8-A680-414C-AE91-DCC151C84A51}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{A6CF07EF-7C15-4208-9C2A-77229FAB2E08}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEEACF0D-7AA9-4B83-A526-D9291A3111BB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3367A23D-97C2-4749-940F-6D514AE6672F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5BD4A1FC-D6AA-4C52-8B0B-CA3F9E86ED47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B7A76FB-4724-4FE6-B196-6B06CBADD793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C5E6FD03-1E3C-4CCD-A7D4-A3298D6C5C78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{385F3167-C5AD-4CF5-B351-7A86732A43BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7A7C0C33-D121-47B6-9D41-718945A85791}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8E80AB15-E4CD-4036-A157-672707862741}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{39E3449E-C699-4E28-90FB-E06F88334D95}] => (Allow) G:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{D113A492-7756-4F49-85B5-F7BD5A1E8A20}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{3826C67F-BAB1-4373-8C9F-1EBEF6453A3C}] => (Allow) G:\Downloads\uTorrent.exe
FirewallRules: [{212AA332-EC1E-42B1-BFB1-0CC6EB6BF954}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54DC90E6-1D2E-491E-A85C-DBBB8A3A664C}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{044F4BD9-C563-4FD2-AEA3-B02116760FEE}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{36202C0E-2357-42C6-BA8A-DBE0EC2D8721}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{A3C4DB23-6990-4A53-A9B7-B61945751091}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0ECDDE80-FA5E-40B7-8B9D-5D72F64742D4}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E4066D09-D13F-4B51-9EB1-69CDACB8FB73}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [UDP Query User{0109CF3E-4B39-45D2-82BB-AEFAA0420CD0}C:\users\aaron\desktop\images2\brianquake\winquake.exe] => (Allow) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{C2C2BCE8-1594-4AC2-B550-79D8F85EACE7}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [{8766A6F0-FAC2-4FBB-AD31-B730A87305AB}] => (Block) C:\users\aaron\desktop\images2\brianquake\winquake.exe
FirewallRules: [TCP Query User{C0961C7C-E162-447A-98EF-3592A6DC8CF9}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [UDP Query User{1095EE0E-48B6-4A9C-BD54-C51996BCC79D}C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe] => (Allow) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{670D0A41-209C-4E40-943B-02114E9FD0D3}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{062B4869-47F9-46D5-92F8-E524F70A7A55}] => (Block) C:\users\aaron\desktop\images2\starfleetcommand\starfleet.exe
FirewallRules: [{F4BAD991-2E3A-4594-A695-C4262646BF25}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81BCE1E4-4FC0-470D-8C28-0313355E18DF}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90481295-BB13-4D32-A77E-1A13FB749236}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7F73812-5374-4932-86D9-1BD9F90B6D08}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58A2B39B-1180-4EE3-BCAB-FA6B658E5F93}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6312911C-5EF6-4E71-AFCF-A31E1EC944CD}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5FDB9E24-9DFB-4E28-99E9-1C473FC3023E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{8C844D3F-1A63-4882-A732-9530887F98B5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B18BD1A8-F169-48A7-A2FE-695972E0E094}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{17F56712-C452-4E5D-BA33-8B0917F50083}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4FC4A00D-D59B-4E3B-B958-664EC6E56F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{817BB168-CBDD-4062-8C11-2EAADA1949CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCBB7FB2-72BC-40B7-A3CE-E3C544593F52}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{E9DD4A79-572E-4CF2-A9C1-822EDE329252}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{08ED72C1-D8BD-40F5-A76E-0FA707376680}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F4681EF7-39A5-4679-8B55-9D971122D163}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DADFD933-02FA-4440-B3FF-10B3DD424298}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F03356DE-9402-452B-A88A-F51CC48DA3C9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A86C17B5-0A02-41B2-8AB9-B58665CABA74}] => (Allow) LPort=15600
FirewallRules: [TCP Query User{36474C56-EA37-46B9-BD3D-C68BDED81617}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{96BC5ABF-B1DA-4567-872B-982061CFDA35}C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\aaron\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{8FB55FC7-0025-4A3A-9E79-B952FC977CC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00D30FAC-F1B4-47A7-BB8F-13B0F4533CD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5722600-A349-4137-99F6-8B256D87081E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C52BEA8-5C93-45E0-80E3-AD6A9934C318}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98A415FF-DC83-4FA3-9E21-2690DC15CB68}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A6526E95-2122-4EB7-9B1F-C985A62189BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2015 11:10:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (10/27/2015 12:00:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/26/2015 01:15:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/25/2015 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/24/2015 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/23/2015 07:42:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (10/23/2015 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/22/2015 12:00:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/21/2015 04:58:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (10/20/2015 03:50:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).


System errors:
=============
Error: (10/28/2015 07:40:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 07:40:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 06:25:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 06:25:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 05:11:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 05:11:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 05:11:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 05:11:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 05:11:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/28/2015 05:11:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 50%
Total physical RAM: 8170.01 MB
Available physical RAM: 4068.64 MB
Total Virtual: 26209.77 MB
Available Virtual: 17765.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:342.49 GB) NTFS
Drive d: (BROODWAR_UK) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
Drive g: (2TB) (Fixed) (Total:1863.01 GB) (Free:1653.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C8526F36)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 954F3D56)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-28 22:03:37
-----------------------------
22:03:37.918 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:37.918 Number of processors: 4 586 0x2A07
22:03:37.919 ComputerName: BLACKPC UserName: Aaron
22:03:38.272 Initialize success
22:03:38.282 VM: initialized successfully
22:03:38.282 VM: Intel CPU BiosDisabled
22:05:36.201 AVAST engine defs: 15102801
22:05:48.964 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:05:48.964 Disk 0 Vendor: ST2000DM CC27 Size: 1907729MB BusType: 3
22:05:48.964 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port1Path0Target1Lun0
22:05:48.974 Disk 1 Vendor: Samsung_ EMT0 Size: 476940MB BusType: 11
22:05:48.974 Disk 1 MBR read successfully
22:05:48.974 Disk 1 MBR scan
22:05:48.984 Disk 1 Windows VISTA default MBR code
22:05:48.984 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:05:48.984 Disk 1 default boot code
22:05:48.984 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
22:05:48.994 Disk 1 scanning C:\Windows\system32\drivers
22:05:51.307 Service scanning
22:05:58.017 Modules scanning
22:05:58.017 Disk 1 trace - called modules:
22:05:58.017 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
22:05:58.017 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8008d26060]
22:05:58.027 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port1Path0Target1Lun0[0xfffffa8008b33050]
22:05:58.317 AVAST engine scan C:\Windows
22:05:59.144 AVAST engine scan C:\Windows\system32
22:07:30.104 AVAST engine scan C:\Windows\system32\drivers
22:07:37.410 AVAST engine scan C:\Users\Aaron
22:11:50.628 Disk 1 MBR has been saved successfully to "G:\Downloads\Malware removal\MBR.dat"
22:11:50.638 The log file has been saved successfully to "G:\Downloads\Malware removal\aswMBR.txt"


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015
Ran by Aaron (administrator) on BLACKPC (28-10-2015 22:01:50)
Running from G:\Downloads\Malware removal
Loaded Profiles: Aaron (Available Profiles: Aaron & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.exe
() C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
(Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Valve Corporation) G:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [SCX4623_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623 Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe [1990144 2011-06-24] ()
HKLM-x32\...\Run: [4623FW Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe [1982464 2010-02-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-04-20] (Inmar, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-08-12] (SlySoft, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Steam] => G:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Settings Manager] => C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.EXE [954992 2015-09-30] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [UM] => C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE [806064 2015-10-06] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Google Update] => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-09] (Google Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\MountPoints2: {494bc095-037e-11e2-86ac-00268314e930} - D:\SETUP.EXE
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\MountPoints2: {494bc1ba-037e-11e2-86ac-00268314e930} - H:\LaunchU3.exe -a
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [2013-10-12]
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Aaron\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-10-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-10-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-10-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> G:\QuickBooks Pro 2014\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23578A93-21A1-47F2-A51B-97699C7B3824}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6588490C-9C39-4614-8E15-1D116A942169}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> DefaultScope {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000 -> {5288CC14-5D1C-4E86-9FD3-B904C74A558B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Coupon Companion -> {11111111-1111-1111-1111-110011441193} -> C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-07-29] (Wondershare)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - G:\QuickBooks Pro 2014\HelpAsyncPluggableProtocol.dll [2014-06-26] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Aaron\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Aaron\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2013-02-28] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-10-03] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\searchplugins\yahoo_ff.xml [2015-07-21]
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-08-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Cast) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-13]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-10-28]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici [2014-08-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Coupon Companion) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm [2014-05-24] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/4493.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [iijmpjamifmplbakhgikofogdfackici] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com.crx [2014-08-29]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Aaron\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2012-11-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-07-12] (Samsung Electronics Co., Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-18] (GFI Software)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-28 22:01 - 2015-10-28 22:01 - 00000000 ____D C:\FRST
2015-10-28 22:00 - 2015-10-28 22:00 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BLACKPC-Windows-7-Home-Premium-(64-bit).dat
2015-10-28 22:00 - 2015-10-28 22:00 - 00000000 ____D C:\RegBackup
2015-10-28 21:59 - 2015-10-28 21:59 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-28 21:59 - 2015-10-28 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-28 21:59 - 2015-10-28 21:59 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-28 21:23 - 2015-10-28 21:23 - 00000000 ___RD C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-26 15:16 - 2015-10-26 15:16 - 00003090 _____ C:\Windows\System32\Tasks\{D370B6B3-F58E-4857-8585-3DFD0F92E51F}
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\Program Files\iTunes
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\Program Files\iPod
2015-10-19 22:57 - 2015-10-19 22:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-19 22:56 - 2015-10-19 22:56 - 00000000 ____D C:\Program Files\Bonjour
2015-10-19 22:56 - 2015-10-19 22:56 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-19 22:55 - 2015-10-19 22:55 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-19 22:55 - 2015-10-19 22:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-19 22:53 - 2015-10-19 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-19 22:53 - 2015-10-19 22:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-17 12:18 - 2015-10-17 12:20 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-16 19:26 - 2015-10-16 19:26 - 00002303 _____ C:\Users\Aaron\Desktop\Chrome App Launcher.lnk
2015-10-16 19:26 - 2015-10-16 19:26 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-15 03:04 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 03:04 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 03:04 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 03:04 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 12:17 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 12:17 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 12:17 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 12:17 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 12:17 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 12:17 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 12:17 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 12:17 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 12:17 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 12:17 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 12:17 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 12:17 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 12:17 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 12:17 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 12:17 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 12:17 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 12:17 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 12:17 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 12:17 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 12:17 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 12:17 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 12:17 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 12:17 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 12:17 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 12:17 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 12:17 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 12:17 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 12:17 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 12:17 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 12:17 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 12:17 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 12:17 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 12:17 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 12:17 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 12:17 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 12:17 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 12:17 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 12:17 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 12:17 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 12:17 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 12:17 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 12:17 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 12:17 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 12:17 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 12:17 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 12:17 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 12:17 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 12:17 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 12:17 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 12:17 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 12:17 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 12:17 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 12:17 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 12:17 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 12:17 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 12:17 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 12:17 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 12:17 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 12:17 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 12:17 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 12:17 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 12:15 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 12:15 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 12:15 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 12:15 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 12:12 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 12:12 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 12:12 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 12:12 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 12:12 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 12:12 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 12:12 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 12:12 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 12:12 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 12:12 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 12:12 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 12:12 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 12:12 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 12:12 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 12:12 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 12:12 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 12:12 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 12:12 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 12:12 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 12:12 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 12:12 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 12:12 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 12:12 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 12:12 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 12:12 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 12:12 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 12:12 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 12:12 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 12:12 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 12:12 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 12:12 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 12:12 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 12:12 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 12:12 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-13 12:12 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 12:12 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 12:12 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 12:12 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 12:12 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 12:12 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 12:12 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 12:12 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 12:12 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 12:12 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 12:12 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 12:12 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 12:12 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 12:12 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 12:12 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 12:12 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 12:12 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 12:12 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 12:12 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-03 18:42 - 2015-10-03 19:10 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\webex
2015-10-03 18:42 - 2015-10-03 19:10 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\WebEx
2015-10-03 18:42 - 2015-10-03 18:42 - 00000000 ____D C:\Users\Aaron\AppData\Local\WebEx
2015-10-03 18:42 - 2015-10-03 18:42 - 00000000 ____D C:\ProgramData\WebEx
2015-10-03 12:25 - 2015-10-25 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-29 14:19 - 2015-09-29 14:19 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-28 21:54 - 2012-09-01 16:53 - 01477887 _____ C:\Windows\WindowsUpdate.log
2015-10-28 21:48 - 2015-03-21 01:17 - 00000498 _____ C:\Windows\Tasks\ATConsole.job
2015-10-28 21:28 - 2014-03-16 21:27 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\uTorrent
2015-10-28 21:23 - 2012-09-01 22:09 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-10-28 21:23 - 2012-09-01 22:01 - 00000000 ____D C:\Users\Aaron\Documents\Bluetooth Folder
2015-10-28 21:19 - 2015-05-09 10:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job
2015-10-28 21:19 - 2012-09-02 11:45 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Skype
2015-10-28 21:04 - 2014-05-24 22:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 20:47 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-28 20:47 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-28 16:44 - 2012-09-15 17:27 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-10-28 11:01 - 2012-09-01 17:25 - 00000000 ____D C:\Users\Aaron
2015-10-28 09:19 - 2015-05-09 10:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job
2015-10-27 23:55 - 2009-07-13 23:51 - 00066937 _____ C:\Windows\setupact.log
2015-10-27 22:04 - 2014-05-24 22:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-25 18:14 - 2012-10-25 22:48 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\vlc
2015-10-23 13:05 - 2014-05-24 22:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-19 23:04 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 22:59 - 2014-08-29 09:33 - 00000040 ___SH C:\ProgramData\.zreglib
2015-10-19 22:59 - 2013-04-18 12:27 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2015-10-19 22:58 - 2012-09-01 19:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-19 22:58 - 2010-11-20 22:47 - 01535460 _____ C:\Windows\PFRO.log
2015-10-19 22:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-19 22:57 - 2012-12-20 21:30 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-19 22:57 - 2012-09-29 16:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-19 22:56 - 2014-08-28 22:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-10-19 22:55 - 2012-09-29 16:19 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-19 22:53 - 2012-12-20 21:29 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-18 09:22 - 2012-10-04 20:29 - 00000000 ____D C:\Users\Aaron\AppData\Local\CrashDumps
2015-10-16 03:00 - 2015-04-15 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 03:00 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 16:22 - 2012-09-01 17:25 - 00000000 ____D C:\Users\Aaron\AppData\Local\VirtualStore
2015-10-14 11:58 - 2014-12-16 22:48 - 00203739 _____ C:\Users\Aaron\Documents\Address Labels.avery
2015-10-14 03:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 03:20 - 2012-10-22 19:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-14 03:03 - 2013-03-16 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 03:02 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-10-12 23:40 - 2012-09-23 08:28 - 00000000 ____D C:\Users\Aaron\AppData\Local\Adobe
2015-10-12 23:40 - 2012-09-01 22:33 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-12 23:40 - 2012-09-01 22:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-08 07:36 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-06 03:15 - 2015-05-01 10:22 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Update Manager
2015-10-03 18:42 - 2014-05-31 20:07 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Temp
2015-10-03 18:42 - 2012-09-01 23:48 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Mozilla
2015-09-29 14:19 - 2015-05-09 10:08 - 00001209 _____ C:\Users\Aaron\Desktop\Chromecast.lnk
2015-09-29 14:19 - 2012-11-08 23:29 - 00000000 ____D C:\Users\Aaron\AppData\Local\Google

==================== Files in the root of some directories =======

2014-12-16 22:19 - 2014-04-24 08:04 - 0099678 _____ () C:\Program Files (x86)\7a528302-651c-415a-b73e-d6f647cf6467-avery-icon_02.ico
2014-12-16 22:19 - 2014-04-30 11:01 - 0131584 _____ () C:\Program Files (x86)\DesktopDPO.exe
2014-12-16 22:19 - 2014-05-08 12:14 - 9809519 _____ () C:\Program Files (x86)\DesktopDPO.swf
2014-12-16 22:19 - 2014-03-24 05:50 - 0000059 _____ () C:\Program Files (x86)\mimetype
2014-12-16 22:19 - 2014-12-16 22:19 - 0063594 _____ () C:\Program Files (x86)\uninstall.dat
2014-12-16 22:19 - 2014-12-16 22:19 - 4077314 _____ (Avery Products Corporation) C:\Program Files (x86)\uninstall.exe
2013-03-09 19:40 - 2013-04-07 10:39 - 0919244 _____ () C:\Users\Aaron\AppData\Local\a.zip
2013-03-09 19:40 - 2013-04-07 10:39 - 2151080 _____ (Catalina Marketing Corp) C:\Users\Aaron\AppData\Local\BcsKtYcHW.dll
2012-09-01 21:04 - 2015-08-27 21:31 - 0007616 _____ () C:\Users\Aaron\AppData\Local\resmon.resmoncfg
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\Aaron\AppData\Local\setup.txt
2015-07-08 02:08 - 2015-07-08 02:08 - 0253196 _____ () C:\Users\Aaron\AppData\Local\Tempdivx02ce
2015-07-17 10:39 - 2015-07-17 10:39 - 0043494 _____ () C:\Users\Aaron\AppData\Local\Tempdivx0ec8
2014-08-29 09:33 - 2015-10-19 22:59 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-03-21 01:18 - 2015-03-21 01:18 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-03-21 20:17 - 2015-04-04 13:49 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\Abspdf.exe
C:\Users\Aaron\AppData\Local\Temp\acfpdfu.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfui.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Aaron\AppData\Local\Temp\cdintf.dll
C:\Users\Aaron\AppData\Local\Temp\e70afd24-2734-4518-8b65-03a9229821de.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe
C:\Users\Aaron\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SMSetup.exe
C:\Users\Aaron\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aaron\AppData\Local\Temp\Uninstaller-11068.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Aaron\AppData\Local\Temp\xmllite.dll
C:\Users\Aaron\AppData\Local\Temp\_is67B9.exe
C:\Users\Aaron\AppData\Local\Temp\_is86B.exe
C:\Users\Aaron\AppData\Local\Temp\_isDA29.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 23:35

==================== End of FRST.txt ============================


My PC is running conhost/cmd.exe/msiexec.exe/ etc all in the 100k+ memory range and PC usage over 50%. this has just happened.

I had Utorrent but removed it (you will see it in the logs), but had not used it in some time.

any help is appreciated.

THanks,
aaron Franke

[Juliet]

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


~~~~
Items need to be uninstalled from your add/remove programs list


Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Coupon Companion (HKLM-x32\...\Coupon Companion) (Version: 1.24.151.151 - 215 Apps) <==== ATTENTION
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Settings Manager (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Settings Manager) (Version: 23.2.0.2 - Spigot, Inc.) <==== ATTENTION

After completing uninstalls, please manually reboot your machine!

~~~~~~~~~~~~`

Running from G:\Downloads\Malware removal

It's best we move Farbar's to desktop.

Please go to your G:\Downloads\Malware removal folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
2015-04-30 14:43 - 2015-04-30 14:43 - 00090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-04-20] (Inmar, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Settings Manager] => C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.EXE [954992 2015-09-30] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [UM] => C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE [806064 2015-10-06] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
BHO-x32: Coupon Companion -> {11111111-1111-1111-1111-110011441193} -> C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll => No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Homepage: hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Aaron\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Aaron\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2013-02-28] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
CHR Extension: (Coupon Companion) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm [2014-05-24] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/4493.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Aaron\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2012-11-08]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
2013-03-09 19:40 - 2013-04-07 10:39 - 2151080 _____ (Catalina Marketing Corp) C:\Users\Aaron\AppData\Local\BcsKtYcHW.dll
C:\Users\Aaron\AppData\Local\Temp\Abspdf.exe
C:\Users\Aaron\AppData\Local\Temp\acfpdfu.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfui.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Aaron\AppData\Local\Temp\cdintf.dll
C:\Users\Aaron\AppData\Local\Temp\e70afd24-2734-4518-8b65-03a9229821de.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe
C:\Users\Aaron\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SMSetup.exe
C:\Users\Aaron\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aaron\AppData\Local\Temp\Uninstaller-11068.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Aaron\AppData\Local\Temp\xmllite.dll
C:\Users\Aaron\AppData\Local\Temp\_is67B9.exe
C:\Users\Aaron\AppData\Local\Temp\_is86B.exe
C:\Users\Aaron\AppData\Local\Temp\_isDA29.exe
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~`

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  You can get help on disabling your protection programs here
  
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

~~~~~~~~~~~~~~~~~~`

Please post these logs when finished.

[Juliet]

Still need help?

[Saidian]

ComboFix 15-10-28.01 - Aaron 10/31/2015 10:23:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8170.2965 [GMT -5:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall.exe
c:\users\Aaron\AppData\Local\Coupon Companion
c:\users\Aaron\Desktop\Setup.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-09-28 to 2015-10-31 )))))))))))))))))))))))))))))))
.
.
2015-10-31 15:26 . 2015-10-31 15:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-10-31 15:26 . 2015-10-31 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-30 23:49 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FA84D26-8E48-475C-BBBA-B470BF747BF8}\mpengine.dll
2015-10-29 03:01 . 2015-10-31 15:20 -------- d-----w- C:\FRST
2015-10-29 03:00 . 2015-10-29 03:00 -------- d-----w- C:\RegBackup
2015-10-29 02:59 . 2015-10-29 02:59 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-10-20 03:57 . 2015-10-20 03:57 -------- d-----w- c:\program files\iTunes
2015-10-20 03:57 . 2015-10-20 03:57 -------- d-----w- c:\program files (x86)\iTunes
2015-10-20 03:57 . 2015-10-20 03:57 -------- d-----w- c:\program files\iPod
2015-10-20 03:56 . 2015-10-20 03:56 -------- d-----w- c:\program files\Bonjour
2015-10-20 03:56 . 2015-10-20 03:56 -------- d-----w- c:\program files (x86)\Bonjour
2015-10-20 03:55 . 2015-10-20 03:55 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-20 03:53 . 2015-10-20 03:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-10-20 03:53 . 2015-10-20 03:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-10-20 03:53 . 2015-10-20 03:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-10-20 03:53 . 2015-10-20 03:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-10-20 03:53 . 2015-10-20 03:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-10-20 03:53 . 2015-10-20 03:53 -------- d-----w- c:\program files (x86)\QuickTime
2015-10-17 17:18 . 2015-10-17 17:20 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-15 08:04 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 08:04 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 08:04 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 08:04 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 08:04 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 08:04 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 08:04 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-13 17:15 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2015-10-13 17:15 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-13 17:15 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2015-10-13 17:14 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-13 17:14 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-13 17:14 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-13 17:14 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-13 17:14 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-13 17:14 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-13 17:14 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-03 23:42 . 2015-10-04 00:10 -------- d-----w- c:\users\Aaron\AppData\Roaming\webex
2015-10-03 23:42 . 2015-10-03 23:42 -------- d-----w- c:\programdata\WebEx
2015-10-03 23:42 . 2015-10-03 23:42 -------- d-----w- c:\users\Aaron\AppData\Local\WebEx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-13 04:40 . 2012-09-02 03:33 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-13 04:40 . 2012-09-02 03:33 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-29 02:58 . 2015-10-13 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-02 03:04 . 2015-09-08 21:31 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-08 21:31 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-08 21:31 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-08 21:31 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-08 21:31 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-08 21:31 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-08 21:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-08 21:31 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-08 21:31 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-08 21:31 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-08 21:31 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-08 21:31 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-08 21:31 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-08 21:31 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-08 21:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-08 21:31 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-08 21:31 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-08 21:31 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-08 21:31 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-12 21:03 . 2015-08-12 21:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-12 21:03 . 2015-08-12 21:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 21:03 . 2015-08-12 21:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 21:03 . 2015-08-12 21:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 21:03 . 2015-08-12 21:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-12 21:03 . 2015-08-12 21:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 21:03 . 2015-08-12 21:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 21:03 . 2015-08-12 21:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-06 16:43 . 2015-08-06 16:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 16:43 . 2015-08-06 16:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-08-05 17:56 . 2015-09-08 21:43 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-08 21:43 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-08 21:43 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-08 21:43 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2014-04-30 16:01 . 2014-12-17 03:19 131584 ----a-w- c:\program files (x86)\DesktopDPO.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Aaron\AppData\Local\Akamai\netsession_win.exe" [2015-09-11 4691384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2014-08-12 109480]
"Steam"="g:\program files (x86)\Steam\Steam.exe" [2015-10-14 2901584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-09-02 721504]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-08 53735968]
"GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-20 811848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-13 688128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-09-23 60688]
"SCX4623_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX4623\Scan2pc.exe" [2011-06-24 1990144]
"4623 Scan2PC"="c:\windows\twain_32\Samsung\SCX4623\Scan2Pc.exe" [2011-06-24 1990144]
"4623FW Scan2PC"="c:\windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe" [2010-02-11 1982464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-06-14 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-06-14 153992]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-02-27 3775800]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2015-04-28 2086240]
"DelaypluginInstall"="c:\programdata\Wondershare\Video Converter Ultimate\DelayPluginI.exe" [2014-05-16 1953792]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-05-05 448520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Aaron\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-6-5 6306104]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.163\SSScheduler.exe [2015-7-31 330456]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-6-26 1129288]
QuickBooks_Standard_21.lnk - g:\quickbooks pro 2014\QBW32.EXE -silent [2014-6-26 1215816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.163\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.163\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jswpbapi;JumpStart Push-Button Service;c:\program files (x86)\NETGEAR\WNA1100\jswpbapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpbapi.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-23 18:04 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-31 c:\windows\Tasks\ATConsole.job
- g:\program files (x86)\AT Console\ATConsole.Run.exe [2015-02-27 18:16]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25 22:52]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25 22:52]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09 15:08]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2780459401-3871315293-2221292059-1000UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09 15:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-09-24 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-Avery Design & Print 1.0.0 - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-2780459401-3871315293-2221292059-1000)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\thawbrkr.dll"
.
[HKEY_USERS\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\Drive\ShellEx\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-2780459401-3871315293-2221292059-1000)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\thawbrkr.dll"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-31 10:28:03
ComboFix-quarantined-files.txt 2015-10-31 15:28
.
Pre-Run: 401,979,346,944 bytes free
Post-Run: 402,053,451,776 bytes free
.
- - End Of File - - 3638F0FE0839BA7546382B0752020BD8







Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Aaron (2015-10-31 10:10:08) Run:1
Running from C:\Users\Aaron\Desktop
Loaded Profiles: Aaron (Available Profiles: Aaron & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
2015-04-30 14:43 - 2015-04-30 14:43 - 00090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-04-20] (Inmar, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Settings Manager] => C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.EXE [954992 2015-09-30] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [UM] => C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE [806064 2015-10-06] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
BHO-x32: Coupon Companion -> {11111111-1111-1111-1111-110011441193} -> C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll => No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Homepage: hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Aaron\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Aaron\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2013-02-28] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
CHR Extension: (Coupon Companion) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm [2014-05-24] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/4493.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Aaron\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2012-11-08]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
2013-03-09 19:40 - 2013-04-07 10:39 - 2151080 _____ (Catalina Marketing Corp) C:\Users\Aaron\AppData\Local\BcsKtYcHW.dll
C:\Users\Aaron\AppData\Local\Temp\Abspdf.exe
C:\Users\Aaron\AppData\Local\Temp\acfpdfu.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfui.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Aaron\AppData\Local\Temp\cdintf.dll
C:\Users\Aaron\AppData\Local\Temp\e70afd24-2734-4518-8b65-03a9229821de.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe
C:\Users\Aaron\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SMSetup.exe
C:\Users\Aaron\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aaron\AppData\Local\Temp\Uninstaller-11068.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Aaron\AppData\Local\Temp\xmllite.dll
C:\Users\Aaron\AppData\Local\Temp\_is67B9.exe
C:\Users\Aaron\AppData\Local\Temp\_is86B.exe
C:\Users\Aaron\AppData\Local\Temp\_isDA29.exe
EmptyTemp:
Hosts:
End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe" => not found.
C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE => moved successfully
"C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe" => not found.
C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe => moved successfully
"C:\Program Files (x86)\Coupons\CouponPrinterService.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Http Listener => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Digital Coupon Print Driver => value removed successfully
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Settings Manager => value not found.
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UM => value removed successfully
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011441193}" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
Firefox "homepage" removed successfully
"HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => key removed successfully
C:\Users\Aaron\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => moved successfully
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin => key not found.
C:\Users\Aaron\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll => not found.
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\MozillaPlugins\revtrax.com/RevTraxPrintMyCoupon => key not found.
C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll => not found.
C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll => moved successfully
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found.
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] => not found.
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm <==== ATTENTION => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbkdpahkifcigckmhiafindmaflfifgm" => key removed successfully
C:\Users\Aaron\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx => moved successfully
CouponPrinterService => service not found.
C:\Users\Aaron\AppData\Local\BcsKtYcHW.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\Abspdf.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\acfpdfu.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\acfpdfuamd64.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\acfpdfui.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\acfpdfuia64.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiamd64.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiia64.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\cdintf.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\e70afd24-2734-4518-8b65-03a9229821de.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\PDFPRT400.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\SearchProtectionSetup.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\SMSetup.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\swt-win32-3349.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\Uninstaller-11068.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\xmllite.dll => moved successfully
C:\Users\Aaron\AppData\Local\Temp\_is67B9.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\_is86B.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\_isDA29.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 27.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:16:21 ====

[Saidian]

Sorry been a busy few days. I have completed it, and will be available most of today.

[Saidian]

The issue is still present.

[Juliet]

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  
  
  
  
  
  
  
  
• On the Dashboard click on Update Now
  
• Go to the Setting Tab
  
• Under Setting go to Detection and Protection
  
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
  
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  
• Then on the Dashboard click on Scan
  
• Make sure to select THREAT SCAN
  
• Then click on Scan
  
• When the scan is finished and the log pops up...select Copy to Clipboard
  
• Please paste the log back into this thread for review
  
• Exit Malwarebytes

or use this method

• Open Malwarebytes and on the Dashboard click on History
• Then Application Logs
• Then Scan log
• Select the date of the scan you just ran
• Then click Export
• On the dropdown list select Copy to Clipboard and paste it into this thread

~~~~~~~~~~~~

Please remove any usb or external drives from the computer before you run this scan!


Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• Download RogueKiller to your desktop.
  
  
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.

Please post these logs when finished.

[Saidian]

RogueKiller V10.11.3.0 (x64) [Oct 26 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aaron [Administrator]
Started from : C:\Users\Aaron\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 10/31/2015 19:02:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BridgeMP (system32\DRIVERS\bridge.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\ComboFix\catchme.sys) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9E281651-A977-4FD0-90B4-B42646DEC41E} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 7 ¤¤¤
[PUP][Folder] C:\Users\Aaron\AppData\Roaming\OpenCandy -> Found
[PUP][Folder] C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} -> Found
[PUP][Folder] C:\Program Files (x86)\adawaretb -> Found
[PUP][Folder] C:\Program Files (x86)\Coupon Companion -> Found
[PUP][Folder] C:\Program Files (x86)\Coupons -> Found
[PUP][Folder] C:\Program Files (x86)\Digital Coupon Printer -> Found
[PUP][Folder] C:\Program Files (x86)\Toolbar Cleaner -> Found

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f948705991074cebcb8fa350bfd6105f
[BSP] 1200398017ae20442a4456cab7cabe26 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 7e6cea55b8b914f4df8c2ac0a8aa1a54
[BSP] 824c67418be887a97891e9c1ed4140e3 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

[Saidian]

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


~~~~
Items need to be uninstalled from your add/remove programs list


Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Coupon Companion (HKLM-x32\...\Coupon Companion) (Version: 1.24.151.151 - 215 Apps) <==== ATTENTION
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Settings Manager (HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Settings Manager) (Version: 23.2.0.2 - Spigot, Inc.) <==== ATTENTION

After completing uninstalls, please manually reboot your machine!

~~~~~~~~~~~~`

Running from G:\Downloads\Malware removal

It's best we move Farbar's to desktop.

Please go to your G:\Downloads\Malware removal folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2780459401-3871315293-2221292059-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
2015-04-30 14:43 - 2015-04-30 14:43 - 00090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE
C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-04-20] (Inmar, Inc.)
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [Settings Manager] => C:\Users\Aaron\AppData\Roaming\Settings Manager\SettingsManager.EXE [954992 2015-09-30] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\...\Run: [UM] => C:\Users\Aaron\AppData\Roaming\Update Manager\UM.EXE [806064 2015-10-06] ()
HKU\S-1-5-21-2780459401-3871315293-2221292059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
BHO-x32: Coupon Companion -> {11111111-1111-1111-1111-110011441193} -> C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll => No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Homepage: hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Aaron\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Aaron\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-2780459401-3871315293-2221292059-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Aaron\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2013-02-28] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cp9jc7s0.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-18] [not signed]
CHR Extension: (Coupon Companion) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm [2014-05-24] [UpdateUrl: hxxps://crossrider.cotssl.net/plugin/chrome/update/4493.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Aaron\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [2012-11-08]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
2013-03-09 19:40 - 2013-04-07 10:39 - 2151080 _____ (Catalina Marketing Corp) C:\Users\Aaron\AppData\Local\BcsKtYcHW.dll
C:\Users\Aaron\AppData\Local\Temp\Abspdf.exe
C:\Users\Aaron\AppData\Local\Temp\acfpdfu.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfui.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Aaron\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Aaron\AppData\Local\Temp\cdintf.dll
C:\Users\Aaron\AppData\Local\Temp\e70afd24-2734-4518-8b65-03a9229821de.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe
C:\Users\Aaron\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SMSetup.exe
C:\Users\Aaron\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Aaron\AppData\Local\Temp\Uninstaller-11068.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Aaron\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Aaron\AppData\Local\Temp\xmllite.dll
C:\Users\Aaron\AppData\Local\Temp\_is67B9.exe
C:\Users\Aaron\AppData\Local\Temp\_is86B.exe
C:\Users\Aaron\AppData\Local\Temp\_isDA29.exe
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~`

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...


~~~~~~~~~~~~~~~~~~`

Please post these logs when finished.
MS - MVP Consumer Security 2009 - 2015
Please do not PM me for Malware help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.

[Saidian]

Ignore that post above this, I am having trouble posting the malware bytes scan, I think it is too large for the server.