Hi, I accidentally clicked into something that loaded poop in a boot-time environmet!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Dad (administrator) on DAD-LIVINGROOM (15-11-2015 15:30:33)
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available Profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(CANON INC.) C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: E - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: {112c421c-0450-11e2-b36a-386077b09626} - K:\setup.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2013-12-28]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-28]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2014-12-01]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2014-11-23]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1449296314-4276338034-3963218778-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1449296314-4276338034-3963218778-1001] => localhost:21320
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaie
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10151__150609__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-01] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1449296314-4276338034-3963218778-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Extension: RivalGaming - C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-06] [not signed]
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-11-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-04] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-04] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-07] ()
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [88160 2013-09-25] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [112224 2013-09-25] (MCCI Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 15:30 - 2015-11-15 15:30 - 00023089 _____ C:\Users\Dad\Downloads\FRST.txt
2015-11-15 15:27 - 2015-11-15 15:30 - 00000000 ____D C:\FRST
2015-11-15 15:27 - 2015-11-15 15:27 - 02198528 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-11-15 15:24 - 2015-11-15 15:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAD-LIVINGROOM-Windows-7-Home-Premium-(64-bit).dat
2015-11-15 15:24 - 2015-11-15 15:24 - 00000000 ____D C:\RegBackup
2015-11-15 15:23 - 2015-11-15 15:23 - 00002201 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-15 15:22 - 2015-11-15 15:23 - 04777232 _____ (Tweaking.com) C:\Users\Dad\Downloads\tweaking.com_registry_backup_setup.exe
2015-11-01 19:38 - 2015-11-02 06:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 14:32 - 2012-04-24 16:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 13:27 - 2011-12-27 17:01 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9648DF75-F85D-45CD-8321-49C580AAD138}
2015-11-15 10:51 - 2011-12-27 16:57 - 01665506 _____ C:\Windows\WindowsUpdate.log
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:31 - 2009-07-13 20:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 10:26 - 2011-12-27 16:56 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\AuthenTec
2015-11-15 10:26 - 2011-12-07 23:34 - 00000000 ____D C:\ProgramData\PDFC
2015-11-15 10:24 - 2015-02-28 09:59 - 00083499 _____ C:\Windows\setupact.log
2015-11-15 10:24 - 2014-07-29 21:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-15 10:24 - 2012-04-24 16:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 10:24 - 2009-07-13 20:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 00:25 - 2011-12-07 23:38 - 00000000 ____D C:\ProgramData\truesuite
2015-11-12 18:54 - 2011-12-28 10:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-11 06:45 - 2011-12-27 20:57 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2015-11-06 06:51 - 2011-12-27 17:27 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 06:51 - 2011-12-27 17:27 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Users\Dad\AppData\Local\Battle.net
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-02 06:22 - 2012-08-25 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 06:22 - 2010-11-20 18:47 - 01279756 _____ C:\Windows\PFRO.log
2015-11-01 09:14 - 2012-04-06 05:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-01 09:14 - 2011-12-07 23:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 11:20 - 2012-07-20 06:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-31 09:40 - 2014-12-25 11:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-24 08:00 - 2009-07-13 20:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2011-12-07 23:37 - 2011-06-09 14:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2012-09-18 17:55 - 2012-09-18 17:55 - 0041472 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2012-10-30 19:29 - 2012-10-30 19:29 - 0033134 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\pn59C2.exe
C:\Users\Dad\AppData\Local\Temp\rootsupd.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 07:01
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Dad (administrator) on DAD-LIVINGROOM (15-11-2015 15:30:33)
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available Profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(CANON INC.) C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: E - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: {112c421c-0450-11e2-b36a-386077b09626} - K:\setup.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2013-12-28]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-28]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2014-12-01]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2014-11-23]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1449296314-4276338034-3963218778-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1449296314-4276338034-3963218778-1001] => localhost:21320
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaie
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10151__150609__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-01] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1449296314-4276338034-3963218778-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Extension: RivalGaming - C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-06] [not signed]
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-11-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-04] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-04] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-07] ()
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [88160 2013-09-25] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [112224 2013-09-25] (MCCI Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 15:30 - 2015-11-15 15:30 - 00023089 _____ C:\Users\Dad\Downloads\FRST.txt
2015-11-15 15:27 - 2015-11-15 15:30 - 00000000 ____D C:\FRST
2015-11-15 15:27 - 2015-11-15 15:27 - 02198528 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-11-15 15:24 - 2015-11-15 15:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAD-LIVINGROOM-Windows-7-Home-Premium-(64-bit).dat
2015-11-15 15:24 - 2015-11-15 15:24 - 00000000 ____D C:\RegBackup
2015-11-15 15:23 - 2015-11-15 15:23 - 00002201 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-15 15:22 - 2015-11-15 15:23 - 04777232 _____ (Tweaking.com) C:\Users\Dad\Downloads\tweaking.com_registry_backup_setup.exe
2015-11-01 19:38 - 2015-11-02 06:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 14:32 - 2012-04-24 16:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 13:27 - 2011-12-27 17:01 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9648DF75-F85D-45CD-8321-49C580AAD138}
2015-11-15 10:51 - 2011-12-27 16:57 - 01665506 _____ C:\Windows\WindowsUpdate.log
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:31 - 2009-07-13 20:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 10:26 - 2011-12-27 16:56 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\AuthenTec
2015-11-15 10:26 - 2011-12-07 23:34 - 00000000 ____D C:\ProgramData\PDFC
2015-11-15 10:24 - 2015-02-28 09:59 - 00083499 _____ C:\Windows\setupact.log
2015-11-15 10:24 - 2014-07-29 21:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-15 10:24 - 2012-04-24 16:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 10:24 - 2009-07-13 20:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 00:25 - 2011-12-07 23:38 - 00000000 ____D C:\ProgramData\truesuite
2015-11-12 18:54 - 2011-12-28 10:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-11 06:45 - 2011-12-27 20:57 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2015-11-06 06:51 - 2011-12-27 17:27 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 06:51 - 2011-12-27 17:27 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Users\Dad\AppData\Local\Battle.net
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-02 06:22 - 2012-08-25 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 06:22 - 2010-11-20 18:47 - 01279756 _____ C:\Windows\PFRO.log
2015-11-01 09:14 - 2012-04-06 05:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-01 09:14 - 2011-12-07 23:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 11:20 - 2012-07-20 06:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-31 09:40 - 2014-12-25 11:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-24 08:00 - 2009-07-13 20:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2011-12-07 23:37 - 2011-06-09 14:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2012-09-18 17:55 - 2012-09-18 17:55 - 0041472 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2012-10-30 19:29 - 2012-10-30 19:29 - 0033134 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\pn59C2.exe
C:\Users\Dad\AppData\Local\Temp\rootsupd.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 07:01
==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Dad (2015-11-15 15:31:06)
Running from C:\Users\Dad\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-28 01:56:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1449296314-4276338034-3963218778-500 - Administrator - Disabled)
Dad (S-1-5-21-1449296314-4276338034-3963218778-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-1449296314-4276338034-3963218778-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1449296314-4276338034-3963218778-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.4.2233 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Fusion (HKLM-x32\...\{B9932399-5955-45B5-A792-25FAAAA1EA70}) (Version: 2.1.60 - Powerteq)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{34681D92-5958-406A-A654-1B57E7A7B3DC}) (Version: 6.0.4.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft OneDrive (HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 97 (HKLM-x32\...\Word8.0) (Version: - )
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nancy Drew - Phantom of Venice and Haunting of Castle Malloy (HKLM-x32\...\{562B97B1-D6BA-4BE9-B9C2-CD6DB2CA8CB7}) (Version: 1.00.0000 - Encore Software, Inc.)
Nancy Drew: Ghost of Thornton Hall (HKLM-x32\...\{93C2CDF6-6072-4EF7-8F19-B601E92C9795}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Galaxies (HKLM-x32\...\{88038160-9BCB-47BE-A5C3-5CE2DC115509}) (Version: 1.00.000 - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
SWGEmu Launchpad (HKLM-x32\...\{FF4299B5-F09F-4197-8648-D41C11D6F7CC}) (Version: 0.23 - SWGEmu)
The Lord of the Rings Online (HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\lotro_highres_en_full) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VIP Access SDK (1.0.1.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-10-2015 21:13:08 avast! antivirus system restore point
04-10-2015 21:25:54 Windows Backup
11-10-2015 18:00:07 Windows Backup
18-10-2015 18:00:09 Windows Backup
25-10-2015 18:00:06 Windows Backup
01-11-2015 19:00:07 Windows Backup
08-11-2015 19:00:06 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 17:34 - 2015-10-26 19:28 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15464 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00D0D66C-D49A-4F51-A3A7-6B0BD547B936} - System32\Tasks\{8DC0EFAA-0058-417C-8BC3-9366671308EC} => E:\GWORKSHP.EXE
Task: {1553B0EF-0137-466E-8522-EB1F66B7FDA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {22C79E18-43D8-4185-8BF3-52E40579C37B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {27055E0F-C005-49BF-B4BC-50D1B15F9EEE} - System32\Tasks\{6C288525-2D61-47F3-8194-7910C7F78032} => E:\GWORKSHP.EXE
Task: {317A9660-A3AC-4309-B7E8-E1F30904B557} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {32D1A532-884D-4B0E-9FC0-76DB95B712AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-08] (Hewlett-Packard)
Task: {336EC73C-0CE3-4656-A157-C3E93A82BC63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {34E6B623-5D05-472C-91EB-F4937FF7C02D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-04] (AVAST Software)
Task: {468FCFCD-630E-4EC5-A040-8D5CA413D85C} - System32\Tasks\{D2A529A5-759A-48CA-9FFF-8E5677111302} => E:\GWORKSHP.EXE
Task: {5DC13449-2E99-4E41-93DD-B3C343547150} - System32\Tasks\{263082CD-D6A6-4F7F-A36C-527BDE7CCE25} => pcalua.exe -a "C:\Program Files (x86)\Origin Games\Punkbuster\pbsetup.exe" -d "C:\Program Files (x86)\Origin Games\Punkbuster"
Task: {6987D574-5D9C-45EC-AF3A-17E3668E1AA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {74B630CD-A3B3-4966-918D-6E92B79905D7} - System32\Tasks\{4A4D3215-6A36-460A-9E0C-9A29EB66B387} => E:\GWORKSHP.EXE
Task: {7650C53C-A9C6-4197-9F4D-E84A7DBE007C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-09] (Hewlett-Packard Company)
Task: {794E8662-837F-4E2D-AA7A-E6ABF03E0F95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-09] (Hewlett-Packard Company)
Task: {7DA8971F-356E-48AF-A4CA-1FAC1E4884D0} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink)
Task: {800123FC-B138-4AFE-A208-50623F297AE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-09] (Hewlett-Packard Company)
Task: {8404A5BB-4C76-401C-93B6-809577C2B323} - System32\Tasks\{8B36AAB4-2568-447A-9FA4-17443664582D} => E:\GWORKSHP.EXE
Task: {89A78DF2-1309-449F-8A7F-D0B35127EFE1} - System32\Tasks\{E0FB7028-E34F-4411-A329-9310C111CBFC} => E:\GWORKSHP.EXE
Task: {A5790F77-8E75-4748-9F62-EF89DA9A4FC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AB70017F-A772-4819-891D-D65FE7737E8D} - System32\Tasks\{75C03272-D418-4CEA-A80C-23869DF98049} => E:\GWORKSHP.EXE
Task: {AC91336B-4D42-41BB-BEE0-F981323C3225} - System32\Tasks\{8FF7C9D0-E193-4347-B18F-61EF6D905593} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office\Setup\Acme.exe" -c /w Off97Pro.STF
Task: {B25E19D6-B722-4DE1-A200-D1A7EC3A48BC} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {B5DF8CF6-946C-4372-B79C-63DFBC90BE44} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C2C19EE1-6FB2-42C1-8C41-7971D47DBE2D} - System32\Tasks\{BF0DFC2E-FCD9-4D0A-83C9-AB1D5195A918} => pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {CC64470B-0EC9-48E6-98DF-E576FC0C6ACA} - System32\Tasks\{7A27D088-254B-4544-9327-440D5F3CC860} => E:\GWORKSHP.EXE
Task: {D463B262-AE42-4C6A-967A-6E6C3EB7304C} - System32\Tasks\{2DE03A8F-D96C-46F6-8164-31462EA87ADE} => E:\GWORKSHP.EXE
Task: {DCF645CF-2272-49AB-9EF3-0AB8563D782B} - System32\Tasks\{923130EB-B09C-460E-8CD0-46371F45CC9E} => E:\GWORKSHP.EXE
Task: {E9E05994-B455-4394-9A43-5DBD25359D86} - System32\Tasks\{6DF4B7F8-14D3-42B6-A98F-9D5EA783EE7D} => E:\GWORKSHP.EXE
Task: {FFC0B296-62E3-4C60-A3EB-7C69E61C4F0F} - System32\Tasks\{318F5D0B-58B9-499B-AA5F-F24B5D88BF8F} => E:\GWORKSHP.EXE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-07-29 21:53 - 2014-07-02 09:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-01 15:30 - 2014-07-01 12:09 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-28 14:44 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
1997-08-19 00:00 - 1997-08-19 00:00 - 00111376 _____ () C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
1997-08-19 00:00 - 1997-08-19 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2015-10-04 21:13 - 2015-10-04 21:13 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-04 21:13 - 2015-10-04 21:13 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-14 09:34 - 2015-11-14 09:34 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111401\algo.dll
2015-11-15 10:26 - 2015-11-15 10:26 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111501\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-14 05:45 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-14 05:45 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-14 05:45 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-14 05:45 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-14 05:45 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-28 14:44 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
1997-08-19 00:00 - 1997-08-19 00:00 - 03782416 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
2015-10-04 21:14 - 2015-10-04 21:14 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE trusted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.172 - 82.163.142.174
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{BC1087EF-82FF-4DEB-A80E-6DAADDDB25F9}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [UDP Query User{13B0BA86-89C7-4CD8-BC30-BFA5C44DDBCD}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [{DEF5CD98-EC4C-46DD-8183-3C4565AB58A5}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{015F2601-6D84-4CB1-ADB7-6A8F700E985B}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{ABCF9259-BAF1-4B96-8924-D9724887EF11}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe
FirewallRules: [UDP Query User{34B4C332-B9D1-48AC-BD83-E5F04376A3E6}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe
FirewallRules: [{8B924D6D-8509-4FC2-9A57-C05F85092444}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{8A5FA354-B87C-4B70-B7D8-42E5633F5094}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{4BD5D355-7CC2-48CA-BDA9-EE92785A18AA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{67DE378B-7382-4A04-889D-E5EC0722898D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{BDECA3DE-02A0-42BB-819D-DE612057EAD0}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{4D62C26A-577D-48DF-911E-875B23BEEC08}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{0142043F-C34D-4D3B-82C4-B391AE559ED3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3FA91410-F9D9-4D6F-921C-3BB19AAD7238}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{AF7DFCFE-75FB-44BD-B1D4-F0FAE4667ED3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{09872905-2C02-4E9D-82C6-BE029B6945D1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{D5BC6287-A624-4021-9597-9309208B3A7A}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [UDP Query User{0FBBA03A-7879-43AD-89EA-31FD69F0C92C}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [{985D6B4A-E48A-4090-A6D4-0C84E6E1778F}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{5B169877-9693-41F5-B483-365F08E6EC34}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{4F3B02CA-5786-41DD-A4E4-C83869F52811}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{2A2C1A18-DE31-4420-8321-E3594246C87E}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{EE30F367-D4CD-403E-9444-79CEC2EDABC6}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{EF2F3153-4898-4468-9463-1AD10236B840}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{9FC13627-0293-4C06-AF94-282A20E9D6EF}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{6F46B83B-7F31-423E-B2BD-AD0545F58800}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{E76D7AFB-DD64-47F3-8BD0-F3FA3D8936F1}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{7E331774-FF32-43B6-B656-E793F9FB046A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{C40B3A36-1E8B-49E3-BA13-8E2D37758450}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe
FirewallRules: [UDP Query User{C82EDE32-E4B0-4EA1-AA81-BC424C62D9D9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe
FirewallRules: [TCP Query User{BFE17FE5-E106-49A7-BE1F-614B0094DB9A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe
FirewallRules: [UDP Query User{C697BCC2-283E-4EEE-8304-65B8E66EB70E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe
FirewallRules: [TCP Query User{1598D924-373C-44F6-88D8-5A36DC43A8CD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe
FirewallRules: [UDP Query User{8EFA8B0E-A03A-4683-80BB-059E8DEFF0A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe
FirewallRules: [TCP Query User{6E1F41CD-C858-4574-9BAB-8B34806FB6FA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Block) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{62819AF9-8DE5-4A3A-B6B9-2A88C747BD4D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Block) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [{FEE29E7E-33FE-4F87-B478-7B4FC134DBA6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3A064AE6-B02F-4744-8A15-346FCB39C625}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0649A021-B80E-486D-8484-356A5ACEE231}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2E3F37E4-6772-4AFD-A50E-F66AA0D18329}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BE48AFD-A9B8-4C76-BB8C-C2040B59E52E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{83E45A3B-4618-4471-8DD9-4FE3F02EFCBA}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{1F5A66DD-0E23-409A-8D73-ED71C509400F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{F8551350-2CE6-41E5-8927-088744B21BAE}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{691D4C52-DED3-4324-9559-80AE1B86D0CD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5C771222-982D-46BC-8746-F0361E558D73}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{CC835813-0ACE-4AA8-92D7-CE355FC18291}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [UDP Query User{F0B53DA7-797F-4BDD-A95C-719C3F224DFE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [TCP Query User{D543BD2A-7BC1-45C0-885C-02394748E28D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [UDP Query User{A4C3DEA5-2DAF-45CB-9188-8DC3DAA2A7CA}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [{EFE5662E-6C6C-4EA5-BB8E-D1DE246DA238}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{02A2B980-25A8-4C46-9891-0A0FFAC0D33F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{D81E5DC6-2EF2-4E10-AC62-FEF536C80EEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{992A82F6-1422-4F9E-88C8-35C7BA5553C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{0E7D40EB-DD32-4517-A1BD-624D1354E0DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{5809D001-F223-44E3-9996-F9EA93CEECF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{ABFA6B19-D2F8-4E59-B197-E76CC976D8EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BA4B418F-12ED-47DD-B0F6-36DA08D15B83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [TCP Query User{AED9AC2B-190E-41D4-8141-571604E6B6F8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A77D7845-ECBD-4275-9E38-DE559E4609C3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{A8B50E97-AFDE-482E-B890-4E835D0F60BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{5D4AD138-A59F-4A01-963D-97DC4D0147F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{D01B9D3C-BCEC-4203-A8C8-90E9E4D9DBEF}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{7682C15C-A244-4DA7-843F-9622D4DFDE8F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{7FDD4A89-6135-4E8F-971E-7FFD3AA25C90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{DE89A318-6223-475A-9E73-E642D95A5AC2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{665BF0B5-5A41-4BB6-B9BB-303590D7A1AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{84BF8876-763E-4475-BC80-EEE1C0AAD8EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{45AA8408-622B-493E-8AEB-67AA28A4C76B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{796E636B-036C-4B3A-8262-7C5C6799E9F4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B99D2F41-0345-4335-9F2F-8165A7808F42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{9D68F217-34D6-40EE-BF9E-D30816F3BA9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{A98F2B82-D17F-4FE9-8B7C-38A1465E1535}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{7F11615B-5DE4-4278-A66E-F1D121139766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{03F40A1F-7F71-486E-8BA5-87E3EED1CB8B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{2F3ADA77-09D6-4490-BB3F-18CB819D74C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [TCP Query User{25ECF9F7-ACE4-4F5E-B050-124D23972D76}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{1EBA0A58-1178-4220-AA24-920C6839F205}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{5C32EA7D-142E-461F-9657-6FF7D5265A03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{82C8DD58-36C7-4619-862B-E4005C7E4DE5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{ACD5102C-CFCF-440C-96EE-A6BE892D3019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{214E9167-B2F7-40FB-920F-16FA25F5714F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{A6FDDF21-72AB-4C32-A300-6CEE0BF883E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{832862AB-ED95-4654-AB9E-A64A63957EC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{27855FDA-4CE9-408D-9C7A-53ACDE1AA98F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{E6C29570-30A0-4152-9BEF-2797973922C2}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{3B2D22F8-274A-4B6A-B540-1D371668C33F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{210A7521-2C94-48E9-AEC7-EA472A092916}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{A83FD6A3-2B24-44CB-87E9-BC1E9F363F2C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{35B7C27F-2685-492B-99A4-43DC0EF9EA38}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{744B5B38-A419-47C5-992F-14D01565445D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{10320915-6220-47B0-87C2-EC19F2CBA515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{992B6235-FB4D-4AD9-BDD2-B9F5CA1F6F7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{49C3FABF-7EA3-4BE9-9ACD-B93000DEC10A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8BDD60EE-B641-4013-A832-83F9A3D8B81B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50E7B947-6D71-48CC-8B55-D3D575D1AB6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{8DE6B0EF-510B-4A72-AB4F-D32EAC9AF797}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0A7C0349-33D1-46FD-8E08-80E9ADF06C72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{43D1BF1F-C663-46F6-9A9B-FB05F8CADA88}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{5B46F75C-3281-4DD5-846E-7060E98E0382}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F901175D-B471-4FCC-BE47-61DC88B63F44}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6DA19D94-596E-46E4-8483-972F831A22AA}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C82003C6-B7FA-42EB-B1F5-4214AE519100}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{3185D875-BB95-49F9-A353-515D42F4CC2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{CBA70A56-58E5-4F98-B87A-1CD0A679FC28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{63D90DBE-07DF-403E-9117-BC335AE4030E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{ADA8890D-3B8F-4EFD-AD20-FDACA56A5A12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{6341D2B2-B1C0-48BD-B1B9-74681D1A7F88}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{C9292A73-B41A-473E-8268-EB3F3644F4B7}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{24745E3C-17A3-4C9B-9F48-1D438C83A1B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{005C31A6-CE29-49DF-81A6-77260E578969}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C48A2D06-7765-4625-B6BB-D0EA29CC5AAA}] => (Allow) C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9456F242-C1C6-4E49-9A01-992F2901B1BA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A515536-76A7-4C1A-9FB8-DFE75462BE68}] => (Allow) LPort=2869
FirewallRules: [{21EB9138-90F1-4CDD-8521-913682484D5F}] => (Allow) LPort=1900
FirewallRules: [{51B4DFC4-ED14-4C7A-AA44-521AC6B859DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9D60761B-64EE-404F-A577-2B2B8C590A30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{E3918115-F7DF-4661-83B4-27FBF8E3858B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{CCB7ABF1-EE97-4EFF-8C48-B210D4B713D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{F0CCBBC9-7A7B-4505-8CF0-B17C8761706F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{939F4C18-A44F-4501-A39E-138C38E5F904}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [UDP Query User{2F159042-8021-4DC3-8316-1DF006C249CC}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [{5281281E-A74F-4244-A64C-08BE7DBF1C4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{D69EEB9F-6D2E-466B-91B9-B03D53E67D24}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{2ABDF972-A1F0-4A6D-97EF-A81868A90204}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{FCD0C1C0-A7C5-4494-84A0-A7DFBA8C4E28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [TCP Query User{F5EF0B96-2CA2-430A-8345-1A78F402F64E}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Block) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [UDP Query User{9BFF6EAA-2234-495A-B157-428413C8C32F}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Block) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [{5AEE81CF-8FB5-46B2-A939-5C25F9EAF5F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0237D7A3-A60C-4ED8-B8F0-453903FD906E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [TCP Query User{24785CB0-3E80-4C7D-9140-6EEB462F6E03}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [UDP Query User{A628BAB9-8A7D-4CE8-AAC7-CBADB55B2074}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [{2785F07F-AF9F-4EE1-B3AD-3815D3A0AD91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{2ABD5CB5-2195-4285-BFA9-BAA05C991D54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{652EA7E3-20E2-4121-B97D-7F4C904CDC68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{3C7D974E-77C7-4D5E-B4B5-E057E965F189}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{CC0D09B6-0E58-44C8-89A4-72B1614639B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0ED3656D-18D2-4275-9D14-E36794408130}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{35A2945A-9778-48B8-81D5-83A89080F7A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{2B0A9B97-5CD0-48E7-9AC1-9F088784B749}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{91179D51-86AC-432A-B893-5C61A7191B04}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{EC3C79E8-BD1D-4664-9693-A10CA89510A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2FD9F3E9-FA29-46AB-98BB-838269B393B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{5C1F66BA-EF75-414E-9703-6CFB822D5E19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{F4CF2AA8-C1FB-43BD-8E3C-F628EC9848D6}C:\program files (x86)\origin games\Battlefield 3\bf3.exe] => (Block) C:\program files (x86)\origin games\Battlefield 3\bf3.exe
FirewallRules: [UDP Query User{1FA6AF6F-22E9-412F-AF9F-0E90532A3F11}C:\program files (x86)\origin games\Battlefield 3\bf3.exe] => (Block) C:\program files (x86)\origin games\Battlefield 3\bf3.exe
FirewallRules: [{C0053034-8732-46BD-B598-7BDBDF402D7B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{F6429930-B0DF-40A4-BD85-5AC8A4807491}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{0B2F13D8-497E-4A5B-9C07-C8ECE35BE184}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{088F6F28-D1CC-4887-B6CA-5470313EBB51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DB1435A-D5F6-45B6-B55C-81AE2FF78F30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{CED9057A-E160-4F4D-85B2-EB55E5A3C06E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C7AFBA09-366F-4AA4-9A6B-E023D42EC016}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5E487EF2-BC82-4A16-9E43-C60DCC298A33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{93D78F6A-C728-4610-9F4F-295F64291093}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A593D4E2-F255-426D-97BB-F81CB44FC1A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{0347FFA8-5618-4CBE-B5EE-1CEE605FA411}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\programdata\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{18409CEE-C488-48C2-BC5F-F22247B8D0A5}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\programdata\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{D0FB92BD-3C90-437C-9830-61C4BFA884D1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{53AF8A59-E842-44AE-952B-F17CC09E9211}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2015 06:45:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x06d377e2
Faulting process id: 0xa8c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Error: (11/11/2015 06:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x06dee510
Faulting process id: 0xa8c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Error: (11/08/2015 07:03:56 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (11/02/2015 06:22:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Exception code: 0xc0000417
Fault offset: 0x0001280a
Faulting process id: 0x38c
Faulting application start time: 0xTrueSuiteService.exe0
Faulting application path: TrueSuiteService.exe1
Faulting module path: TrueSuiteService.exe2
Report Id: TrueSuiteService.exe3
Error: (11/01/2015 07:04:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/26/2015 09:12:36 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (10/25/2015 06:03:53 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/18/2015 06:04:09 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/11/2015 06:04:05 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/09/2015 05:52:12 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (11/03/2015 10:18:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/02/2015 06:24:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/30/2015 03:54:11 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video5Graphics Exception: ESR 0x408030=0x80000003
Error: (10/30/2015 03:54:11 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video5Graphics Exception: Const out of Bound
Error: (10/29/2015 06:20:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/28/2015 04:57:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:34:06 PM on 10/28/2015 was unexpected.
Error: (10/16/2015 06:31:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/09/2015 05:52:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/09/2015 05:52:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (10/08/2015 06:03:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 34%
Total physical RAM: 8174.53 MB
Available physical RAM: 5350.81 MB
Total Virtual: 16347.27 MB
Available Virtual: 13175.96 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1385.04 GB) (Free:1088.97 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.13 GB) (Free:1.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Michael) (CDROM) (Total:0.52 GB) (Free:0.34 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: CCB2EEF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1385 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-15 15:36:02
-----------------------------
15:36:03.000 OS Version: Windows x64 6.1.7601 Service Pack 1
15:36:03.000 Number of processors: 4 586 0x2A07
15:36:03.000 ComputerName: DAD-LIVINGROOM UserName: Dad
15:36:05.803 Initialize success
15:36:05.812 VM: initialized successfully
15:36:05.813 VM: Intel CPU BiosDisabled
15:36:08.302 AVAST engine defs: 15111501
15:37:23.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:37:23.948 Disk 0 Vendor: Hitachi_ MN5O Size: 1430799MB BusType: 3
15:37:24.119 Disk 0 MBR read successfully
15:37:24.121 Disk 0 MBR scan
15:37:24.123 Disk 0 Windows 7 default MBR code
15:37:24.134 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:37:24.137 Disk 0 default boot code
15:37:24.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418279 MB offset 206848
15:37:24.167 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12418 MB offset 2904842240
15:37:24.198 Disk 0 scanning C:\Windows\system32\drivers
15:37:31.807 Service scanning
15:37:45.350 Modules scanning
15:37:45.355 Disk 0 trace - called modules:
15:37:45.367 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:37:45.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d85060]
15:37:45.372 3 CLASSPNP.SYS[fffff88000db843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800788e050]
15:37:47.447 AVAST engine scan C:\Windows
15:37:50.461 AVAST engine scan C:\Windows\system32
15:39:41.952 AVAST engine scan C:\Windows\system32\drivers
15:39:55.679 AVAST engine scan C:\Users\Dad
16:09:11.293 AVAST engine scan C:\ProgramData
16:26:29.388 Disk 0 statistics 5924591/0/0 @ 1.06 MB/s
16:26:29.392 Scan finished successfully
16:28:23.485 Disk 0 MBR has been saved successfully to "C:\Users\Dad\Desktop\MBR.dat"
16:28:23.488 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"
Thank You
Ed
				
			Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Dad (administrator) on DAD-LIVINGROOM (15-11-2015 15:30:33)
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available Profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(CANON INC.) C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: E - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: {112c421c-0450-11e2-b36a-386077b09626} - K:\setup.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2013-12-28]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-28]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2014-12-01]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2014-11-23]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1449296314-4276338034-3963218778-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1449296314-4276338034-3963218778-1001] => localhost:21320
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaie
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10151__150609__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-01] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1449296314-4276338034-3963218778-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Extension: RivalGaming - C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-06] [not signed]
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-11-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-04] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-04] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-07] ()
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [88160 2013-09-25] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [112224 2013-09-25] (MCCI Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 15:30 - 2015-11-15 15:30 - 00023089 _____ C:\Users\Dad\Downloads\FRST.txt
2015-11-15 15:27 - 2015-11-15 15:30 - 00000000 ____D C:\FRST
2015-11-15 15:27 - 2015-11-15 15:27 - 02198528 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-11-15 15:24 - 2015-11-15 15:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAD-LIVINGROOM-Windows-7-Home-Premium-(64-bit).dat
2015-11-15 15:24 - 2015-11-15 15:24 - 00000000 ____D C:\RegBackup
2015-11-15 15:23 - 2015-11-15 15:23 - 00002201 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-15 15:22 - 2015-11-15 15:23 - 04777232 _____ (Tweaking.com) C:\Users\Dad\Downloads\tweaking.com_registry_backup_setup.exe
2015-11-01 19:38 - 2015-11-02 06:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 14:32 - 2012-04-24 16:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 13:27 - 2011-12-27 17:01 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9648DF75-F85D-45CD-8321-49C580AAD138}
2015-11-15 10:51 - 2011-12-27 16:57 - 01665506 _____ C:\Windows\WindowsUpdate.log
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:31 - 2009-07-13 20:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 10:26 - 2011-12-27 16:56 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\AuthenTec
2015-11-15 10:26 - 2011-12-07 23:34 - 00000000 ____D C:\ProgramData\PDFC
2015-11-15 10:24 - 2015-02-28 09:59 - 00083499 _____ C:\Windows\setupact.log
2015-11-15 10:24 - 2014-07-29 21:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-15 10:24 - 2012-04-24 16:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 10:24 - 2009-07-13 20:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 00:25 - 2011-12-07 23:38 - 00000000 ____D C:\ProgramData\truesuite
2015-11-12 18:54 - 2011-12-28 10:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-11 06:45 - 2011-12-27 20:57 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2015-11-06 06:51 - 2011-12-27 17:27 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 06:51 - 2011-12-27 17:27 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Users\Dad\AppData\Local\Battle.net
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-02 06:22 - 2012-08-25 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 06:22 - 2010-11-20 18:47 - 01279756 _____ C:\Windows\PFRO.log
2015-11-01 09:14 - 2012-04-06 05:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-01 09:14 - 2011-12-07 23:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 11:20 - 2012-07-20 06:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-31 09:40 - 2014-12-25 11:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-24 08:00 - 2009-07-13 20:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2011-12-07 23:37 - 2011-06-09 14:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2012-09-18 17:55 - 2012-09-18 17:55 - 0041472 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2012-10-30 19:29 - 2012-10-30 19:29 - 0033134 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\pn59C2.exe
C:\Users\Dad\AppData\Local\Temp\rootsupd.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 07:01
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Dad (administrator) on DAD-LIVINGROOM (15-11-2015 15:30:33)
Running from C:\Users\Dad\Downloads
Loaded Profiles: Dad (Available Profiles: Dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(CANON INC.) C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: E - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\MountPoints2: {112c421c-0450-11e2-b36a-386077b09626} - K:\setup.exe -a
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2013-12-28]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-12-28]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2014-12-01]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2014-11-23]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1449296314-4276338034-3963218778-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1449296314-4276338034-3963218778-1001] => localhost:21320
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [341504 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422912 2015-06-08] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{F1F1C2D9-BBA7-465A-965F-D7F562F92E65}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaie
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {6028813B-6B42-47C6-BCF7-86E4BA2038FF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10151__150609__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10151__150609__yaff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-01] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-29] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1449296314-4276338034-3963218778-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Extension: RivalGaming - C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-06] [not signed]
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\7tu1rc3v.default-1388580420460\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-11-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-04] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-04] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-07] ()
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [88160 2013-09-25] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [112224 2013-09-25] (MCCI Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 15:30 - 2015-11-15 15:30 - 00023089 _____ C:\Users\Dad\Downloads\FRST.txt
2015-11-15 15:27 - 2015-11-15 15:30 - 00000000 ____D C:\FRST
2015-11-15 15:27 - 2015-11-15 15:27 - 02198528 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-11-15 15:24 - 2015-11-15 15:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAD-LIVINGROOM-Windows-7-Home-Premium-(64-bit).dat
2015-11-15 15:24 - 2015-11-15 15:24 - 00000000 ____D C:\RegBackup
2015-11-15 15:23 - 2015-11-15 15:23 - 00002201 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-15 15:23 - 2015-11-15 15:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-15 15:22 - 2015-11-15 15:23 - 04777232 _____ (Tweaking.com) C:\Users\Dad\Downloads\tweaking.com_registry_backup_setup.exe
2015-11-01 19:38 - 2015-11-02 06:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 14:32 - 2012-04-24 16:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 13:27 - 2011-12-27 17:01 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9648DF75-F85D-45CD-8321-49C580AAD138}
2015-11-15 10:51 - 2011-12-27 16:57 - 01665506 _____ C:\Windows\WindowsUpdate.log
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:34 - 2009-07-13 19:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:31 - 2009-07-13 20:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 10:26 - 2011-12-27 16:56 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\AuthenTec
2015-11-15 10:26 - 2011-12-07 23:34 - 00000000 ____D C:\ProgramData\PDFC
2015-11-15 10:24 - 2015-02-28 09:59 - 00083499 _____ C:\Windows\setupact.log
2015-11-15 10:24 - 2014-07-29 21:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-15 10:24 - 2012-04-24 16:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 10:24 - 2009-07-13 20:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 00:25 - 2011-12-07 23:38 - 00000000 ____D C:\ProgramData\truesuite
2015-11-12 18:54 - 2011-12-28 10:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-11 06:45 - 2011-12-27 20:57 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2015-11-06 06:51 - 2011-12-27 17:27 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 06:51 - 2011-12-27 17:27 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Users\Dad\AppData\Local\Battle.net
2015-11-02 15:23 - 2014-04-10 20:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-02 06:22 - 2012-08-25 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 06:22 - 2010-11-20 18:47 - 01279756 _____ C:\Windows\PFRO.log
2015-11-01 09:14 - 2012-04-06 05:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-01 09:14 - 2011-12-07 23:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 11:20 - 2012-07-20 06:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-31 09:40 - 2014-12-25 11:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-24 08:00 - 2009-07-13 20:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2011-12-07 23:37 - 2011-06-09 14:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2012-09-18 17:55 - 2012-09-18 17:55 - 0041472 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2012-10-30 19:29 - 2012-10-30 19:29 - 0033134 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\pn59C2.exe
C:\Users\Dad\AppData\Local\Temp\rootsupd.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 07:01
==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Dad (2015-11-15 15:31:06)
Running from C:\Users\Dad\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-28 01:56:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1449296314-4276338034-3963218778-500 - Administrator - Disabled)
Dad (S-1-5-21-1449296314-4276338034-3963218778-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-1449296314-4276338034-3963218778-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1449296314-4276338034-3963218778-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.4.2233 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Fusion (HKLM-x32\...\{B9932399-5955-45B5-A792-25FAAAA1EA70}) (Version: 2.1.60 - Powerteq)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{34681D92-5958-406A-A654-1B57E7A7B3DC}) (Version: 6.0.4.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft OneDrive (HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 97 (HKLM-x32\...\Word8.0) (Version: - )
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nancy Drew - Phantom of Venice and Haunting of Castle Malloy (HKLM-x32\...\{562B97B1-D6BA-4BE9-B9C2-CD6DB2CA8CB7}) (Version: 1.00.0000 - Encore Software, Inc.)
Nancy Drew: Ghost of Thornton Hall (HKLM-x32\...\{93C2CDF6-6072-4EF7-8F19-B601E92C9795}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Galaxies (HKLM-x32\...\{88038160-9BCB-47BE-A5C3-5CE2DC115509}) (Version: 1.00.000 - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
SWGEmu Launchpad (HKLM-x32\...\{FF4299B5-F09F-4197-8648-D41C11D6F7CC}) (Version: 0.23 - SWGEmu)
The Lord of the Rings Online (HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\lotro_highres_en_full) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VIP Access SDK (1.0.1.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-10-2015 21:13:08 avast! antivirus system restore point
04-10-2015 21:25:54 Windows Backup
11-10-2015 18:00:07 Windows Backup
18-10-2015 18:00:09 Windows Backup
25-10-2015 18:00:06 Windows Backup
01-11-2015 19:00:07 Windows Backup
08-11-2015 19:00:06 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 17:34 - 2015-10-26 19:28 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15464 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00D0D66C-D49A-4F51-A3A7-6B0BD547B936} - System32\Tasks\{8DC0EFAA-0058-417C-8BC3-9366671308EC} => E:\GWORKSHP.EXE
Task: {1553B0EF-0137-466E-8522-EB1F66B7FDA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {22C79E18-43D8-4185-8BF3-52E40579C37B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {27055E0F-C005-49BF-B4BC-50D1B15F9EEE} - System32\Tasks\{6C288525-2D61-47F3-8194-7910C7F78032} => E:\GWORKSHP.EXE
Task: {317A9660-A3AC-4309-B7E8-E1F30904B557} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {32D1A532-884D-4B0E-9FC0-76DB95B712AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-08] (Hewlett-Packard)
Task: {336EC73C-0CE3-4656-A157-C3E93A82BC63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {34E6B623-5D05-472C-91EB-F4937FF7C02D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-04] (AVAST Software)
Task: {468FCFCD-630E-4EC5-A040-8D5CA413D85C} - System32\Tasks\{D2A529A5-759A-48CA-9FFF-8E5677111302} => E:\GWORKSHP.EXE
Task: {5DC13449-2E99-4E41-93DD-B3C343547150} - System32\Tasks\{263082CD-D6A6-4F7F-A36C-527BDE7CCE25} => pcalua.exe -a "C:\Program Files (x86)\Origin Games\Punkbuster\pbsetup.exe" -d "C:\Program Files (x86)\Origin Games\Punkbuster"
Task: {6987D574-5D9C-45EC-AF3A-17E3668E1AA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {74B630CD-A3B3-4966-918D-6E92B79905D7} - System32\Tasks\{4A4D3215-6A36-460A-9E0C-9A29EB66B387} => E:\GWORKSHP.EXE
Task: {7650C53C-A9C6-4197-9F4D-E84A7DBE007C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-09] (Hewlett-Packard Company)
Task: {794E8662-837F-4E2D-AA7A-E6ABF03E0F95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-09] (Hewlett-Packard Company)
Task: {7DA8971F-356E-48AF-A4CA-1FAC1E4884D0} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink)
Task: {800123FC-B138-4AFE-A208-50623F297AE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-09] (Hewlett-Packard Company)
Task: {8404A5BB-4C76-401C-93B6-809577C2B323} - System32\Tasks\{8B36AAB4-2568-447A-9FA4-17443664582D} => E:\GWORKSHP.EXE
Task: {89A78DF2-1309-449F-8A7F-D0B35127EFE1} - System32\Tasks\{E0FB7028-E34F-4411-A329-9310C111CBFC} => E:\GWORKSHP.EXE
Task: {A5790F77-8E75-4748-9F62-EF89DA9A4FC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AB70017F-A772-4819-891D-D65FE7737E8D} - System32\Tasks\{75C03272-D418-4CEA-A80C-23869DF98049} => E:\GWORKSHP.EXE
Task: {AC91336B-4D42-41BB-BEE0-F981323C3225} - System32\Tasks\{8FF7C9D0-E193-4347-B18F-61EF6D905593} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office\Setup\Acme.exe" -c /w Off97Pro.STF
Task: {B25E19D6-B722-4DE1-A200-D1A7EC3A48BC} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {B5DF8CF6-946C-4372-B79C-63DFBC90BE44} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C2C19EE1-6FB2-42C1-8C41-7971D47DBE2D} - System32\Tasks\{BF0DFC2E-FCD9-4D0A-83C9-AB1D5195A918} => pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {CC64470B-0EC9-48E6-98DF-E576FC0C6ACA} - System32\Tasks\{7A27D088-254B-4544-9327-440D5F3CC860} => E:\GWORKSHP.EXE
Task: {D463B262-AE42-4C6A-967A-6E6C3EB7304C} - System32\Tasks\{2DE03A8F-D96C-46F6-8164-31462EA87ADE} => E:\GWORKSHP.EXE
Task: {DCF645CF-2272-49AB-9EF3-0AB8563D782B} - System32\Tasks\{923130EB-B09C-460E-8CD0-46371F45CC9E} => E:\GWORKSHP.EXE
Task: {E9E05994-B455-4394-9A43-5DBD25359D86} - System32\Tasks\{6DF4B7F8-14D3-42B6-A98F-9D5EA783EE7D} => E:\GWORKSHP.EXE
Task: {FFC0B296-62E3-4C60-A3EB-7C69E61C4F0F} - System32\Tasks\{318F5D0B-58B9-499B-AA5F-F24B5D88BF8F} => E:\GWORKSHP.EXE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-07-29 21:53 - 2014-07-02 09:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-01 15:30 - 2014-07-01 12:09 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-28 14:44 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
1997-08-19 00:00 - 1997-08-19 00:00 - 00111376 _____ () C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
1997-08-19 00:00 - 1997-08-19 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2015-10-04 21:13 - 2015-10-04 21:13 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-04 21:13 - 2015-10-04 21:13 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-14 09:34 - 2015-11-14 09:34 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111401\algo.dll
2015-11-15 10:26 - 2015-11-15 10:26 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111501\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-14 05:45 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-14 05:45 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-14 05:45 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-14 05:45 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-14 05:45 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-28 14:44 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
1997-08-19 00:00 - 1997-08-19 00:00 - 03782416 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
2015-10-04 21:14 - 2015-10-04 21:14 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE trusted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1449296314-4276338034-3963218778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.172 - 82.163.142.174
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{BC1087EF-82FF-4DEB-A80E-6DAADDDB25F9}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [UDP Query User{13B0BA86-89C7-4CD8-BC30-BFA5C44DDBCD}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [{DEF5CD98-EC4C-46DD-8183-3C4565AB58A5}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{015F2601-6D84-4CB1-ADB7-6A8F700E985B}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{ABCF9259-BAF1-4B96-8924-D9724887EF11}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe
FirewallRules: [UDP Query User{34B4C332-B9D1-48AC-BD83-E5F04376A3E6}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe
FirewallRules: [{8B924D6D-8509-4FC2-9A57-C05F85092444}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{8A5FA354-B87C-4B70-B7D8-42E5633F5094}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{4BD5D355-7CC2-48CA-BDA9-EE92785A18AA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{67DE378B-7382-4A04-889D-E5EC0722898D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{BDECA3DE-02A0-42BB-819D-DE612057EAD0}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{4D62C26A-577D-48DF-911E-875B23BEEC08}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{0142043F-C34D-4D3B-82C4-B391AE559ED3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3FA91410-F9D9-4D6F-921C-3BB19AAD7238}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{AF7DFCFE-75FB-44BD-B1D4-F0FAE4667ED3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{09872905-2C02-4E9D-82C6-BE029B6945D1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{D5BC6287-A624-4021-9597-9309208B3A7A}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [UDP Query User{0FBBA03A-7879-43AD-89EA-31FD69F0C92C}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [{985D6B4A-E48A-4090-A6D4-0C84E6E1778F}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{5B169877-9693-41F5-B483-365F08E6EC34}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{4F3B02CA-5786-41DD-A4E4-C83869F52811}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{2A2C1A18-DE31-4420-8321-E3594246C87E}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{EE30F367-D4CD-403E-9444-79CEC2EDABC6}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{EF2F3153-4898-4468-9463-1AD10236B840}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{9FC13627-0293-4C06-AF94-282A20E9D6EF}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{6F46B83B-7F31-423E-B2BD-AD0545F58800}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{E76D7AFB-DD64-47F3-8BD0-F3FA3D8936F1}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{7E331774-FF32-43B6-B656-E793F9FB046A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{C40B3A36-1E8B-49E3-BA13-8E2D37758450}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe
FirewallRules: [UDP Query User{C82EDE32-E4B0-4EA1-AA81-BC424C62D9D9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe
FirewallRules: [TCP Query User{BFE17FE5-E106-49A7-BE1F-614B0094DB9A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe
FirewallRules: [UDP Query User{C697BCC2-283E-4EEE-8304-65B8E66EB70E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe
FirewallRules: [TCP Query User{1598D924-373C-44F6-88D8-5A36DC43A8CD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe
FirewallRules: [UDP Query User{8EFA8B0E-A03A-4683-80BB-059E8DEFF0A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe
FirewallRules: [TCP Query User{6E1F41CD-C858-4574-9BAB-8B34806FB6FA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Block) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{62819AF9-8DE5-4A3A-B6B9-2A88C747BD4D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Block) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [{FEE29E7E-33FE-4F87-B478-7B4FC134DBA6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3A064AE6-B02F-4744-8A15-346FCB39C625}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0649A021-B80E-486D-8484-356A5ACEE231}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2E3F37E4-6772-4AFD-A50E-F66AA0D18329}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BE48AFD-A9B8-4C76-BB8C-C2040B59E52E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{83E45A3B-4618-4471-8DD9-4FE3F02EFCBA}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{1F5A66DD-0E23-409A-8D73-ED71C509400F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{F8551350-2CE6-41E5-8927-088744B21BAE}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{691D4C52-DED3-4324-9559-80AE1B86D0CD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5C771222-982D-46BC-8746-F0361E558D73}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{CC835813-0ACE-4AA8-92D7-CE355FC18291}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [UDP Query User{F0B53DA7-797F-4BDD-A95C-719C3F224DFE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [TCP Query User{D543BD2A-7BC1-45C0-885C-02394748E28D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [UDP Query User{A4C3DEA5-2DAF-45CB-9188-8DC3DAA2A7CA}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [{EFE5662E-6C6C-4EA5-BB8E-D1DE246DA238}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{02A2B980-25A8-4C46-9891-0A0FFAC0D33F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{D81E5DC6-2EF2-4E10-AC62-FEF536C80EEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{992A82F6-1422-4F9E-88C8-35C7BA5553C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{0E7D40EB-DD32-4517-A1BD-624D1354E0DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{5809D001-F223-44E3-9996-F9EA93CEECF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{ABFA6B19-D2F8-4E59-B197-E76CC976D8EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BA4B418F-12ED-47DD-B0F6-36DA08D15B83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [TCP Query User{AED9AC2B-190E-41D4-8141-571604E6B6F8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A77D7845-ECBD-4275-9E38-DE559E4609C3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{A8B50E97-AFDE-482E-B890-4E835D0F60BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{5D4AD138-A59F-4A01-963D-97DC4D0147F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{D01B9D3C-BCEC-4203-A8C8-90E9E4D9DBEF}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{7682C15C-A244-4DA7-843F-9622D4DFDE8F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{7FDD4A89-6135-4E8F-971E-7FFD3AA25C90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{DE89A318-6223-475A-9E73-E642D95A5AC2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{665BF0B5-5A41-4BB6-B9BB-303590D7A1AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{84BF8876-763E-4475-BC80-EEE1C0AAD8EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{45AA8408-622B-493E-8AEB-67AA28A4C76B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{796E636B-036C-4B3A-8262-7C5C6799E9F4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B99D2F41-0345-4335-9F2F-8165A7808F42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{9D68F217-34D6-40EE-BF9E-D30816F3BA9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{A98F2B82-D17F-4FE9-8B7C-38A1465E1535}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{7F11615B-5DE4-4278-A66E-F1D121139766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{03F40A1F-7F71-486E-8BA5-87E3EED1CB8B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{2F3ADA77-09D6-4490-BB3F-18CB819D74C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [TCP Query User{25ECF9F7-ACE4-4F5E-B050-124D23972D76}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{1EBA0A58-1178-4220-AA24-920C6839F205}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{5C32EA7D-142E-461F-9657-6FF7D5265A03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{82C8DD58-36C7-4619-862B-E4005C7E4DE5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{ACD5102C-CFCF-440C-96EE-A6BE892D3019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{214E9167-B2F7-40FB-920F-16FA25F5714F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{A6FDDF21-72AB-4C32-A300-6CEE0BF883E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{832862AB-ED95-4654-AB9E-A64A63957EC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{27855FDA-4CE9-408D-9C7A-53ACDE1AA98F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{E6C29570-30A0-4152-9BEF-2797973922C2}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{3B2D22F8-274A-4B6A-B540-1D371668C33F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{210A7521-2C94-48E9-AEC7-EA472A092916}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{A83FD6A3-2B24-44CB-87E9-BC1E9F363F2C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{35B7C27F-2685-492B-99A4-43DC0EF9EA38}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{744B5B38-A419-47C5-992F-14D01565445D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{10320915-6220-47B0-87C2-EC19F2CBA515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{992B6235-FB4D-4AD9-BDD2-B9F5CA1F6F7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{49C3FABF-7EA3-4BE9-9ACD-B93000DEC10A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8BDD60EE-B641-4013-A832-83F9A3D8B81B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50E7B947-6D71-48CC-8B55-D3D575D1AB6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{8DE6B0EF-510B-4A72-AB4F-D32EAC9AF797}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0A7C0349-33D1-46FD-8E08-80E9ADF06C72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{43D1BF1F-C663-46F6-9A9B-FB05F8CADA88}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{5B46F75C-3281-4DD5-846E-7060E98E0382}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F901175D-B471-4FCC-BE47-61DC88B63F44}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6DA19D94-596E-46E4-8483-972F831A22AA}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C82003C6-B7FA-42EB-B1F5-4214AE519100}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{3185D875-BB95-49F9-A353-515D42F4CC2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{CBA70A56-58E5-4F98-B87A-1CD0A679FC28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{63D90DBE-07DF-403E-9117-BC335AE4030E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{ADA8890D-3B8F-4EFD-AD20-FDACA56A5A12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{6341D2B2-B1C0-48BD-B1B9-74681D1A7F88}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{C9292A73-B41A-473E-8268-EB3F3644F4B7}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{24745E3C-17A3-4C9B-9F48-1D438C83A1B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{005C31A6-CE29-49DF-81A6-77260E578969}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C48A2D06-7765-4625-B6BB-D0EA29CC5AAA}] => (Allow) C:\Users\Dad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9456F242-C1C6-4E49-9A01-992F2901B1BA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A515536-76A7-4C1A-9FB8-DFE75462BE68}] => (Allow) LPort=2869
FirewallRules: [{21EB9138-90F1-4CDD-8521-913682484D5F}] => (Allow) LPort=1900
FirewallRules: [{51B4DFC4-ED14-4C7A-AA44-521AC6B859DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9D60761B-64EE-404F-A577-2B2B8C590A30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{E3918115-F7DF-4661-83B4-27FBF8E3858B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{CCB7ABF1-EE97-4EFF-8C48-B210D4B713D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{F0CCBBC9-7A7B-4505-8CF0-B17C8761706F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{939F4C18-A44F-4501-A39E-138C38E5F904}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [UDP Query User{2F159042-8021-4DC3-8316-1DF006C249CC}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [{5281281E-A74F-4244-A64C-08BE7DBF1C4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{D69EEB9F-6D2E-466B-91B9-B03D53E67D24}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{2ABDF972-A1F0-4A6D-97EF-A81868A90204}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{FCD0C1C0-A7C5-4494-84A0-A7DFBA8C4E28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [TCP Query User{F5EF0B96-2CA2-430A-8345-1A78F402F64E}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Block) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [UDP Query User{9BFF6EAA-2234-495A-B157-428413C8C32F}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Block) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [{5AEE81CF-8FB5-46B2-A939-5C25F9EAF5F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0237D7A3-A60C-4ED8-B8F0-453903FD906E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [TCP Query User{24785CB0-3E80-4C7D-9140-6EEB462F6E03}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [UDP Query User{A628BAB9-8A7D-4CE8-AAC7-CBADB55B2074}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [{2785F07F-AF9F-4EE1-B3AD-3815D3A0AD91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{2ABD5CB5-2195-4285-BFA9-BAA05C991D54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{652EA7E3-20E2-4121-B97D-7F4C904CDC68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{3C7D974E-77C7-4D5E-B4B5-E057E965F189}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{CC0D09B6-0E58-44C8-89A4-72B1614639B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0ED3656D-18D2-4275-9D14-E36794408130}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{35A2945A-9778-48B8-81D5-83A89080F7A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{2B0A9B97-5CD0-48E7-9AC1-9F088784B749}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{91179D51-86AC-432A-B893-5C61A7191B04}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{EC3C79E8-BD1D-4664-9693-A10CA89510A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2FD9F3E9-FA29-46AB-98BB-838269B393B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{5C1F66BA-EF75-414E-9703-6CFB822D5E19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{F4CF2AA8-C1FB-43BD-8E3C-F628EC9848D6}C:\program files (x86)\origin games\Battlefield 3\bf3.exe] => (Block) C:\program files (x86)\origin games\Battlefield 3\bf3.exe
FirewallRules: [UDP Query User{1FA6AF6F-22E9-412F-AF9F-0E90532A3F11}C:\program files (x86)\origin games\Battlefield 3\bf3.exe] => (Block) C:\program files (x86)\origin games\Battlefield 3\bf3.exe
FirewallRules: [{C0053034-8732-46BD-B598-7BDBDF402D7B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{F6429930-B0DF-40A4-BD85-5AC8A4807491}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{0B2F13D8-497E-4A5B-9C07-C8ECE35BE184}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{088F6F28-D1CC-4887-B6CA-5470313EBB51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DB1435A-D5F6-45B6-B55C-81AE2FF78F30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{CED9057A-E160-4F4D-85B2-EB55E5A3C06E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C7AFBA09-366F-4AA4-9A6B-E023D42EC016}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5E487EF2-BC82-4A16-9E43-C60DCC298A33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{93D78F6A-C728-4610-9F4F-295F64291093}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A593D4E2-F255-426D-97BB-F81CB44FC1A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{0347FFA8-5618-4CBE-B5EE-1CEE605FA411}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\programdata\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{18409CEE-C488-48C2-BC5F-F22247B8D0A5}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\programdata\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{D0FB92BD-3C90-437C-9830-61C4BFA884D1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{53AF8A59-E842-44AE-952B-F17CC09E9211}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2015 06:45:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x06d377e2
Faulting process id: 0xa8c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Error: (11/11/2015 06:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x06dee510
Faulting process id: 0xa8c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Error: (11/08/2015 07:03:56 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (11/02/2015 06:22:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Exception code: 0xc0000417
Fault offset: 0x0001280a
Faulting process id: 0x38c
Faulting application start time: 0xTrueSuiteService.exe0
Faulting application path: TrueSuiteService.exe1
Faulting module path: TrueSuiteService.exe2
Report Id: TrueSuiteService.exe3
Error: (11/01/2015 07:04:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/26/2015 09:12:36 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (10/25/2015 06:03:53 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/18/2015 06:04:09 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/11/2015 06:04:05 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
Error: (10/09/2015 05:52:12 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (11/03/2015 10:18:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/02/2015 06:24:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/30/2015 03:54:11 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video5Graphics Exception: ESR 0x408030=0x80000003
Error: (10/30/2015 03:54:11 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video5Graphics Exception: Const out of Bound
Error: (10/29/2015 06:20:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/28/2015 04:57:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:34:06 PM on 10/28/2015 was unexpected.
Error: (10/16/2015 06:31:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/09/2015 05:52:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/09/2015 05:52:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (10/08/2015 06:03:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 34%
Total physical RAM: 8174.53 MB
Available physical RAM: 5350.81 MB
Total Virtual: 16347.27 MB
Available Virtual: 13175.96 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1385.04 GB) (Free:1088.97 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.13 GB) (Free:1.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Michael) (CDROM) (Total:0.52 GB) (Free:0.34 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: CCB2EEF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1385 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-15 15:36:02
-----------------------------
15:36:03.000 OS Version: Windows x64 6.1.7601 Service Pack 1
15:36:03.000 Number of processors: 4 586 0x2A07
15:36:03.000 ComputerName: DAD-LIVINGROOM UserName: Dad
15:36:05.803 Initialize success
15:36:05.812 VM: initialized successfully
15:36:05.813 VM: Intel CPU BiosDisabled
15:36:08.302 AVAST engine defs: 15111501
15:37:23.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:37:23.948 Disk 0 Vendor: Hitachi_ MN5O Size: 1430799MB BusType: 3
15:37:24.119 Disk 0 MBR read successfully
15:37:24.121 Disk 0 MBR scan
15:37:24.123 Disk 0 Windows 7 default MBR code
15:37:24.134 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:37:24.137 Disk 0 default boot code
15:37:24.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418279 MB offset 206848
15:37:24.167 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12418 MB offset 2904842240
15:37:24.198 Disk 0 scanning C:\Windows\system32\drivers
15:37:31.807 Service scanning
15:37:45.350 Modules scanning
15:37:45.355 Disk 0 trace - called modules:
15:37:45.367 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:37:45.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d85060]
15:37:45.372 3 CLASSPNP.SYS[fffff88000db843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800788e050]
15:37:47.447 AVAST engine scan C:\Windows
15:37:50.461 AVAST engine scan C:\Windows\system32
15:39:41.952 AVAST engine scan C:\Windows\system32\drivers
15:39:55.679 AVAST engine scan C:\Users\Dad
16:09:11.293 AVAST engine scan C:\ProgramData
16:26:29.388 Disk 0 statistics 5924591/0/0 @ 1.06 MB/s
16:26:29.392 Scan finished successfully
16:28:23.485 Disk 0 MBR has been saved successfully to "C:\Users\Dad\Desktop\MBR.dat"
16:28:23.488 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"
Thank You
Ed
			
				Last edited by a moderator: 
			
		
	
								
								
									
	
								
							
							 
	 
 
		 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	
 
	 
	 
	
