Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNSUnlocker injected ads


  • Please log in to reply
13 replies to this topic

#1 bhelm22

bhelm22

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 20 August 2015 - 11:04 AM

ADWcleaner, Mbam, RogueKiller all report as clean but both Chrome and IE have injected ads and other popup pages from DNSUnlocker. Checked proxy settings etc.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Brandon (administrator) on BRANDON-NB (20-08-2015 10:55:21)
Running from C:\Users\brandon.HELMUTHREPAIR\Desktop
Loaded Profiles: Brandon &  (Available Profiles: HRADMSER & Brandon & Brandon)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1317184 2014-07-16] (FileOpen Systems Inc.)
HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [648984 2014-08-20] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [414208 2015-07-07] (Code 42 Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-06-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Akamai NetSession Interface] => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Amazon Music] => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [GoogleChromeAutoLaunch_EC2C97654CB2141846B5084D2C9D83A5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Spotify Web Helper] => C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-08-03] (Spotify Ltd)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_EC2C97654CB2141846B5084D2C9D83A5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-08-03] (Spotify Ltd)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-06-14] (Google Inc.)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [chromium] => C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-08-03] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2012-06-18]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Scheduler.lnk [2012-06-18]
ShortcutTarget: Macro Scheduler.lnk -> C:\Program Files (x86)\Macro Scheduler 12\msched.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014-03-26]
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Messenger.lnk [2013-07-30]
ShortcutTarget: Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Messenger.lnk [2013-07-30]
ShortcutTarget: Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Startup: C:\Users\hradmser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2013-07-26]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=00034243&OHP=http%3A%2F%2Fwww.google.com%2F&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26sourceid%3Die7%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%7D%26ie%3D%7BinputEncoding%3F%7D%26oe%3D%7BoutputEncoding%3F%7D%26rlz%3D
URLSearchHook: [S-1-5-21-3468594284-1836703460-1844533713-1002.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ABAB059D-6A33-47E6-A114-47C5F49FE16A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4F566662-B2D9-4D3E-A54D-6297D62D5565} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ABAB059D-6A33-47E6-A114-47C5F49FE16A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-18] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} hxxp://24.55.24.84/UltraMJCamX.cab
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
DPF: HKLM-x32 {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} hxxp://88.185.10.153/AVC_AX_DVR.cab
DPF: HKLM-x32 {28C08CDD-7AD3-462B-90C7-453E026894A9} hxxp://118.200.203.147:8080/RtspVaPgDec.cab
DPF: HKLM-x32 {297DE2B6-509A-4B36-93C5-A65276606900} hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: HKLM-x32 {3641803B-72A4-4A9A-BA18-F1446F7CCDE4} hxxp://184.33.96.21/UltraHVCamX.cab
DPF: HKLM-x32 {389956FE-3A45-469C-B944-70308E06BAAC} hxxp://50.73.5.165/videocom.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {53049A9A-1122-4673-B8D4-12F545AE3285} hxxps://187.120.105.1/AVC_AX_764.cab
DPF: HKLM-x32 {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} hxxp://99.100.51.10/UltraMJCamX.cab
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://173.15.134.62/AVC_AX_742.cab
DPF: HKLM-x32 {9920E6A5-9B38-4C45-AD2D-5D1AA2B00A6E} hxxp://111.67.156.98:8080/admin/UltraHVCamX.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://80.14.107.215/WebClient.exe
DPF: HKLM-x32 {B8FB8104-FDC9-4339-8AFF-2EE4C8C92998} hxxp://82.136.209.200/AVC_AX_NVR.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://kaercher.webex.com/client/WBXclient-T28L10NSP11-16469/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E1B26101-23FB-4855-9171-F79F29CC7728} hxxp://184.191.173.106/UltraCamX.cab
DPF: HKLM-x32 {E2A2AF54-194A-499D-B6C7-79B646BC0ED6} hxxp://109.90.141.127/UltraCamX.cab
DPF: HKLM-x32 {FB298ECE-4D17-414A-A5E8-FABC938796B2} hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
DPF: HKLM-x32 {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} hxxp://66.102.208.79/user/TSBnwCam.CAB
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.119 208.67.222.222
Tcpip\..\Interfaces\{1F8534AE-B80B-480E-9CE7-B374C5CC3715}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{49E03F19-9279-4D64-8470-5329EFEA388D}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{64BEEBC9-2AA4-4120-A33B-BFE9158CA86E}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{93279B0B-DDAB-4D40-8D82-08770EB48B33}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{DE76D62D-9B37-43C1-ACC4-9BB3254789B3}: [DhcpNameServer] 192.168.1.119 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-14] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-06-01] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @SAP.com/VEViewer,version= -> c:\program files (x86)\sap\sap visual enterprise viewer 7.1\npDeepView.dll [2012-10-06] (SAP AG)
FF Plugin-x32: @SAP.com/VEViewerGAC,version= -> c:\program files (x86)\sap\sap visual enterprise viewer 7.1\npGAC.dll [2012-10-06] (SAP AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @nds.com/PlayerPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @talk.google.com/GoogleTalkPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @talk.google.com/O1DPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @tools.google.com/Google Update;version=3 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @tools.google.com/Google Update;version=9 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: NDS.com/PlayerPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nds.com/PlayerPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: NDS.com/PlayerPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Brandon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-07-02] (Google)
FF Plugin HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Brandon\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-07-02] (Google)
FF Plugin HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O3DPlugin -> C:\Users\Brandon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-02] ()
FF Plugin HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3468594284-1836703460-1844533713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: YouTube Video, Audio and Subtitle Downloader - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-02-18]
FF Extension: FlashGot - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-05]
FF Extension: No Name - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\extensions\{55dce8ba-9dec-4013-937e-adbf9317d990}.xpi [not found]

Chrome:
=======
CHR Profile: C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-07-26]
CHR Extension: (Listhings) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf [2013-07-26]
CHR Extension: (Google Drive) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (No Name) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2015-08-20]
CHR Extension: (YouTube) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Adblock Plus) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-26]
CHR Extension: (Google Search) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (Slick RSS) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealjoljnibpdkocmldliaoojpgdkcdob [2013-07-26]
CHR Extension: (NYTimes) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-07-26]
CHR Extension: (Google Calendar) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-07-26]
CHR Extension: (Logitech Device Detection) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno [2013-07-26]
CHR Extension: (Silver Bird) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2013-07-26]
CHR Extension: (Pandora) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-07-26]
CHR Extension: (Springpad) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2013-07-26]
CHR Extension: (WeatherByte) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlgbglmmkibkhhbnhegkokegdodlgfe [2013-07-26]
CHR Extension: (The QR Code Generator) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2013-07-26]
CHR Extension: (AdBlock) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-18]
CHR Extension: (Cryptocat) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2013-07-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-07-26]
CHR Extension: (Spotify Chrome Extension) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2013-07-26]
CHR Extension: (http://dashboard.zopim.com/#brandon@helmuthre) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\heiaegpadlgddmpmmnmfngknhbagbkoi [2013-07-26]
CHR Extension: (NPR Infinite Player) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-07-26]
CHR Extension: (Forecastfox) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-07-26]
CHR Extension: (Woopra) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmphacbmnlgacefbkmncigniimighbm [2013-07-26]
CHR Extension: (World Time Buddy) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2013-07-26]
CHR Extension: (Google Forms) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2014-01-27]
CHR Extension: (Earth) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-02-10]
CHR Extension: (Typing Test - KeyHero) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-07-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-07-26]
CHR Extension: (Woot) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhoeofncdoaefllgaacgnecchcphphb [2013-07-26]
CHR Extension: (Evernote Web) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-07-26]
CHR Extension: (Googulator) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchmgljjkaeadokijkhefbhpfbihhhda [2013-11-01]
CHR Extension: (Fieldrunners) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2013-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Quick Note) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-07-26]
CHR Extension: (OneDrive) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-07-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR Extension: (Sales Reports for PayPal) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjappafmaeigkimdhepomioacaclnkh [2013-07-26]
CHR Extension: (SeatGeek) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\onidachoajghnfjpiogpjclonkbihagp [2013-07-26]
CHR Extension: (Weather Underground) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-07-26]
CHR Extension: (Gmail) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]
CHR Extension: (Canvas Rider) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-08-08]
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-06-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 ARI Update Service; C:\Program Files (x86)\ARI\ARI Update Service\AriUpdate.Service.exe [38912 2013-02-06] (ARI Network Services) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-15] (CrashPlan) [File not signed]
S2 dkab_device; C:\Windows\system32\DKabcoms.exe [1048576 2012-10-02] ( ) [File not signed]
S2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [593920 2012-10-02] ( ) [File not signed]
S2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [341312 2014-07-16] (FileOpen Systems Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-06-15] (Macrovision Europe Ltd.) [File not signed]
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
S2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 psqlWGE; C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe [455968 2008-08-18] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41616 2012-09-07] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 svctcom; C:\Windows\SysWOW64\svctcom.exe [943744 2015-05-27] (Birch Grove Software, Inc.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-10-17] (Advanced Micro Devices)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-03] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-30] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-14] (DT Soft Ltd)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R5 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [557848 2011-04-25] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-15] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-15] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
S5 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R5 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [104896 2015-01-06] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R5 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [31560 2015-05-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
R5 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R5 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [52856 2012-06-15] (Sonic Solutions)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
S5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-10-17] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
S3 catchme; \??\C:\cf8675309\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-20 10:55 - 2015-08-20 10:55 - 00054060 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\FRST.txt
2015-08-20 10:55 - 2015-08-20 10:55 - 00000000 ____D C:\FRST
2015-08-20 10:49 - 2015-08-20 10:49 - 02173952 _____ (Farbar) C:\Users\brandon.HELMUTHREPAIR\Desktop\FRST64.exe
2015-08-20 10:49 - 2015-08-20 10:49 - 00000546 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\defogger_disable.log
2015-08-20 10:49 - 2015-08-20 10:49 - 00000168 _____ C:\Users\brandon.HELMUTHREPAIR\defogger_reenable
2015-08-20 10:48 - 2015-08-20 10:49 - 00050477 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\Defogger.exe
2015-08-20 09:44 - 2015-08-20 10:02 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-20 09:44 - 2015-08-20 09:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-20 09:12 - 2015-08-20 09:12 - 00000000 _____ C:\autoexec.bat
2015-08-20 03:28 - 2015-08-20 03:41 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-08-19 03:00 - 2015-08-13 07:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:00 - 2015-08-13 06:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 03:00 - 2015-08-13 05:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:00 - 2015-08-13 05:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-18 18:49 - 2015-08-18 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2015-08-18 16:42 - 2015-08-18 16:55 - 00000000 ____D C:\Qoobox
2015-08-18 16:42 - 2015-08-18 16:55 - 00000000 ____D C:\cf8675309
2015-08-18 16:42 - 2015-08-18 16:54 - 00000000 ____D C:\Windows\erdnt
2015-08-18 16:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-18 16:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-18 16:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-18 13:54 - 2015-08-18 13:54 - 00011582 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\HitmanPro_20150818_1354.log
2015-08-18 13:43 - 2015-08-18 13:47 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-18 13:33 - 2015-08-18 13:33 - 00017496 _____ C:\AdwCleaner[C1].txt
2015-08-18 13:28 - 2015-08-20 09:40 - 00000000 ____D C:\AdwCleaner
2015-08-18 13:28 - 2015-08-18 13:30 - 00016538 _____ C:\AdwCleaner[S1].txt
2015-08-18 13:21 - 2015-08-18 13:21 - 00000000 ____D C:\Program Files\stinger
2015-08-18 13:21 - 2015-08-18 13:21 - 00000000 ____D C:\Program Files\McAfee
2015-08-18 08:44 - 2015-08-18 08:44 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core1d0d9bbfde60487.job
2015-08-18 08:43 - 2015-08-18 08:43 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\VirtualStore
2015-08-17 15:29 - 2015-08-20 10:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 15:28 - 2015-08-17 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 15:28 - 2015-08-17 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 15:28 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-17 15:28 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 08:25 - 2015-08-14 08:25 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\{FED3E840-852C-4B80-84D0-839890DB97A9}
2015-08-13 03:14 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:14 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 08:23 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 08:23 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 08:23 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 08:23 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 08:23 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 08:23 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 08:23 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 08:23 - 2015-07-16 14:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 08:23 - 2015-07-16 14:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 08:23 - 2015-07-16 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 08:23 - 2015-07-16 14:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 08:23 - 2015-07-16 14:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 08:23 - 2015-07-16 14:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 08:23 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 08:23 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 08:23 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 08:23 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 08:23 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 08:23 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 08:23 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 08:23 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 08:23 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 08:23 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 08:23 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 08:23 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 08:23 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 08:23 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 08:23 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 08:23 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 08:23 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 08:23 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 08:23 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 08:23 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 08:23 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 08:23 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 08:23 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 08:23 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 08:23 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 08:23 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 08:23 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 08:23 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 08:23 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 08:23 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 08:23 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 08:23 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 08:23 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 08:23 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 08:23 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 08:23 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 08:23 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 08:23 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 08:23 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 08:22 - 2015-07-25 18:17 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 08:22 - 2015-07-25 18:17 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 08:22 - 2015-07-25 15:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 08:22 - 2015-07-25 13:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 08:22 - 2015-07-25 13:09 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 08:22 - 2015-07-25 12:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-08-12 08:22 - 2015-07-25 12:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-08-12 08:22 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 08:22 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 08:22 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 08:22 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 08:22 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 08:22 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 08:22 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 17:09 - 2015-08-11 17:09 - 00000713 _____ C:\Users\brandon.HELMUTHREPAIR\AppData\Local\recently-used.xbel
2015-08-11 15:12 - 2015-08-11 15:12 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\gtk-2.0
2015-08-11 11:44 - 2015-08-11 11:44 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Wireshark
2015-08-11 11:41 - 2015-08-11 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-11 11:41 - 2015-08-11 11:41 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-08-11 11:34 - 2015-08-11 15:11 - 00001857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-11 11:33 - 2015-08-11 11:41 - 00000000 ____D C:\Program Files\Wireshark
2015-08-11 11:31 - 2015-08-11 11:32 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Cisco Packet Tracer 5.3.2
2015-08-11 11:31 - 2015-08-11 11:31 - 00000220 _____ C:\Users\brandon.HELMUTHREPAIR\.packettracer
2015-08-07 08:20 - 2015-08-07 08:20 - 14289144 _____ (BlueStack Systems Inc.) C:\Users\brandon.HELMUTHREPAIR\Downloads\BlueStacks-ThinInstaller.exe
2015-08-07 08:09 - 2015-08-07 08:10 - 00000000 ____D C:\$Windows.~BT
2015-07-29 10:40 - 2015-07-29 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-07-29 10:37 - 2015-07-29 10:37 - 00000000 ____D C:\$Windows.~WS
2015-07-27 11:12 - 2015-07-27 12:12 - 00000000 ____D C:\ProgramData\ScreenConnect Client (b8d3df3f4960a7a8)
2015-07-27 11:12 - 2015-07-27 11:12 - 00000000 ____D C:\Program Files (x86)\ScreenConnect Client (b8d3df3f4960a7a8)
2015-07-27 11:11 - 2015-07-27 11:11 - 01619936 _____ C:\Users\brandon.HELMUTHREPAIR\Downloads\ScreenConnect.ClientSetup.exe
2015-07-27 08:46 - 2015-08-10 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-27 08:46 - 2015-07-27 08:46 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-27 08:46 - 2015-07-27 08:46 - 00000000 ____D C:\Program Files\iTunes
2015-07-27 08:46 - 2015-07-27 08:46 - 00000000 ____D C:\Program Files\iPod
2015-07-27 08:46 - 2015-07-27 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-20 10:49 - 2013-07-19 12:23 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR
2015-08-20 10:12 - 2009-07-14 00:13 - 00816466 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-20 10:06 - 2013-09-09 17:07 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy
2015-08-20 10:06 - 2013-07-19 11:56 - 00000152 _____ C:\Windows\system32\config\netlogon.ftl
2015-08-20 10:05 - 2013-07-26 11:05 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Downloads\D7
2015-08-20 10:05 - 2012-03-09 11:53 - 01454424 _____ C:\Windows\WindowsUpdate.log
2015-08-20 09:54 - 2012-07-05 14:36 - 00000492 _____ C:\Windows\Tasks\PartSmartUpdateManager.job
2015-08-20 09:50 - 2012-06-14 11:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 09:49 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 09:49 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-20 09:43 - 2012-03-09 12:05 - 00001754 _____ C:\Windows\system32\ServiceFilter.ini
2015-08-20 09:42 - 2013-07-29 09:53 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116UA.job
2015-08-20 09:42 - 2012-06-14 11:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-20 09:41 - 2012-03-09 12:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-20 09:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-20 09:41 - 2009-07-13 23:51 - 00185455 _____ C:\Windows\setupact.log
2015-08-20 09:40 - 2012-06-14 12:32 - 00000000 ____D C:\ProgramData\Pervasive
2015-08-20 09:32 - 2012-07-30 08:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 09:29 - 2012-09-10 15:06 - 00002368 _____ C:\Users\Brandon\Desktop\Bing Ads Editor 9.0.lnk
2015-08-20 09:29 - 2012-08-14 13:04 - 00001988 _____ C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-08-20 09:29 - 2012-06-14 10:48 - 00002537 _____ C:\Users\Brandon\Desktop\Google Chrome.lnk
2015-08-20 09:26 - 2015-03-09 11:33 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Sling_cache
2015-08-20 09:20 - 2012-06-14 10:47 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001UA.job
2015-08-20 08:21 - 2013-08-02 13:07 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\.VirtualBox
2015-08-20 08:20 - 2012-06-14 10:47 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001Core.job
2015-08-19 08:50 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-19 08:48 - 2015-02-04 15:26 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Downloads\D7 New
2015-08-19 08:42 - 2013-07-29 09:53 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core.job
2015-08-18 17:38 - 2013-07-26 12:54 - 00000000 ____D C:\Support
2015-08-18 17:34 - 2014-11-24 15:42 - 00000000 ____D C:\Program Files (x86)\fabulousmozzi
2015-08-18 16:56 - 2011-10-17 22:58 - 00645002 _____ C:\Windows\PFRO.log
2015-08-18 16:53 - 2013-08-08 13:34 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Autobahn
2015-08-18 16:53 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-08-18 16:47 - 2012-03-09 12:08 - 00000000 ____D C:\ProgramData\Temp
2015-08-18 16:46 - 2014-12-19 09:59 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\OBS
2015-08-18 16:30 - 2013-08-01 12:17 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\FedEx
2015-08-18 16:07 - 2013-01-02 14:57 - 00000000 ____D C:\Program Files (x86)\SiteKiosk
2015-08-18 13:20 - 2013-07-26 09:27 - 00002282 ____H C:\Users\brandon.HELMUTHREPAIR\Documents\Default.rdp
2015-08-18 08:59 - 2013-07-26 10:59 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla
2015-08-18 08:50 - 2012-06-14 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-18 08:44 - 2012-06-14 11:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-18 08:44 - 2012-06-14 11:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-18 08:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2015-08-17 15:28 - 2014-08-07 10:19 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Malwarebytes
2015-08-17 15:28 - 2014-08-07 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 15:28 - 2014-08-07 10:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-08-17 11:21 - 2013-07-22 13:57 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\TeamViewer
2015-08-14 08:13 - 2013-07-19 12:23 - 00000000 ___RD C:\Users\brandon.HELMUTHREPAIR\Virtual Machines
2015-08-13 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 03:31 - 2012-06-14 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:31 - 2012-06-14 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:31 - 2009-07-13 23:45 - 00566992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:30 - 2015-04-15 03:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:30 - 2014-05-06 17:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:14 - 2012-06-14 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:07 - 2013-08-06 08:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 03:00 - 2012-06-14 10:44 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 08:32 - 2012-07-30 08:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 08:32 - 2012-06-14 10:48 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 08:32 - 2012-06-14 10:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 17:20 - 2013-07-26 10:56 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Desktop\TractorHouse
2015-08-11 08:07 - 2013-08-08 08:55 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai
2015-08-10 20:04 - 2014-12-05 14:48 - 00000000 ____D C:\Windows\SysWOW64\aamdata
2015-08-07 09:35 - 2014-10-07 09:59 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-08-07 09:35 - 2014-10-07 09:59 - 00003066 _____ C:\Windows\LkmdfCoInst.log
2015-08-07 08:21 - 2014-09-15 13:53 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-08-07 08:19 - 2014-09-15 13:54 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-08-07 08:10 - 2009-07-29 01:03 - 00000000 ____D C:\Windows\Panther
2015-08-05 08:24 - 2012-06-15 11:52 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-05 08:24 - 2012-06-15 11:51 - 00039878 _____ C:\Windows\LDPINST.LOG
2015-08-05 08:24 - 2012-06-15 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-05 08:24 - 2012-06-15 11:51 - 00000000 ____D C:\Program Files\Logitech
2015-08-05 08:24 - 2012-06-15 11:51 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2015-08-05 08:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-08-03 17:31 - 2013-07-31 10:34 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Spotify
2015-08-03 14:14 - 2013-07-31 10:34 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Spotify
2015-08-03 14:10 - 2012-08-14 13:04 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Spotify
2015-07-27 08:46 - 2012-06-14 11:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 15:31 - 2014-02-25 13:45 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2012-06-14 12:27 - 2013-08-05 09:38 - 0008260 _____ () C:\Program Files (x86)\DeaInstall.log
2013-09-05 16:22 - 2013-09-05 16:22 - 0000627 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-12-20 09:14 - 2014-04-24 11:01 - 0001806 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Network Meter_Settings.ini
2013-09-05 17:33 - 2014-04-28 17:30 - 0000027 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Network Meter_Usage.ini
2015-08-11 17:09 - 2015-08-11 17:09 - 0000713 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Local\recently-used.xbel
2014-12-15 18:09 - 2014-12-15 18:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-11 14:45 - 2012-09-11 14:45 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-06-14 12:25 - 2013-07-26 13:06 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-08-09 08:02 - 2013-12-23 23:26 - 0000252 _____ () C:\ProgramData\lxea.log
2012-09-13 11:53 - 2013-04-02 12:00 - 0000370 _____ () C:\ProgramData\lxeaDiagnostics.log
2012-08-10 09:12 - 2012-09-11 14:45 - 0002224 _____ () C:\ProgramData\lxeaJSW.log
2012-06-14 12:23 - 2014-04-10 08:05 - 0050115 _____ () C:\ProgramData\lxeascan.log
2012-09-11 14:45 - 2012-09-11 14:45 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-06-14 12:22 - 2012-06-14 12:22 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-03-09 12:09 - 2012-03-09 12:10 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-09 12:08 - 2012-03-09 12:09 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-09 12:08 - 2012-03-09 12:08 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\brandon.HELMUTHREPAIR\Network_Meter_Data.js

Some files in TEMP:
====================
C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Temp\dllnt_dump.dll
C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 12:17

==================== End of log ============================

 

Attached File  Addition.txt   90.12KB   1 downloads



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 20 August 2015 - 03:24 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

Please try to complete the steps and reply at least every 24 hours.  If you find that your delayed just post a quick reply here and let me know!!  After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

<<<<<<<<<<

Lastly if you have not already done so you should consider backing up your important data - pictures, documents, etc... Worse case scenario is need for a wipe and reinstall your operating system to its factory settings. Therefore your precious data will be salvaged. There are both free and paid applications available.

Cobian Backup
DriveImage XML
CrashPlan
 
<<<<<<<<<<

 

Are you able to boot into normal mode?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Brandon (administrator) on BRANDON-NB (20-08-2015 10:55:21)
Running from C:\Users\brandon.HELMUTHREPAIR\Desktop
Loaded Profiles: Brandon &  (Available Profiles: HRADMSER & Brandon & Brandon)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)

 

 

If you can boot into normal mode then please re-scan for me there..

 

Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

 

Thanks,

thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 bhelm22

bhelm22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 20 August 2015 - 03:53 PM

thanks thcbytes! Yes I can boot into normal mode, here are the logs...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Brandon (administrator) on BRANDON-NB (20-08-2015 15:50:10)
Running from C:\Users\brandon.HELMUTHREPAIR\Desktop
Loaded Profiles: Brandon (Available Profiles: HRADMSER & Brandon & Brandon)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ARI Network Services) C:\Program Files (x86)\ARI\ARI Update Service\AriUpdate.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
( ) C:\Windows\System32\dkabcoms.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
( ) C:\Windows\System32\lxeacoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\svctcom.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\scthost.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\trmhost.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Akamai Technologies, Inc.) C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai\netsession_win.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Macro Scheduler 12\msched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1317184 2014-07-16] (FileOpen Systems Inc.)
HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [648984 2014-08-20] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [414208 2015-07-07] (Code 42 Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-06-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Akamai NetSession Interface] => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Amazon Music] => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [GoogleChromeAutoLaunch_EC2C97654CB2141846B5084D2C9D83A5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Run: [Spotify Web Helper] => C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-08-03] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2012-06-18]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Scheduler.lnk [2012-06-18]
ShortcutTarget: Macro Scheduler.lnk -> C:\Program Files (x86)\Macro Scheduler 12\msched.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014-03-26]
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Messenger.lnk [2013-07-30]
ShortcutTarget: Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Messenger.lnk [2013-07-30]
ShortcutTarget: Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Startup: C:\Users\hradmser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2013-07-26]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-01-09] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-18] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-18] (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} hxxp://24.55.24.84/UltraMJCamX.cab
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
DPF: HKLM-x32 {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} hxxp://88.185.10.153/AVC_AX_DVR.cab
DPF: HKLM-x32 {28C08CDD-7AD3-462B-90C7-453E026894A9} hxxp://118.200.203.147:8080/RtspVaPgDec.cab
DPF: HKLM-x32 {297DE2B6-509A-4B36-93C5-A65276606900} hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: HKLM-x32 {3641803B-72A4-4A9A-BA18-F1446F7CCDE4} hxxp://184.33.96.21/UltraHVCamX.cab
DPF: HKLM-x32 {389956FE-3A45-469C-B944-70308E06BAAC} hxxp://50.73.5.165/videocom.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {53049A9A-1122-4673-B8D4-12F545AE3285} hxxps://187.120.105.1/AVC_AX_764.cab
DPF: HKLM-x32 {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} hxxp://99.100.51.10/UltraMJCamX.cab
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://173.15.134.62/AVC_AX_742.cab
DPF: HKLM-x32 {9920E6A5-9B38-4C45-AD2D-5D1AA2B00A6E} hxxp://111.67.156.98:8080/admin/UltraHVCamX.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://80.14.107.215/WebClient.exe
DPF: HKLM-x32 {B8FB8104-FDC9-4339-8AFF-2EE4C8C92998} hxxp://82.136.209.200/AVC_AX_NVR.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://kaercher.webex.com/client/WBXclient-T28L10NSP11-16469/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E1B26101-23FB-4855-9171-F79F29CC7728} hxxp://184.191.173.106/UltraCamX.cab
DPF: HKLM-x32 {E2A2AF54-194A-499D-B6C7-79B646BC0ED6} hxxp://109.90.141.127/UltraCamX.cab
DPF: HKLM-x32 {FB298ECE-4D17-414A-A5E8-FABC938796B2} hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
DPF: HKLM-x32 {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} hxxp://66.102.208.79/user/TSBnwCam.CAB
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.119 208.67.222.222
Tcpip\..\Interfaces\{1F8534AE-B80B-480E-9CE7-B374C5CC3715}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{49E03F19-9279-4D64-8470-5329EFEA388D}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{64BEEBC9-2AA4-4120-A33B-BFE9158CA86E}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{93279B0B-DDAB-4D40-8D82-08770EB48B33}: [NameServer] 192.168.1.119
Tcpip\..\Interfaces\{DE76D62D-9B37-43C1-ACC4-9BB3254789B3}: [DhcpNameServer] 192.168.1.119 208.67.222.222
 
FireFox:
========
FF ProfilePath: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-14] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-06-01] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @SAP.com/VEViewer,version= -> c:\program files (x86)\sap\sap visual enterprise viewer 7.1\npDeepView.dll [2012-10-06] (SAP AG)
FF Plugin-x32: @SAP.com/VEViewerGAC,version= -> c:\program files (x86)\sap\sap visual enterprise viewer 7.1\npGAC.dll [2012-10-06] (SAP AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @nds.com/PlayerPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @talk.google.com/GoogleTalkPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @talk.google.com/O1DPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @tools.google.com/Google Update;version=3 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: @tools.google.com/Google Update;version=9 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1780583937-3275181368-4168154308-1116: NDS.com/PlayerPlugin -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: YouTube Video, Audio and Subtitle Downloader - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-02-18]
FF Extension: FlashGot - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-05]
FF Extension: No Name - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\extensions\{55dce8ba-9dec-4013-937e-adbf9317d990}.xpi [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-07-26]
CHR Extension: (Listhings) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf [2013-07-26]
CHR Extension: (Google Drive) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (No Name) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2015-08-20]
CHR Extension: (YouTube) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Adblock Plus) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-26]
CHR Extension: (Google Search) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (Slick RSS) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealjoljnibpdkocmldliaoojpgdkcdob [2013-07-26]
CHR Extension: (NYTimes) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-07-26]
CHR Extension: (Google Calendar) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-07-26]
CHR Extension: (Logitech Device Detection) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno [2013-07-26]
CHR Extension: (Silver Bird) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2013-07-26]
CHR Extension: (Pandora) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-07-26]
CHR Extension: (Springpad) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2013-07-26]
CHR Extension: (WeatherByte) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlgbglmmkibkhhbnhegkokegdodlgfe [2013-07-26]
CHR Extension: (The QR Code Generator) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2013-07-26]
CHR Extension: (AdBlock) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-18]
CHR Extension: (Cryptocat) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2013-07-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-07-26]
CHR Extension: (Spotify Chrome Extension) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2013-07-26]
CHR Extension: (http://dashboard.zopim.com/#brandon@helmuthre) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\heiaegpadlgddmpmmnmfngknhbagbkoi [2013-07-26]
CHR Extension: (NPR Infinite Player) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-07-26]
CHR Extension: (Forecastfox) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-07-26]
CHR Extension: (Woopra) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmphacbmnlgacefbkmncigniimighbm [2013-07-26]
CHR Extension: (World Time Buddy) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2013-07-26]
CHR Extension: (Google Forms) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2014-01-27]
CHR Extension: (Earth) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-02-10]
CHR Extension: (Typing Test - KeyHero) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-07-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-07-26]
CHR Extension: (Woot) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhoeofncdoaefllgaacgnecchcphphb [2013-07-26]
CHR Extension: (Evernote Web) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-07-26]
CHR Extension: (Googulator) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchmgljjkaeadokijkhefbhpfbihhhda [2013-11-01]
CHR Extension: (Fieldrunners) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2013-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Quick Note) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-07-26]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2015-08-20]
CHR Extension: (OneDrive) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-07-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR Extension: (Sales Reports for PayPal) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjappafmaeigkimdhepomioacaclnkh [2013-07-26]
CHR Extension: (SeatGeek) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\onidachoajghnfjpiogpjclonkbihagp [2013-07-26]
CHR Extension: (Weather Underground) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-07-26]
CHR Extension: (Gmail) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]
CHR Extension: (Canvas Rider) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-08-08]
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-06-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ARI Update Service; C:\Program Files (x86)\ARI\ARI Update Service\AriUpdate.Service.exe [38912 2013-02-06] (ARI Network Services) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-15] (CrashPlan) [File not signed]
R2 dkab_device; C:\Windows\system32\DKabcoms.exe [1048576 2012-10-02] ( ) [File not signed]
R2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [593920 2012-10-02] ( ) [File not signed]
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [341312 2014-07-16] (FileOpen Systems Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-06-15] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 psqlWGE; C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe [455968 2008-08-18] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41616 2012-09-07] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 svctcom; C:\Windows\SysWOW64\svctcom.exe [943744 2015-05-27] (Birch Grove Software, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-10-17] (Advanced Micro Devices)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-03] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-30] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-14] (DT Soft Ltd)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R5 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [557848 2011-04-25] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-15] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-15] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
R5 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R5 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [104896 2015-01-06] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R5 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [31560 2015-05-28] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
R5 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R5 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [52856 2012-06-15] (Sonic Solutions)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-10-17] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
S3 catchme; \??\C:\cf8675309\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-20 10:55 - 2015-08-20 15:50 - 00052466 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\FRST.txt
2015-08-20 10:55 - 2015-08-20 15:50 - 00000000 ____D C:\FRST
2015-08-20 10:49 - 2015-08-20 10:49 - 02173952 _____ (Farbar) C:\Users\brandon.HELMUTHREPAIR\Desktop\FRST64.exe
2015-08-20 10:49 - 2015-08-20 10:49 - 00000546 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\defogger_disable.log
2015-08-20 10:49 - 2015-08-20 10:49 - 00000168 _____ C:\Users\brandon.HELMUTHREPAIR\defogger_reenable
2015-08-20 10:48 - 2015-08-20 10:49 - 00050477 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\Defogger.exe
2015-08-20 09:44 - 2015-08-20 10:02 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-20 09:44 - 2015-08-20 09:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-20 09:12 - 2015-08-20 09:12 - 00000000 _____ C:\autoexec.bat
2015-08-20 03:28 - 2015-08-20 03:41 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-08-19 03:00 - 2015-08-13 07:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:00 - 2015-08-13 06:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 03:00 - 2015-08-13 05:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:00 - 2015-08-13 05:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-18 18:49 - 2015-08-18 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2015-08-18 16:42 - 2015-08-18 16:55 - 00000000 ____D C:\Qoobox
2015-08-18 16:42 - 2015-08-18 16:55 - 00000000 ____D C:\cf8675309
2015-08-18 16:42 - 2015-08-18 16:54 - 00000000 ____D C:\Windows\erdnt
2015-08-18 16:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-18 16:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-18 16:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-18 16:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-18 13:54 - 2015-08-18 13:54 - 00011582 _____ C:\Users\brandon.HELMUTHREPAIR\Desktop\HitmanPro_20150818_1354.log
2015-08-18 13:43 - 2015-08-18 13:47 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-18 13:33 - 2015-08-18 13:33 - 00017496 _____ C:\AdwCleaner[C1].txt
2015-08-18 13:28 - 2015-08-20 09:40 - 00000000 ____D C:\AdwCleaner
2015-08-18 13:28 - 2015-08-18 13:30 - 00016538 _____ C:\AdwCleaner[S1].txt
2015-08-18 13:21 - 2015-08-18 13:21 - 00000000 ____D C:\Program Files\stinger
2015-08-18 13:21 - 2015-08-18 13:21 - 00000000 ____D C:\Program Files\McAfee
2015-08-18 08:44 - 2015-08-18 08:44 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core1d0d9bbfde60487.job
2015-08-18 08:43 - 2015-08-18 08:43 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\VirtualStore
2015-08-17 15:29 - 2015-08-20 10:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 15:28 - 2015-08-17 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 15:28 - 2015-08-17 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 15:28 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-17 15:28 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 08:25 - 2015-08-14 08:25 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\{FED3E840-852C-4B80-84D0-839890DB97A9}
2015-08-13 03:14 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:14 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 08:23 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 08:23 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 08:23 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 08:23 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 08:23 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 08:23 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 08:23 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 08:23 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 08:23 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 08:23 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 08:23 - 2015-07-16 14:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 08:23 - 2015-07-16 14:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 08:23 - 2015-07-16 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 08:23 - 2015-07-16 14:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 08:23 - 2015-07-16 14:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 08:23 - 2015-07-16 14:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 08:23 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 08:23 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 08:23 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 08:23 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 08:23 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 08:23 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 08:23 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 08:23 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 08:23 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 08:23 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 08:23 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 08:23 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 08:23 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 08:23 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 08:23 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 08:23 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 08:23 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 08:23 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 08:23 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 08:23 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 08:23 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 08:23 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 08:23 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 08:23 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 08:23 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 08:23 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 08:23 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 08:23 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 08:23 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 08:23 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 08:23 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 08:23 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 08:23 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 08:23 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 08:23 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 08:23 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 08:23 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 08:23 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 08:23 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 08:23 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 08:23 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 08:23 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 08:23 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 08:23 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 08:23 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 08:22 - 2015-07-25 18:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 08:22 - 2015-07-25 18:17 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 08:22 - 2015-07-25 18:17 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 08:22 - 2015-07-25 18:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 08:22 - 2015-07-25 15:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 08:22 - 2015-07-25 15:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 08:22 - 2015-07-25 15:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 08:22 - 2015-07-25 13:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 08:22 - 2015-07-25 13:09 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 08:22 - 2015-07-25 12:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-08-12 08:22 - 2015-07-25 12:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-08-12 08:22 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 08:22 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 08:22 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 08:22 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 08:22 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 08:22 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 08:22 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 08:22 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 08:22 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 17:09 - 2015-08-11 17:09 - 00000713 _____ C:\Users\brandon.HELMUTHREPAIR\AppData\Local\recently-used.xbel
2015-08-11 15:12 - 2015-08-11 15:12 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\gtk-2.0
2015-08-11 11:44 - 2015-08-11 11:44 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Wireshark
2015-08-11 11:41 - 2015-08-11 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-11 11:41 - 2015-08-11 11:41 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-08-11 11:34 - 2015-08-11 15:11 - 00001857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-11 11:33 - 2015-08-11 11:41 - 00000000 ____D C:\Program Files\Wireshark
2015-08-11 11:31 - 2015-08-11 11:32 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Cisco Packet Tracer 5.3.2
2015-08-11 11:31 - 2015-08-11 11:31 - 00000220 _____ C:\Users\brandon.HELMUTHREPAIR\.packettracer
2015-08-07 08:20 - 2015-08-07 08:20 - 14289144 _____ (BlueStack Systems Inc.) C:\Users\brandon.HELMUTHREPAIR\Downloads\BlueStacks-ThinInstaller.exe
2015-08-07 08:09 - 2015-08-07 08:10 - 00000000 ____D C:\$Windows.~BT
2015-07-29 10:40 - 2015-07-29 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-07-29 10:37 - 2015-07-29 10:37 - 00000000 ____D C:\$Windows.~WS
2015-07-27 11:12 - 2015-07-27 12:12 - 00000000 ____D C:\ProgramData\ScreenConnect Client (b8d3df3f4960a7a8)
2015-07-27 11:12 - 2015-07-27 11:12 - 00000000 ____D C:\Program Files (x86)\ScreenConnect Client (b8d3df3f4960a7a8)
2015-07-27 11:11 - 2015-07-27 11:11 - 01619936 _____ C:\Users\brandon.HELMUTHREPAIR\Downloads\ScreenConnect.ClientSetup.exe
2015-07-27 08:46 - 2015-08-10 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-27 08:46 - 2015-07-27 08:46 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-27 08:46 - 2015-07-27 08:46 - 00000000 ____D C:\Program Files\iTunes
2015-07-27 08:46 - 2015-07-27 08:46 - 00000000 ____D C:\Program Files\iPod
2015-07-27 08:46 - 2015-07-27 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-20 15:49 - 2012-06-14 11:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 15:48 - 2012-06-14 12:32 - 00000000 ____D C:\ProgramData\Pervasive
2015-08-20 15:42 - 2013-07-29 09:53 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116UA.job
2015-08-20 15:40 - 2012-03-09 11:53 - 01472890 _____ C:\Windows\WindowsUpdate.log
2015-08-20 15:32 - 2012-07-30 08:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 15:20 - 2012-06-14 10:47 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001UA.job
2015-08-20 14:57 - 2013-07-19 11:56 - 00000152 _____ C:\Windows\system32\config\netlogon.ftl
2015-08-20 12:57 - 2012-08-03 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FedEx
2015-08-20 11:52 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 11:52 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-20 11:48 - 2013-07-26 09:27 - 00002282 ____H C:\Users\brandon.HELMUTHREPAIR\Documents\Default.rdp
2015-08-20 11:27 - 2009-07-14 00:13 - 00816466 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-20 11:21 - 2013-09-09 17:07 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy
2015-08-20 11:21 - 2012-06-14 11:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-20 11:21 - 2012-03-09 12:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-20 11:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-20 11:21 - 2009-07-13 23:51 - 00185623 _____ C:\Windows\setupact.log
2015-08-20 10:49 - 2013-07-19 12:23 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR
2015-08-20 10:05 - 2013-07-26 11:05 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Downloads\D7
2015-08-20 09:54 - 2012-07-05 14:36 - 00000492 _____ C:\Windows\Tasks\PartSmartUpdateManager.job
2015-08-20 09:43 - 2012-03-09 12:05 - 00001754 _____ C:\Windows\system32\ServiceFilter.ini
2015-08-20 09:29 - 2012-09-10 15:06 - 00002368 _____ C:\Users\Brandon\Desktop\Bing Ads Editor 9.0.lnk
2015-08-20 09:29 - 2012-08-14 13:04 - 00001988 _____ C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-08-20 09:29 - 2012-06-14 10:48 - 00002537 _____ C:\Users\Brandon\Desktop\Google Chrome.lnk
2015-08-20 09:26 - 2015-03-09 11:33 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Sling_cache
2015-08-20 08:21 - 2013-08-02 13:07 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\.VirtualBox
2015-08-20 08:20 - 2012-06-14 10:47 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001Core.job
2015-08-19 08:50 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-19 08:48 - 2015-02-04 15:26 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Downloads\D7 New
2015-08-19 08:42 - 2013-07-29 09:53 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core.job
2015-08-18 17:38 - 2013-07-26 12:54 - 00000000 ____D C:\Support
2015-08-18 17:34 - 2014-11-24 15:42 - 00000000 ____D C:\Program Files (x86)\fabulousmozzi
2015-08-18 16:56 - 2011-10-17 22:58 - 00645002 _____ C:\Windows\PFRO.log
2015-08-18 16:53 - 2013-08-08 13:34 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Autobahn
2015-08-18 16:53 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-08-18 16:47 - 2012-03-09 12:08 - 00000000 ____D C:\ProgramData\Temp
2015-08-18 16:46 - 2014-12-19 09:59 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\OBS
2015-08-18 16:30 - 2013-08-01 12:17 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\FedEx
2015-08-18 16:07 - 2013-01-02 14:57 - 00000000 ____D C:\Program Files (x86)\SiteKiosk
2015-08-18 08:59 - 2013-07-26 10:59 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla
2015-08-18 08:50 - 2012-06-14 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-18 08:44 - 2012-06-14 11:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-18 08:44 - 2012-06-14 11:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-18 08:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2015-08-17 15:28 - 2014-08-07 10:19 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Malwarebytes
2015-08-17 15:28 - 2014-08-07 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 15:28 - 2014-08-07 10:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-08-17 11:21 - 2013-07-22 13:57 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\TeamViewer
2015-08-14 08:13 - 2013-07-19 12:23 - 00000000 ___RD C:\Users\brandon.HELMUTHREPAIR\Virtual Machines
2015-08-13 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 03:31 - 2012-06-14 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:31 - 2012-06-14 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:31 - 2009-07-13 23:45 - 00566992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:30 - 2015-04-15 03:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:30 - 2014-05-06 17:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:14 - 2012-06-14 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:07 - 2013-08-06 08:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 03:00 - 2012-06-14 10:44 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 08:32 - 2012-07-30 08:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 08:32 - 2012-06-14 10:48 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 08:32 - 2012-06-14 10:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 17:20 - 2013-07-26 10:56 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\Desktop\TractorHouse
2015-08-11 08:07 - 2013-08-08 08:55 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Akamai
2015-08-10 20:04 - 2014-12-05 14:48 - 00000000 ____D C:\Windows\SysWOW64\aamdata
2015-08-07 09:35 - 2014-10-07 09:59 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-08-07 09:35 - 2014-10-07 09:59 - 00003066 _____ C:\Windows\LkmdfCoInst.log
2015-08-07 08:21 - 2014-09-15 13:53 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-08-07 08:19 - 2014-09-15 13:54 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-08-07 08:10 - 2009-07-29 01:03 - 00000000 ____D C:\Windows\Panther
2015-08-05 08:24 - 2012-06-15 11:52 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-05 08:24 - 2012-06-15 11:51 - 00039878 _____ C:\Windows\LDPINST.LOG
2015-08-05 08:24 - 2012-06-15 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-05 08:24 - 2012-06-15 11:51 - 00000000 ____D C:\Program Files\Logitech
2015-08-05 08:24 - 2012-06-15 11:51 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2015-08-05 08:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-08-03 17:31 - 2013-07-31 10:34 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Spotify
2015-08-03 14:14 - 2013-07-31 10:34 - 00000000 ____D C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Spotify
2015-08-03 14:10 - 2012-08-14 13:04 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Spotify
2015-07-27 08:46 - 2012-06-14 11:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 15:31 - 2014-02-25 13:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2012-06-14 12:27 - 2013-08-05 09:38 - 0008260 _____ () C:\Program Files (x86)\DeaInstall.log
2013-09-05 16:22 - 2013-09-05 16:22 - 0000627 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-12-20 09:14 - 2014-04-24 11:01 - 0001806 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Network Meter_Settings.ini
2013-09-05 17:33 - 2014-04-28 17:30 - 0000027 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Network Meter_Usage.ini
2015-08-11 17:09 - 2015-08-11 17:09 - 0000713 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Local\recently-used.xbel
2014-12-15 18:09 - 2014-12-15 18:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-11 14:45 - 2012-09-11 14:45 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-06-14 12:25 - 2013-07-26 13:06 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-08-09 08:02 - 2013-12-23 23:26 - 0000252 _____ () C:\ProgramData\lxea.log
2012-09-13 11:53 - 2013-04-02 12:00 - 0000370 _____ () C:\ProgramData\lxeaDiagnostics.log
2012-08-10 09:12 - 2012-09-11 14:45 - 0002224 _____ () C:\ProgramData\lxeaJSW.log
2012-06-14 12:23 - 2014-04-10 08:05 - 0050115 _____ () C:\ProgramData\lxeascan.log
2012-09-11 14:45 - 2012-09-11 14:45 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-06-14 12:22 - 2012-06-14 12:22 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-03-09 12:09 - 2012-03-09 12:10 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-09 12:08 - 2012-03-09 12:09 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-09 12:08 - 2012-03-09 12:08 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\Users\brandon.HELMUTHREPAIR\Network_Meter_Data.js
 
 
Some files in TEMP:
====================
C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Temp\dllnt_dump.dll
C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 12:17
 
==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Brandon (2015-08-20 15:50:33)
Running from C:\Users\brandon.HELMUTHREPAIR\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3468594284-1836703460-1844533713-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3468594284-1836703460-1844533713-1004 - Limited - Enabled)
Brandon (S-1-5-21-3468594284-1836703460-1844533713-1001 - Administrator - Enabled) => C:\Users\Brandon
Guest (S-1-5-21-3468594284-1836703460-1844533713-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader for ScanSnap ™ 5.0 (HKLM-x32\...\{FB300000-0002-0000-0000-074957833700}) (Version: 11.0.159 - ABBYY)
ActivTrak Agent v4.2.2 (x32 Version: 4.2.2.0 - Birch Grove Software, Inc.) Hidden
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.12 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
AirDroid 3.0.1 (HKLM-x32\...\AirDroid) (Version: 3.0.1 - Sand Studio)
Akamai NetSession Interface (HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARI Update Service 2.1.15 (HKLM-x32\...\{69C61734-C8AE-4F91-A27B-7CCCF6C45AA6}) (Version: 2.1.15 - ARI)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.23 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
AutoHotkey 1.1.21.03 (HKLM-x32\...\AutoHotkey) (Version: 1.1.21.03 - Lexikos)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bing Ads Editor (x32 Version: 9.0.11588.0 - Microsoft Corporation) Hidden
Bing Ads Editor Prerequisites (HKLM-x32\...\{a39df719-e5d6-40f9-b583-68155151e97d}) (Version: 9.0.11588.0 - )
BitTorrent (HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\BitTorrent) (Version: 7.9.2.32895 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.34.4278 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.1L21 - PFU)
CardMinder V5.0 (x32 Version: 5.0.10.1 - PFU) Hidden
Catan Online World (HKLM-x32\...\Catan Online Welt) (Version: 3.926 - Catan GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3.2 (HKLM-x32\...\Cisco Packet Tracer 5.3.2_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (HKLM\...\{3C84B23A-B4D7-4EBB-907F-9A13A220F5FB}) (Version: 1.36.538.0 - Barracuda Networks, Inc.)
CrashPlan (HKLM\...\{82BBFD96-8964-443D-9813-BEE97000E905}) (Version: 3.2 - CrashPlan)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Dell Printer Software Uninstall (HKLM\...\Dell_HostCD) (Version:  - Dell, Inc.)
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
EPSON TWAIN 5 (HKLM-x32\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
ePUBee DRM Removal 1.3.2 (HKLM-x32\...\{F38AD1B2-1385-4D94-8BD6-652A757A0054}_is1) (Version:  - www.ePUBee.com.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FedEx Desktop (HKLM-x32\...\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1) (Version: 2.03 - FedEx Corporation)
FedEx Desktop (x32 Version: 2.03 - FedEx Corporation) Hidden
FileOpen Client (x64) (HKLM\...\{65752A79-EA8A-4B01-A017-B74606C08AF3}) (Version: 3.0.75.918 - FileOpen Systems, Inc.)
FileOpen Client (x64) (HKLM\...\{B239E0BC-D88A-47B1-935B-9707C7EB9CC9}) (Version: 3.0.83.920 - FileOpen Systems, Inc.)
FileOpen Client (x64) B945 (HKLM\...\{739832CC-EAFB-4E1D-A306-CE21B836AC6F}) (Version: 3.0.105.945 - FileOpen Systems, Inc.)
FileZilla Client 3.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Foxit Reader (HKLM-x32\...\{27E3028E-06C8-4C09-8C3E-07F7F508304E}) (Version: 5.3.1.606 - Foxit Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Apps Migration For Microsoft Outlook® 3.4.27.52 (HKLM-x32\...\{65960C6E-BFA2-4FE7-A1BC-8028F3072566}) (Version: 3.4.27.52 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM-x32\...\{799A7E2B-388F-4BDE-B55B-47AF42C6440A}) (Version: 3.7.410.1100 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}) (Version: 4.2.1.14031 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iN DMS Setup (HKLM-x32\...\{8E75E709-41E1-414B-8E99-76B5C9D88B26}) (Version: 1.03.0000 - American Honda Motor Company, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.26 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
LibreOffice 4.0.0.3 (HKLM-x32\...\{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}) (Version: 4.0.0.3 - The Document Foundation)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Macro Scheduler Lite (HKLM-x32\...\Macro Scheduler Lite 11) (Version: 12.1.10 - MJT Net Ltd)
Magic Desktop (HKLM-x32\...\{A96758C2-3ED3-4035-BD35-7194ED35AB92}) (Version: 1.00.2250 - PFU LIMITED)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2010 (x86) (HKLM-x32\...\{ED3ED369-0D20-4F6E-9CBA-22EDDC171199}) (Version: 10.0.30319.314 - SAP)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NexDef Plug-in (HKLM-x32\...\Autobahn) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.3 - )
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PartSmart 8 (HKLM-x32\...\{83E1916D-0D14-43F2-B3E6-1BCB7E831704}) (Version: 8.13.033 - ARI)
Pervasive PSQL v10 Workgroup (32-bit) (HKLM-x32\...\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}) (Version: 10.01.073 - Pervasive Software)
PlayerLiteHJ 1.0.4.1.LHJ (HKLM-x32\...\{B435433C-110A-4853-843A-7BD1EE59624E}_is1) (Version: 1.0.4.1.LHJ - AVTECH)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.3.00.04221 - Sony Corporation)
Q500 GUI version 1.0 (HKLM-x32\...\{05282008-69B0-409A-8B05-CB77A5E0D99E}_is1) (Version: 1.0 - Yuneec)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Rack2-Filer Smart (HKLM-x32\...\{3793727D-CC1F-40CC-BEA6-1E04539714ED}) (Version: 1.00.0012 - PFU LIMITED)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.9.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
RotoWire Baseball Software 2013 (HKLM-x32\...\{F21764C7-2832-4A6C-A3F2-FBDF07D8F96D}_is1) (Version:  - Roto Sports, Inc)
Sage DacEasy Version 2014 (HKLM-x32\...\{1849A50D-C34C-4128-ADE2-22D9B257D426}) (Version: 22.0.0 - Sage Software, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SAP Visual Enterprise Viewer 7.1 (HKLM-x32\...\SAP Visual Enterprise Viewer 71) (Version: 7.1.0.475 - SAP AG)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.2L22 - PFU)
ScanSnap Manager (x32 Version: 6.1.11.2.4 - PFU) Hidden
ScanSnap Manager (x32 Version: 6.2.22.1.2 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.1L42 - PFU)
ScanSnap Organizer (x32 Version: 5.0.11.1 - PFU LIMITED) Hidden
ScreenConnect Client (2cc95372cf6dddbb) (HKLM-x32\...\{82D61E62-80F6-4E0B-8364-7EA70B972642}) (Version: 5.1.7735.5399 - Elsinore Technologies, Inc.)
ScreenConnect Client (b8d3df3f4960a7a8) (HKLM-x32\...\{6E255189-44F5-4B4B-9C91-B69A4E3F9669}) (Version: 5.3.9117.5654 - Elsinore Technologies, Inc.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{24AFF627-04A0-4C50-8112-35188EA937C4}) (Version: 4.8.123 - Echostar)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spotify (HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WebClient (HKLM-x32\...\WebClient) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Server 2012 Essentials Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.2.9805.6 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Wireshark 1.12.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, http://www.wireshark.org)
WOL Magic Packet Sender (HKLM-x32\...\{E268ADBD-A002-4684-AEDF-EA0F83F7E00B}) (Version: 1.5.0 - Zwalisoft)
Woopra 1.4 (HKLM-x32\...\7620-0758-4357-2556) (Version: 1.4 - iFusion Labs, LLC)
Wootalyzer! (HKLM-x32\...\Wootalyzer) (Version:  - )
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XView (HKLM-x32\...\XView) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-08-20 10:02 - 00000000 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F0BF9BF-4F03-4D91-9FF6-2F3A1F05A2BC} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {1CDBB0E7-2376-46B8-9483-22C8AF7FFD18} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {24549B3C-CCB9-4B40-B3E1-94E9BECA812B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {258A25F2-01D2-44C8-B4CA-5EC64D2E249E} - System32\Tasks\Microsoft\Windows\Windows Server\RepaireVpnRoutes => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {3A64470C-C137-4985-94D1-C24A018D8430} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {3F419AA4-7B51-41D8-89B6-2D4C6150E66E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {e1871cd2-1061-40c5-b662-621096394758} BRANDON-NB.HELMUTHREPAIR.local => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {4D2FEF84-907E-4EF2-A21A-A0D4147B015D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {56F47C2A-8514-4EC2-9ACF-DB2ECBBE0B64} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {5BF852B7-836B-4E82-935B-1CDCDD29D5DB} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {62C8F7C9-47FE-44B9-8552-3AE611CF717F} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {63EB54F6-9CBB-4D33-8281-6AAC15ECF06A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001Core => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {6D9E02A7-0366-469F-94D4-3F786918260A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {6F98D72F-9492-4414-A0A5-B01E0C301E27} - System32\Tasks\Microsoft\Windows\Windows Server\ConfigureRDPGroup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {72466A73-01B4-4BB6-A23E-39AFC764F316} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {73C2349E-7C58-4B9F-BBCF-FCE56C3FFA40} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {7E1009B7-ED63-4ACB-BC96-F91A171E079D} - System32\Tasks\PartSmartUpdateManager => C:\Program Files (x86)\Ari\PartSmartUpdate\Ari.PartSmart.Update.Launcher.exe [2011-12-06] ()
Task: {7E6B2A08-CB33-40D3-9C74-338F19327093} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {8373EC19-F511-4967-A1BF-68602F70DC85} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {9527DE57-81CC-4493-A0DB-1B292E0CD3C6} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {97B28037-76C5-4365-ADB1-E42F5364D653} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {9AF0083B-C34D-4EF0-96DD-E3FC6A490913} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {9DAA4E9B-6839-4244-80E7-247CB33E82C0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {AAC129AA-7278-4E26-8E31-769E6EB7C9FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {AAF668A4-FD55-452A-BA99-58A7CF37EEF0} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {B12014CE-F708-43FE-A5A9-8C9A160C6779} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HELMUTHREPAIR-Brandon BRANDON-NB.HELMUTHREPAIR.local => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {B5D6DE01-B904-403D-BCC6-2C8E804EC24C} - System32\Tasks\Restart Setpoint => C:\restartsetpoint.cmd [2012-07-02] ()
Task: {DA297564-F293-4926-B1F4-DD3897BBD64A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {E0D2FC1C-954D-4874-A4CE-5662A1DCA690} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116UA => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {E133381E-EC5A-4935-A002-0776E8DCFC52} - System32\Tasks\Amazon Music Helper => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-12-08] ()
Task: {E36C355E-297B-4DCF-B2B5-C39D34A8A204} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {E3DA43CF-A315-448D-A573-15FC8682253F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {FD050A26-6C76-4D1B-AF7C-4C8A2B153947} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001UA => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {FDBFB4E0-C0FD-42E7-8C3F-A3F30305787F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core.job => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116Core1d0d9bbfde60487.job => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1780583937-3275181368-4168154308-1116UA.job => C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001Core.job => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468594284-1836703460-1844533713-1001UA.job => C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PartSmartUpdateManager.job => C:\Program Files (x86)\Ari\PartSmartUpdate\Ari.PartSmart.Update.Launcher.exeO-Task C:\Program Files (x86)\Ari\PartSmartUpdate\Ari.PartSmart.Update.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-03-09 12:00 - 2015-05-27 23:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-14 11:23 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2012-06-14 12:24 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-19 08:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-18 11:02 - 2012-07-18 11:02 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-07-07 08:16 - 2015-07-07 08:16 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2008-08-18 16:57 - 2008-08-18 16:57 - 00455968 _____ () C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe
2015-03-16 08:20 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-09-05 16:21 - 2013-09-05 16:21 - 00012520 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-09-05 16:21 - 2013-09-05 16:21 - 00015080 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-09-05 16:21 - 2013-09-05 16:21 - 00014056 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2015-01-14 16:52 - 2014-12-08 01:27 - 06277952 _____ () C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-02-23 10:37 - 2011-08-08 04:18 - 05285680 _____ () C:\Program Files (x86)\Macro Scheduler 12\msched.exe
2007-09-05 12:15 - 2007-09-05 12:15 - 00230688 _____ () C:\Program Files (x86)\Pervasive\bin\W3COMSRV.DLL
2013-10-22 08:17 - 2015-05-28 02:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-14 08:09 - 2015-05-22 20:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-06-14 11:32 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-06-14 11:32 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2011-08-17 18:37 - 2011-08-17 18:37 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2015-03-16 08:20 - 2015-01-27 09:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-06-18 15:08 - 2013-06-18 15:08 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2011-06-10 13:49 - 2011-06-10 13:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-08-18 08:50 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-18 08:50 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-18 08:50 - 2015-08-07 19:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
2014-11-17 09:23 - 2014-11-17 09:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-06-29 08:43 - 2015-06-29 08:43 - 03989224 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2015-05-06 08:19 - 2015-05-06 08:19 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2015-05-19 08:21 - 2015-06-16 09:08 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-05-19 08:21 - 2015-03-24 03:37 - 00125088 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\OUTLCTL.DLL
2015-07-01 17:35 - 2015-07-01 17:35 - 00074248 _____ () C:\Program Files (x86)\Evernote\Evernote\Microsoft.DwayneNeed.Win32.dll
2015-03-16 08:20 - 2015-01-27 09:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2014-08-07 14:00 - 2015-07-22 08:20 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-11-17 09:23 - 2014-11-17 09:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
AlternateDataStreams: C:\Users\Brandon\Documents\boot:$WIMMOUNTDATA
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (b8d3df3f4960a7a8) => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\honda.com -> hxxps://www.in.honda.com
IE trusted site: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\...\sandhills.com -> hxxps://dscrm.sandhills.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Control Panel\Desktop\\Wallpaper -> C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.119 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk => C:\Windows\pss\Conversion to PDF with ScanSnap Organizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dual Monitor.lnk => C:\Windows\pss\Dual Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanSnap Manager.lnk => C:\Windows\pss\ScanSnap Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Brandon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Copy => "C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3C9F4HT005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: MusicManager => "C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PCShowServer => "C:\Users\brandon.HELMUTHREPAIR\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RkiwrtkS => C:\Program Files (x86)\PFU\Raku2Smart\RKiwrtKS.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: ScanSnap OnlineUpdate Watcher => "C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" -StartOS
MSCONFIG\startupreg: ScanSnap WIA Service Checker => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{195329F7-49B7-47FA-BF4D-5FC738502C34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{07A99DB6-FEB6-432B-8B6A-F700E24B99BC}] => (Allow) LPort=2869
FirewallRules: [{F1C3E909-19A2-4A13-9284-721D2B7BC942}] => (Allow) LPort=1900
FirewallRules: [{BF0F0FA6-8F7E-48A5-B40A-3F1AD3E9A295}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9311E0C9-43C4-48F1-BFA3-46CC37CA7E24}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2C5144D8-8320-40E1-91BB-BD18A1D41D91}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A613AA9D-A3A2-4BAD-B798-2637BFF62E0A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{48EC04EB-6421-4138-A249-466A7B362CE9}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{26F02F03-0A71-48BD-BEFD-A185FE96D6ED}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{FC8017F3-A55A-4178-ADB7-68DCBF0E250B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{11F85D4F-2DCB-4341-B844-EE45DBDB67F4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AC3D3DF4-B055-4251-99E7-111C31004499}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{842EFC95-3C2A-4824-B4B7-6BF30F83209A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59949B1F-CDF5-42BB-ABE3-C1F43D17BFB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC92D8AE-481A-4752-8BAA-0981871DEE41}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{331DEBBE-28C9-40E6-971C-9FF50A18BF0D}] => (Allow) C:\Windows\system32\DKabcoms.exe
FirewallRules: [{92D72A93-4ECD-481C-8C45-75CBCF0A56D0}] => (Allow) C:\Windows\system32\lxeacoms.exe
FirewallRules: [{71E88986-4B39-4947-BF6D-B71A9D602FDB}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{9629A04E-E2C3-4A31-8BA2-FCD7301002E3}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{3F1F2F76-1C19-44B4-A850-7BF62E236E4B}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{A56A03D7-930F-42CC-8535-786A9109B19F}] => (Allow) C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe
FirewallRules: [{9CC024F7-76F1-4E7A-BD67-9E204CF58F64}] => (Allow) C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe
FirewallRules: [{9700B484-D483-4A65-907E-CDB1E1C85D0A}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{CF0D045B-FC5A-4DE7-B09B-BDE60368959C}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{F3EF6F47-6D89-43B4-AE0F-E37137035881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{34FEEC39-1958-4AE1-9E2E-96FFC3CBBCFE}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{2A535EEB-CF64-4F9C-A3B3-7DD70CE14D17}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{9EFA4A5C-C5E6-49FC-9D8E-B5146E10C939}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{47F76F6D-41AE-4328-999D-A776F3E281F7}] => (Allow) C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{57DF446D-6011-460E-AB75-7120AE81827E}] => (Allow) C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{7F61D9C8-C784-42E7-B0F7-131ABD442975}C:\program files (x86)\woopra\woopra.exe] => (Allow) C:\program files (x86)\woopra\woopra.exe
FirewallRules: [UDP Query User{3BCD47F7-EFD8-4C17-A815-225025ED04DB}C:\program files (x86)\woopra\woopra.exe] => (Allow) C:\program files (x86)\woopra\woopra.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{9E8DC3CB-7190-4F46-9062-E48A452D35FD}] => (Allow) C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{2F5184FB-0E93-4C67-9AE0-52B4E22E2E4D}] => (Allow) C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{AC06197A-A407-4D01-84B1-569EB49FB60B}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{26306A88-9309-4C26-AD2D-F799E8F3FA3B}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{4EE0F9E4-DD98-4527-8D02-3C3995D5910B}C:\program files (x86)\wol magic packet sender\wakeonlan.exe] => (Allow) C:\program files (x86)\wol magic packet sender\wakeonlan.exe
FirewallRules: [UDP Query User{83E3E23F-07C2-4E18-B3D1-7E4DE387D9B7}C:\program files (x86)\wol magic packet sender\wakeonlan.exe] => (Allow) C:\program files (x86)\wol magic packet sender\wakeonlan.exe
FirewallRules: [TCP Query User{9FFF8DC1-65B9-4F3F-8993-B0CD2142AB7B}C:\users\brandon\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brandon\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{68F1A4C6-2776-423B-BD91-F417997DCFB5}C:\users\brandon\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brandon\appdata\local\akamai\netsession_win.exe
FirewallRules: [{21266050-728B-43B8-B6E3-B3E28049D48D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{894F422B-27C4-45C9-8C66-53A96EAFE0CF}I:\age of empires ii\age2_x1.exe] => (Allow) I:\age of empires ii\age2_x1.exe
FirewallRules: [UDP Query User{8E77BDFE-C6F7-4C51-8EC6-68C989F91EA8}I:\age of empires ii\age2_x1.exe] => (Allow) I:\age of empires ii\age2_x1.exe
FirewallRules: [{D21BEC48-44BB-46CE-A5FC-FC79E1159758}] => (Block) I:\age of empires ii\age2_x1.exe
FirewallRules: [{A2AF6A50-A939-464F-8120-631BF3DDEC50}] => (Block) I:\age of empires ii\age2_x1.exe
FirewallRules: [TCP Query User{B884DF61-A730-4E60-BEF6-FC5AF141A3B5}C:\age of empires ii\age2_x1.exe] => (Allow) C:\age of empires ii\age2_x1.exe
FirewallRules: [UDP Query User{175D937E-0197-420E-AA2B-DDE5EAACBB48}C:\age of empires ii\age2_x1.exe] => (Allow) C:\age of empires ii\age2_x1.exe
FirewallRules: [{EC6BEF01-CE56-463F-864A-EBDECC18C2E1}] => (Block) C:\age of empires ii\age2_x1.exe
FirewallRules: [{2AFC159F-C684-4C3B-A31D-EC2335DDD7C7}] => (Block) C:\age of empires ii\age2_x1.exe
FirewallRules: [TCP Query User{E8311C96-2C70-4B14-B5FF-1B3E9285031C}\\systemax\c\age of empires ii\age2_x1.exe] => (Allow) \\systemax\c\age of empires ii\age2_x1.exe
FirewallRules: [UDP Query User{9F9B476C-721D-4604-BB63-D7DB5783B495}\\systemax\c\age of empires ii\age2_x1.exe] => (Allow) \\systemax\c\age of empires ii\age2_x1.exe
FirewallRules: [{405D385B-8E61-4305-9613-AB6E452A2A4D}] => (Block) \\systemax\c\age of empires ii\age2_x1.exe
FirewallRules: [{59AC9B70-03AE-4370-8854-55E8B66C8454}] => (Block) \\systemax\c\age of empires ii\age2_x1.exe
FirewallRules: [{B1179AFC-CCC1-46EF-9788-7A9D9BEED645}] => (Allow) C:\Program Files (x86)\SiteKiosk\SiteKiosk.exe
inbound traffic for TCP protocol from remote machines located within your network as well as 
from the Internet (i.e from outside of your Edge device like Firewall or NAT)|EmbedCtxt=SiteRemote Client|Edge=TRUE|Defer=App|
FirewallRules: [{1E1E2A88-2F44-4362-8F59-588D5910B1E9}] => (Allow) C:\Program Files (x86)\SiteKiosk\SiteKiosk.exe
inbound traffic for UDP protocol from remote machines located within your network as well as 
from the Internet (i.e from outside of your Edge device like Firewall or NAT)|EmbedCtxt=SiteRemote Client|Edge=TRUE|Defer=App|
FirewallRules: [{14419742-E6DD-4657-8D14-26B148B411B9}] => (Allow) C:\Program Files (x86)\SiteKiosk\SiteCaster\SiteCaster.exe
inbound traffic for TCP protocol from remote machines located within your network as well as 
from the Internet (i.e from outside of your Edge device like Firewall or NAT)|EmbedCtxt=SiteRemote Client|Edge=TRUE|Defer=App|
FirewallRules: [{7A6F024E-C6E5-42CF-A35D-EFD92FDD27F6}] => (Allow) C:\Program Files (x86)\SiteKiosk\SiteCaster\SiteCaster.exe
inbound traffic for UDP protocol from remote machines located within your network as well as 
from the Internet (i.e from outside of your Edge device like Firewall or NAT)|EmbedCtxt=SiteRemote Client|Edge=TRUE|Defer=App|
FirewallRules: [TCP Query User{8CB40296-21AA-4F5A-AB84-6E01A651A934}C:\users\brandon\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brandon\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3E3265BF-02F8-4FFA-A6E1-875F39453AED}C:\users\brandon\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brandon\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{98D2FDFD-D96A-4422-922A-5570A88AD70B}C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe
FirewallRules: [UDP Query User{82E6EE91-B884-4C8D-9A84-3B36CF8F0064}C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe
FirewallRules: [{F06E4B93-6CB7-43D9-8608-A6F5D29E8503}] => (Block) C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe
FirewallRules: [{1E88AC2A-7894-49D5-827A-3AED289C2D05}] => (Block) C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe
FirewallRules: [{FB26FABA-AE40-4213-8BC8-57F44015AF54}] => (Allow) C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{477C4BB6-B820-4609-9108-83E2D2DE752D}] => (Allow) C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{18E6D3C8-A54F-4159-A6F1-2809251DFF2C}] => (Allow) C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{AE930E33-47B5-4DFC-9D52-F7170E2B44F6}] => (Allow) C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{D67FD11D-387E-4847-9C7A-3DA8302E5955}] => (Allow) C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{308C45C4-8367-49F0-BE25-B76F22A96577}] => (Allow) C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{39D2EBE4-6056-49D1-9E19-51FB94CABC7D}C:\program files (x86)\pervasive\bin\w3dbsmgr.exe] => (Allow) C:\program files (x86)\pervasive\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{D056E81F-3D45-4356-86C0-537D86053207}C:\program files (x86)\pervasive\bin\w3dbsmgr.exe] => (Allow) C:\program files (x86)\pervasive\bin\w3dbsmgr.exe
FirewallRules: [{D5993B99-148B-472F-AF1D-059CF2C79561}] => (Allow) C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe
FirewallRules: [{D010A735-050A-472B-8B8B-509652159863}] => (Allow) C:\Program Files (x86)\Pervasive\bin\w3dbsmgr.exe
FirewallRules: [TCP Query User{EA9A739B-74D0-44B2-B3FC-E383866BD879}C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7341C0F5-791E-4DA9-A6BF-EE93680BDCDC}C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe
FirewallRules: [{625562F8-24AF-41F6-A85F-8B4CB869C9CB}] => (Block) C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe
FirewallRules: [{38B82E2E-827D-4E8F-8DBD-45C0FB501338}] => (Block) C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C4A666EE-583B-46E2-B1C6-887F4BB0630E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9E51C8FF-EB86-4DF2-B0F0-31261C18F84E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{F1338C12-9000-46A7-B07C-9552C682B1B9}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{310C0B49-D65F-4B89-A872-512E371AE4C9}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{3582897B-1B4A-4009-BC03-733B0C259FB4}] => (Allow) C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [TCP Query User{B026E7AA-17A7-40FD-B576-E4C1065D08BA}C:\users\brandon.helmuthrepair\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\brandon.helmuthrepair\appdata\roaming\copy\copyagent.exe
FirewallRules: [UDP Query User{8519323E-CEF7-4786-B5E0-4601FC386BB8}C:\users\brandon.helmuthrepair\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\brandon.helmuthrepair\appdata\roaming\copy\copyagent.exe
FirewallRules: [TCP Query User{F0ACC89C-90AB-4BDC-8861-E62427B78911}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{9355A167-5F0B-4555-A090-E63B459EE8AF}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{CDCFCB1F-4513-412C-B93B-35068FC9D624}] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{759D1CAC-B270-4AFF-931C-0B243E93E391}] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{A17DD032-E1A0-4275-BA40-33C0D28FFABE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A6D569C8-E5B8-4711-9160-5895CEE23101}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D4A3D474-D9F5-4A73-A695-7314CF180716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{23174EBE-0FC7-44DF-A25B-55206F0533F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B5D0C87-FABB-444B-B7B2-5AF209F2B2DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CC6B9AAB-25B6-4214-84B5-CF46BC1125B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A7183ECB-B0D9-475C-801B-954E92671CF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D30C358-425F-4B82-9C93-980BFC15F221}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{293BB108-518E-40A9-8A2C-C5B3E46BEE98}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9A08DECE-8D66-42AF-A7FE-8FD9BC61E0EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{820A4D4A-F8B4-4D34-B0F0-8763F830706B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E6E4EB22-93AA-4A04-A3BA-68FDFDE81161}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{71190EC5-D78F-4503-ABA3-8AB03F19FA0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{447234D2-7E0C-48AE-83F5-D3080748D36B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D0BC5F74-81FB-4218-87FD-E165EF8794D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1EA2384A-A3D5-4A61-8073-8B4213AC46F2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7B859D61-9D18-41B6-B94C-DEA01DCA0DEA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4E2AAD40-6E13-4EB9-8677-6BD8F16176D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{28AC1D15-F7C6-4B30-A1A3-B2E713971869}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E8A964A5-7FE1-448F-9768-DE42DA72D9E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BEA53F6D-F451-4880-9DF6-9698BC6EBCBB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{CA7329DF-3716-4FA7-924B-FD41B02D46FF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{924863DB-0B6B-4D68-BAAD-FE915B090CE3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1A99809C-3C7F-4DBA-81EF-93E823E13537}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{A98C7046-E35E-4CF6-B4D6-32301BE3FED9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{198AEB19-A4B4-4142-A720-79B3BBA61A79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{42308358-466C-4E55-B0C1-B356E40FA8A5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{611BDBE0-15EE-47C3-8442-556BD8F35D4F}] => (Allow) C:\Program Files\Dell\Printer Software\pssu.exe
FirewallRules: [{D0A81E1F-160E-483F-A158-47EEFCC63792}] => (Allow) C:\Program Files\Dell\Printer Software\pssu.exe
FirewallRules: [{2FA4D42C-8674-4C8E-8242-95BA406C4E44}] => (Allow) C:\Program Files\Dell\Printer Software\pssu.exe
FirewallRules: [{75836711-96F5-4531-A2A6-713952386DC1}] => (Allow) C:\Program Files\Dell\Printer Software\pssu.exe
FirewallRules: [{0AA1636F-E30D-43CB-8DAE-50FE51AC7B14}] => (Allow) C:\Program Files\Dell\Printer Software\pssu.exe
FirewallRules: [{B827712D-FE16-43CA-BE7B-3B410D11BE4E}] => (Allow) C:\Program Files\Dell\Printer Software\pssu.exe
FirewallRules: [TCP Query User{7D71D942-F374-4647-A77C-2B21F43DDB5D}C:\program files (x86)\pfu\scansnap\driver\pfussmon.exe] => (Allow) C:\program files (x86)\pfu\scansnap\driver\pfussmon.exe
FirewallRules: [UDP Query User{99587A73-640A-43F0-BF27-F66F132C79E3}C:\program files (x86)\pfu\scansnap\driver\pfussmon.exe] => (Allow) C:\program files (x86)\pfu\scansnap\driver\pfussmon.exe
FirewallRules: [{73F955B5-7FD9-4283-8821-B9E6710EAA05}] => (Block) C:\program files (x86)\pfu\scansnap\driver\pfussmon.exe
FirewallRules: [{AA59C7E6-D805-4B28-AA57-D2FE280EC5A4}] => (Block) C:\program files (x86)\pfu\scansnap\driver\pfussmon.exe
FirewallRules: [TCP Query User{23AB128D-5FA0-45B4-B16F-40D0DDDAD38B}C:\program files (x86)\pfu\raku2smart\rk2scantoraku2.exe] => (Allow) C:\program files (x86)\pfu\raku2smart\rk2scantoraku2.exe
FirewallRules: [UDP Query User{39BCD16C-F388-4179-9FB8-4156C0CF0872}C:\program files (x86)\pfu\raku2smart\rk2scantoraku2.exe] => (Allow) C:\program files (x86)\pfu\raku2smart\rk2scantoraku2.exe
FirewallRules: [{5C7CF709-437F-4882-B070-780553F33F98}] => (Block) C:\program files (x86)\pfu\raku2smart\rk2scantoraku2.exe
FirewallRules: [{9929ED1D-148F-48BA-B58A-043C57B8C0F3}] => (Block) C:\program files (x86)\pfu\raku2smart\rk2scantoraku2.exe
FirewallRules: [TCP Query User{C2B9340C-B1B4-4191-BE8E-4F888ED97D5C}C:\program files (x86)\pfu\raku2smart\rk2cabinet.exe] => (Allow) C:\program files (x86)\pfu\raku2smart\rk2cabinet.exe
FirewallRules: [UDP Query User{9B232CE1-27BC-430D-A143-37B757A86557}C:\program files (x86)\pfu\raku2smart\rk2cabinet.exe] => (Allow) C:\program files (x86)\pfu\raku2smart\rk2cabinet.exe
FirewallRules: [{CE6B2826-57B2-4D58-A05C-FDC749359824}] => (Block) C:\program files (x86)\pfu\raku2smart\rk2cabinet.exe
FirewallRules: [{6981C73F-FE52-493D-9DCC-6BDA719AE692}] => (Block) C:\program files (x86)\pfu\raku2smart\rk2cabinet.exe
FirewallRules: [TCP Query User{D9E99625-8C10-48A8-845E-A30847C1435C}C:\program files (x86)\pfu\magicdesktop\scantodesktop.exe] => (Allow) C:\program files (x86)\pfu\magicdesktop\scantodesktop.exe
FirewallRules: [UDP Query User{1D5E4746-B204-47D7-960E-3C6106B8CF8D}C:\program files (x86)\pfu\magicdesktop\scantodesktop.exe] => (Allow) C:\program files (x86)\pfu\magicdesktop\scantodesktop.exe
FirewallRules: [{38AD392A-BE70-4F8E-AB2A-C0BD66776447}] => (Block) C:\program files (x86)\pfu\magicdesktop\scantodesktop.exe
FirewallRules: [{C6346463-C9BA-4856-B021-E81297C1AA6C}] => (Block) C:\program files (x86)\pfu\magicdesktop\scantodesktop.exe
FirewallRules: [TCP Query User{09B1A76F-4901-498D-888F-08D07DE2053A}C:\program files (x86)\pfu\magicdesktop\magicdesktop.exe] => (Allow) C:\program files (x86)\pfu\magicdesktop\magicdesktop.exe
FirewallRules: [UDP Query User{7F19E99B-007D-4796-B616-174E5B56D519}C:\program files (x86)\pfu\magicdesktop\magicdesktop.exe] => (Allow) C:\program files (x86)\pfu\magicdesktop\magicdesktop.exe
FirewallRules: [{DA262C20-82CD-461E-B464-1950FB5D04C6}] => (Block) C:\program files (x86)\pfu\magicdesktop\magicdesktop.exe
FirewallRules: [{AC8D1187-08A9-4D1C-AADE-E7E322E23FFC}] => (Block) C:\program files (x86)\pfu\magicdesktop\magicdesktop.exe
FirewallRules: [TCP Query User{5E47314D-5A2C-4BFF-B135-8542D90880A3}C:\ent\entw.exe] => (Allow) C:\ent\entw.exe
FirewallRules: [UDP Query User{631258D6-CF64-4CBC-BE7F-313F36081B2F}C:\ent\entw.exe] => (Allow) C:\ent\entw.exe
FirewallRules: [{3C1B598E-8896-4D2D-83BF-DAFC904BD7D9}] => (Block) C:\ent\entw.exe
FirewallRules: [{603B2258-4942-4D8A-AC0D-179BA5982284}] => (Block) C:\ent\entw.exe
FirewallRules: [{283C1F76-0877-4D54-8450-30B80C07B11C}] => (Allow) C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{704D4B65-63BF-4DE9-99B5-7CC1FD75494E}] => (Allow) C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{12066B49-BE30-47AF-ADF9-F3D25BA1CE4B}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{4A00791D-6AC0-4DD2-AEB7-C79207A796BE}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{DF7C49A1-FDE5-44E9-A268-1404094C99B6}] => (Block) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{031366E0-CF5D-4749-986F-E8FB1E20DABD}] => (Block) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{1428F106-0005-4654-A4A8-C9E9237CEC10}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{CAEEFE8A-9BF7-434F-B821-7EE138E694BC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{595DE98C-C7D4-4CA0-8905-37106D5CC64B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{01A12CDA-FE4D-4252-B312-D4F824C71189}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{2C8834F8-EE2B-40A2-B49C-2485456D7247}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1401FA0C-52E0-472F-856E-FC57136B3B8E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0C255F1B-BF05-4713-89D9-6AAF696E6133}] => (Allow) C:\Windows\SysWOW64\svctcom.exe
FirewallRules: [{B484D810-8C9F-4368-815D-90F5DE5FEE52}] => (Allow) C:\Windows\SysWOW64\svctcom.exe
FirewallRules: [TCP Query User{8F366142-4128-4F76-AD5A-A01A2940F806}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{EC33FDAB-0B5D-4A08-AF53-F7260CFACE35}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{AADA6305-1BB4-42A4-8FC9-4654FE29783E}] => (Block) C:\programdata\sling\sling.exe
FirewallRules: [{3782D525-5E6A-47A1-850C-2148EDFADE7F}] => (Block) C:\programdata\sling\sling.exe
FirewallRules: [{B1300E29-AE5D-436C-BF42-B27508A22020}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{84D78629-3C34-4DF6-B2E9-4234B50C2B0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{26D85B4E-E90C-44A1-B429-3E456903BFFD}] => (Allow) C:\Windows\SysWOW64\svctcom.exe
FirewallRules: [{DD05899D-DCB4-4BB2-9515-1B5ADFFFE0D6}] => (Allow) C:\Windows\SysWOW64\svctcom.exe
FirewallRules: [{75793184-CC27-4961-9D59-BD08F921F2BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C7442286-F80B-4458-9D57-B42A2DCEBA84}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{141AECC1-DFB8-44DB-B6F2-AE2A8E12D50A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4E69DCE1-E6AF-4ACA-8324-EE4FB1E62E51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{872B25FC-4F0A-4BA5-A790-FEF57327A83A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BA468A0F-AA28-4722-89AA-3BD421CD0CDD}] => (Allow) C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{3F5343A4-57B5-4159-BF66-B9E8A71D8EDA}] => (Allow) C:\Users\Brandon\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E9312407-0A98-4F4D-BBE9-034847B3A5DE}] => (Allow) LPort=49286
FirewallRules: [{169CEA42-7ADC-4E6F-8FA0-3CAC8C22B3CF}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{2ABFEC60-ED77-44B1-AEF1-128F1CBE421D}C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe
FirewallRules: [UDP Query User{9FB0399A-DF6E-4725-B6BC-E5873A216E2F}C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.2\bin\packettracer5.exe
FirewallRules: [{7A5AEB6A-E3AC-4B38-81BA-F4ADC2914DB6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6348159D-834A-47B0-9D97-C6E2B129C28C}C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{180D70FD-23B1-4B58-B09B-B024CC43DB50}C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brandon.helmuthrepair\appdata\local\akamai\netsession_win.exe
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/20/2015 12:39:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1dc0
 
Start Time: 01d0db6f24ea48f1
 
Termination Time: 19
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (08/20/2015 12:39:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 25b0
 
Start Time: 01d0db6f0cbdc4f8
 
Termination Time: 20
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (08/20/2015 11:22:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Faulting module name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Exception code: 0xc0000005
Fault offset: 0x000000000002d802
Faulting process id: 0x59c
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (08/20/2015 09:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Faulting module name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Exception code: 0xc0000005
Fault offset: 0x000000000002d802
Faulting process id: 0x598
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (08/20/2015 09:23:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Sling.exe, version: 0.0.0.0, time stamp: 0x5568d253
Faulting module name: npMoveMediaPlayer.dll, version: 8.26.0.65, time stamp: 0x5568c5ad
Exception code: 0xc0000005
Fault offset: 0x000dbb77
Faulting process id: 0x2254
Faulting application start time: 0xSling.exe0
Faulting application path: Sling.exe1
Faulting module path: Sling.exe2
Report Id: Sling.exe3
 
Error: (08/20/2015 09:12:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Faulting module name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Exception code: 0xc0000005
Fault offset: 0x000000000002d802
Faulting process id: 0x594
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (08/20/2015 08:08:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Faulting module name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Exception code: 0xc0000005
Fault offset: 0x000000000002d802
Faulting process id: 0x5cc
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (08/20/2015 08:07:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/19/2015 08:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Faulting module name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Exception code: 0xc0000005
Fault offset: 0x000000000002d802
Faulting process id: 0x5cc
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (08/19/2015 03:16:29 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (08/20/2015 11:22:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AFBAgent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/20/2015 11:21:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (08/20/2015 11:21:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
 
Error: (08/20/2015 10:50:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (08/20/2015 10:06:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\RAIHV.dll
Error Code: 21
 
Error: (08/20/2015 10:06:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/20/2015 10:06:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/20/2015 10:06:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/20/2015 10:06:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/20/2015 10:06:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (08/20/2015 12:39:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.174571dc001d0db6f24ea48f119C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (08/20/2015 12:39:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1745725b001d0db6f0cbdc4f820C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (08/20/2015 11:22:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FBAgent.exe1.0.10.04d6f576cFBAgent.exe1.0.10.04d6f576cc0000005000000000002d80259c01d0db643fb92914C:\Windows\system32\FBAgent.exeC:\Windows\system32\FBAgent.exe9cc42359-4757-11e5-975f-c8600032e273
 
Error: (08/20/2015 09:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FBAgent.exe1.0.10.04d6f576cFBAgent.exe1.0.10.04d6f576cc0000005000000000002d80259801d0db565ba9a8c4C:\Windows\system32\FBAgent.exeC:\Windows\system32\FBAgent.exec3188f4d-4749-11e5-b7fe-c8600032e273
 
Error: (08/20/2015 09:23:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sling.exe0.0.0.05568d253npMoveMediaPlayer.dll8.26.0.655568c5adc0000005000dbb77225401d0db52fabfd5f1C:\ProgramData\Sling\Sling.exeC:\ProgramData\Sling\npMoveMediaPlayer.dll0e6a8b31-4747-11e5-a66d-c8600032e273
 
Error: (08/20/2015 09:12:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FBAgent.exe1.0.10.04d6f576cFBAgent.exe1.0.10.04d6f576cc0000005000000000002d80259401d0db51b53a5101C:\Windows\system32\FBAgent.exeC:\Windows\system32\FBAgent.exe6e5128bc-4745-11e5-a66d-c8600032e273
 
Error: (08/20/2015 08:08:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FBAgent.exe1.0.10.04d6f576cFBAgent.exe1.0.10.04d6f576cc0000005000000000002d8025cc01d0db493559f698C:\Windows\system32\FBAgent.exeC:\Windows\system32\FBAgent.exe95dc9e91-473c-11e5-bdb0-c8600032e273
 
Error: (08/20/2015 08:07:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/19/2015 08:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FBAgent.exe1.0.10.04d6f576cFBAgent.exe1.0.10.04d6f576cc0000005000000000002d8025cc01d0da575335f86cC:\Windows\system32\FBAgent.exeC:\Windows\system32\FBAgent.exe12cd9ea9-4679-11e5-af25-c8600032e273
 
Error: (08/19/2015 03:16:29 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
CodeIntegrity:
===================================
  Date: 2015-08-20 10:33:48.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\brandon.HELMUTHREPAIR\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:33:48.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\brandon.HELMUTHREPAIR\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:33:48.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\brandon.HELMUTHREPAIR\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:33:02.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\brandon.HELMUTHREPAIR\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:33:02.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\brandon.HELMUTHREPAIR\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:33:01.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\brandon.HELMUTHREPAIR\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:27:56.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Brandon\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:27:56.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Brandon\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:27:55.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Brandon\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-20 10:26:32.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Brandon\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 8098.14 MB
Available physical RAM: 1320.43 MB
Total Virtual: 16194.49 MB
Available Virtual: 9061.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:238.37 GB) (Free:40.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
Drive e: (DATA) (Fixed) (Total:698.63 GB) (Free:575.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E3102A4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CB72FF3E)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=42)
 
==================== End of log ============================


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 20 August 2015 - 07:15 PM

Ok. Great. Let's get to work!

You have BitTorrent installed.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

They are a security risk which can make your computer susceptible to a very wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious flash ads and even hidden exploits that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall BitTorrent.


If you choose to remove the program, you can do so via Start; Control Panel; Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which is commonly delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information stored on your computer.

In addition it has recently been reported that P2P downloads are often tracked resulting in your IP address being identified by copyright companies and released to law authorities.

At the very least please understand the concept of file sharing. You are opening your computer connection to the download of 'data' from hundreds of strangers! That is simply a recipe for DISASTER!!

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

<<<<<<<<<<

Please do this....

FRST fix:
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Extension: No Name - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\extensions\{55dce8ba-9dec-4013-937e-adbf9317d990}.xpi [not found]
CHR Extension: (No Name) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2015-08-20]
C:\Users\brandon.HELMUTHREPAIR\Network_Meter_Data.js
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /s
Task: {62C8F7C9-47FE-44B9-8552-3AE611CF717F} - \Super Optimizer Schedule -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Classes\exefile: "%1" %* <===== ATTENTION
C:\Program Files (x86)\Optimizer Pro
CMD: type C:\Combofix.txt
CMD: type C:\Users\brandon.HELMUTHREPAIR\Desktop\HitmanPro_20150818_1354.log
CMD: type C:\AdwCleaner[C1].txt
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: bitsadmin /reset /allusers
EmptyTemp:
RemoveProxy:
end
  • Save the file to your desktop and name it as fixlist.txt
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
Please copy and paste the log in your next reply.

<<<<<<<<<<

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here
  • When the download appears, save to the Desktop.
  • On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.)
  • Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
  • Now...
  • Close any open Browsers.
  • Click the Run script button, and wait. It takes a few minutes to run all the script.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed, the log is opened after the reboot.
Please attach the zoek-results.log in your reply.

<<<<<<<<<<
  • Please review this information to understand what resetting Firefox will do
  • Click on the Menu button (3 horizontal bars in the top right corner of window)
  • Click the Help button (question mark - ?)
  • Click Troubleshooting Information
  • Click Reset Firefox then
  • Confirm the Reset
  • Firefox will close
  • Click Finish on the information window and Firefox will restart
Next...
  • Launch Internet Explorer
  • Select Tools, Internet Options, and then the General tab
  • Under Browsing history check only the following

Preserve Favorites website data
Temporary Internet files and website files
Cookies and website data
History

  • Click Delete...
  • Click the Advanced tab
  • Under Reset Internet Explorer settings Click Reset...
  • On the warning page click Reset again
  • Click Close, then OK
  • Restart Internet Explorer
<<<<<<<<<<

In the next steps we will remove and re-install Chrome, therefore I advise you to save your bookmarks, since you will lose them during the process. The information for doing this can be found here.


Remove Google Chrome
  • Open the Start menu and click Control Panel.
  • Double-click Add or Remove Programs.
  • Select the following program:

    Google Chrome

  • Click Remove.
  • When asked if you want to uninstall, place a checkmark next to Also delete your browsing data and select Uninstall.
  • Reboot your computer.
Re-install Google Chrome, please do the following..
  • Click on the following link: Google Chrome.
  • Read the Terms of Service and select Accept and Install.
  • Save ChromeSetup.exe to your desktop.
  • Go to your desktop and double-click on ChromeSetup.exe.
  • Google Chrome will then install itself.
  • When the process is over, Chrome will open.
<<<<<<<<<<

Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
Copy and paste the contents in your reply

<<<<<<<<<

With your next post please provide:
  • fixlist.txt
  • zeok log
  • JRT log
  • An update about the problems that persist
Kind regards,
thcbytes

Edited by thcbytes, 20 August 2015 - 07:34 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 bhelm22

bhelm22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 21 August 2015 - 09:36 AM

  • fixlist.txt  (pasted)
  • zeok log   Attached File  zoek-results.log   30.45KB   1 downloads
  • JRT log    Attached File  JRT.txt   1.88KB   1 downloads
  • An update about the problems that persist - So far it looks GREAT, tested both Chrome and IE and no signs of the old adware, thanks!
Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Brandon (2015-08-21 08:12:54) Run:2
Running from C:\Users\brandon.HELMUTHREPAIR\Desktop
Loaded Profiles: Brandon (Available Profiles: HRADMSER & Brandon & Brandon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1780583937-3275181368-4168154308-1116 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Extension: No Name - C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\extensions\{55dce8ba-9dec-4013-937e-adbf9317d990}.xpi [not found]
CHR Extension: (No Name) - C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2015-08-20]
C:\Users\brandon.HELMUTHREPAIR\Network_Meter_Data.js
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /s
Task: {62C8F7C9-47FE-44B9-8552-3AE611CF717F} - \Super Optimizer Schedule -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Classes\exefile: "%1" %* <===== ATTENTION
C:\Program Files (x86)\Optimizer Pro
CMD: type C:\Combofix.txt
CMD: type C:\Users\brandon.HELMUTHREPAIR\Desktop\HitmanPro_20150818_1354.log
CMD: type C:\AdwCleaner[C1].txt
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: bitsadmin /reset /allusers
EmptyTemp:
RemoveProxy:
end
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
C:\Users\brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\extensions\{55dce8ba-9dec-4013-937e-adbf9317d990}.xpi => path removed successfullyC:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd => moved successfully
C:\Users\brandon.HELMUTHREPAIR\Network_Meter_Data.js => moved successfully
"HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found. 
 
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /s =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62C8F7C9-47FE-44B9-8552-3AE611CF717F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C8F7C9-47FE-44B9-8552-3AE611CF717F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
C:\ProgramData\Temp => ":4FC01C57" ADS removed successfully.
"HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\Software\Classes\exefile" => key removed successfully
"C:\Program Files (x86)\Optimizer Pro" => File/Folder not found.
 
=========  type C:\Combofix.txt =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
=========  type C:\Users\brandon.HELMUTHREPAIR\Desktop\HitmanPro_20150818_1354.log =========
 
[ c o d e ] 
 
 H i t m a n P r o   3 . 7 . 6 . 2 0 1 
 
 w w w . h i t m a n p r o . c o m 
 
 
 
       C o m p u t e r   n a m e   .   .   .   .   :   B R A N D O N - N B 
 
       W i n d o w s   .   .   .   .   .   .   .   :   6 . 1 . 1 . 7 6 0 1 . X 6 4 / 8 
 
       U s e r   n a m e   .   .   .   .   .   .   :   H E L M U T H R E P A I R \ B r a n d o n 
 
       U A C   .   .   .   .   .   .   .   .   .   :   E n a b l e d 
 
       L i c e n s e   .   .   .   .   .   .   .   :   T r i a l   ( 3 0   d a y s   l e f t ) 
 
 
 
       S c a n   d a t e   .   .   .   .   .   .   :   2 0 1 5 - 0 8 - 1 8   1 3 : 5 0 : 2 7 
 
       S c a n   m o d e   .   .   .   .   .   .   :   N o r m a l 
 
       S c a n   d u r a t i o n   .   .   .   .   :   3 m   2 5 s 
 
       D i s k   a c c e s s   m o d e     .   .   :   D i r e c t   d i s k   a c c e s s   ( S R B ) 
 
       C l o u d   .   .   .   .   .   .   .   .   :   I n t e r n e t 
 
       R e b o o t     .   .   .   .   .   .   .   :   N o 
 
 
 
       T h r e a t s   .   .   .   .   .   .   .   :   1 7 
 
       T r a c e s     .   .   .   .   .   .   .   :   1 9 0 
 
 
 
       O b j e c t s   s c a n n e d   .   .   .   :   2 , 9 7 5 , 4 4 1 
 
       F i l e s   s c a n n e d   .   .   .   .   :   1 1 2 , 4 0 5 
 
       R e m n a n t s   s c a n n e d     .   .   :   7 7 2 , 8 0 3   f i l e s   /   2 , 0 9 0 , 2 3 3   k e y s 
 
 
 
 M a l w a r e   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 
 
 
       C : \ U s e r s \ b r a n d o n . H E L M U T H R E P A I R \ C o p y \ B r a n d o n \ D 7 \ 3 r d   P a r t y   T o o l s \ m a i l p v . e x e 
 
             S i z e   .   .   .   .   .   .   .   :   9 8 , 8 1 6   b y t e s 
 
             A g e     .   .   .   .   .   .   .   :   6 4 0 . 1   d a y s   ( 2 0 1 3 - 1 1 - 1 6   1 0 : 2 7 : 5 9 ) 
 
             E n t r o p y     .   .   .   .   .   :   6 . 3 
 
             S H A - 2 5 6     .   .   .   .   .   :   1 0 F 7 0 3 1 6 8 C C 4 3 F 6 0 B F D 5 4 C 6 9 2 4 2 D 3 D B 6 3 D 2 D 6 0 E 1 1 1 4 D E 7 4 9 5 6 A 2 4 3 9 B 8 A 8 B 3 E D 0 
 
             P r o d u c t     .   .   .   .   .   :   M a i l   P a s s V i e w 
 
             P u b l i s h e r     .   .   .   .   :   N i r S o f t 
 
             D e s c r i p t i o n     .   .   .   :   M a i l   P a s s w o r d   R e c o v e r y 
 
             V e r s i o n     .   .   .   .   .   :   1 . 8 0 
 
             C o p y r i g h t     .   .   .   .   :   C o p y r i g h t   �   2 0 0 3   -   2 0 1 3   N i r   S o f e r 
 
         >   G   D a t a   .   .   .   .   .   .   :   A p p l i c a t i o n . N i r s o f t . D 
 
         >   B i t d e f e n d e r     .   .   .   :   A p p l i c a t i o n . N i r s o f t . D 
 
         >   H i t m a n P r o     .   .   .   .   :   n o t - a - v i r u s : P S W T o o l . W i n 3 2 . M a i l P a s s V i e w . o s 
 
             F u z z y     .   .   .   .   .   .   :   1 0 0 . 0 
 
 
 
       C : \ U s e r s \ b r a n d o n . H E L M U T H R E P A I R \ D o w n l o a d s \ D 7 \ 3 r d   P a r t y   T o o l s \ m a i l p v . e x e 
 
             S i z e   .   .   .   .   .   .   .   :   9 8 , 8 1 6   b y t e s 
 
             A g e     .   .   .   .   .   .   .   :   5 3 9 . 0   d a y s   ( 2 0 1 4 - 0 2 - 2 5   1 2 : 4 0 : 3 8 ) 
 
             E n t r o p y     .   .   .   .   .   :   6 . 3 
 
             S H A - 2 5 6     .   .   .   .   .   :   1 0 F 7 0 3 1 6 8 C C 4 3 F 6 0 B F D 5 4 C 6 9 2 4 2 D 3 D B 6 3 D 2 D 6 0 E 1 1 1 4 D E 7 4 9 5 6 A 2 4 3 9 B 8 A 8 B 3 E D 0 
 
             P r o d u c t     .   .   .   .   .   :   M a i l   P a s s V i e w 
 
             P u b l i s h e r     .   .   .   .   :   N i r S o f t 
 
             D e s c r i p t i o n     .   .   .   :   M a i l   P a s s w o r d   R e c o v e r y 
 
             V e r s i o n     .   .   .   .   .   :   1 . 8 0 
 
             C o p y r i g h t     .   .   .   .   :   C o p y r i g h t   �   2 0 0 3   -   2 0 1 3   N i r   S o f e r 
 
         >   G   D a t a   .   .   .   .   .   .   :   A p p l i c a t i o n . N i r s o f t . D 
 
         >   B i t d e f e n d e r     .   .   .   :   A p p l i c a t i o n . N i r s o f t . D 
 
         >   H i t m a n P r o     .   .   .   .   :   n o t - a - v i r u s : P S W T o o l . W i n 3 2 . M a i l P a s s V i e w . o s 
 
             F u z z y     .   .   .   .   .   .   :   1 0 0 . 0 
 
 
 
 
 
 S u s p i c i o u s   f i l e s   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 
 
 
       C : \ U s e r s \ b r a n d o n . H E L M U T H R E P A I R \ A p p D a t a \ L o c a l \ A m a z o n   M u s i c \ A m a z o n   M u s i c   H e l p e r . e x e 
 
             S i z e   .   .   .   .   .   .   .   :   6 , 2 7 7 , 9 5 2   b y t e s 
 
             A g e     .   .   .   .   .   .   .   :   2 1 5 . 9   d a y s   ( 2 0 1 5 - 0 1 - 1 4   1 6 : 5 2 : 3 1 ) 
 
             E n t r o p y     .   .   .   .   .   :   6 . 6 
 
             S H A - 2 5 6     .   .   .   .   .   :   0 3 D C B 9 8 F 1 7 6 4 8 6 2 A 0 D F C 1 B 3 A 6 C D 3 4 B A 5 8 3 D A 5 1 2 E 8 E 4 5 5 6 E 8 9 1 A 2 2 8 8 3 2 C 0 F 8 D E 1 
 
             R S A   K e y   S i z e   .   .   .   :   2 0 4 8 
 
             P a r e n t   N a m e     .   .   .   :   C : \ W i n d o w s \ e x p l o r e r . e x e 
 
             A u t h e n t i c o d e   .   .   .   :   S e l f - s i g n e d 
 
             R u n n i n g   p r o c e s s e s     :   7 4 0 0 
 
             F u z z y     .   .   .   .   .   .   :   2 4 . 0 
 
                   P r o g r a m   i s   c o d e   s e l f - s i g n e d . 
 
                   T h i s   p r o g r a m   i s   a c t i v e l y   l i s t e n i n g   f o r   i n b o u n d   n e t w o r k   c o n n e c t i o n s . 
 
                   U s e s   t h e   W i n d o w s   R e g i s t r y   t o   r u n   e a c h   t i m e   t h e   u s e r   l o g s   o n . 
 
                   A u t h o r s   n a m e   i s   m i s s i n g   i n   v e r s i o n   i n f o .   T h i s   i s   n o t   c o m m o n   t o   m o s t   p r o g r a m s . 
 
                   V e r s i o n   c o n t r o l   i s   m i s s i n g .   T h i s   f i l e   i s   p r o b a b l y   c r e a t e d   b y   a n   i n d i v i d u a l .   T h i s   i s   n o t   t y p i c a l   f o r   m o s t   p r o g r a m s . 
 
                   P r o g r a m   s t a r t s   a u t o m a t i c a l l y   w i t h o u t   u s e r   i n t e r v e n t i o n . 
 
                   T h e   f i l e   i s   i n   u s e   b y   o n e   o r   m o r e   a c t i v e   p r o c e s s e s . 
 
             S t a r t u p 
 
                   H K U \ S - 1 - 5 - 2 1 - 1 7 8 0 5 8 3 9 3 7 - 3 2 7 5 1 8 1 3 6 8 - 4 1 6 8 1 5 4 3 0 8 - 1 1 1 6 \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n \ A m a z o n   M u s i c 
 
             N e t w o r k   P o r t s 
 
                   1 2 7 . 0 . 0 . 1 : 4 7 5 0
 
 
 
       C : \ U s e r s \ b r a n d o n . H E L M U T H R E P A I R \ A p p D a t a \ L o c a l \ A u t o b a h n \ n e x d e f . e x e 
 
             S i z e   .   .   .   .   .   .   .   :   1 5 , 5 0 0 , 8 0 0   b y t e s 
 
             A g e     .   .   .   .   .   .   .   :   7 4 0 . 0   d a y s   ( 2 0 1 3 - 0 8 - 0 8   1 3 : 3 5 : 0 2 ) 
 
             E n t r o p y     .   .   .   .   .   :   6 . 5 
 
             S H A - 2 5 6     .   .   .   .   .   :   5 D D 9 B D D 6 D 0 7 B 7 A 0 5 A 5 3 1 5 C 1 C B 3 7 9 4 C 8 9 4 F 7 4 F 1 A 1 C 4 2 6 F C 0 B 8 5 A 8 E 0 6 6 6 8 5 2 D 4 B B 
 
             P a r e n t   N a m e     .   .   .   :   C : \ W i n d o w s \ e x p l o r e r . e x e 
 
             R u n n i n g   p r o c e s s e s     :   8 4 2 8 
 
             F u z z y     .   .   .   .   .   .   :   2 2 . 0 
 
                   U s e s   t h e   S t a r t u p   f o l d e r   i n   t h e   S t a r t   M e n u   t o   r u n   e a c h   t i m e   t h e   u s e r   l o g s   o n . 
 
                   T h i s   p r o g r a m   i s   a c t i v e l y   l i s t e n i n g   f o r   i n b o u n d   n e t w o r k   c o n n e c t i o n s . 
 
                   P r o g r a m   i s   r u n n i n g   b u t   c u r r e n t l y   e x p o s e s   n o   h u m a n - c o m p u t e r   i n t e r f a c e   ( G U I ) . 
 
                   A u t h o r s   n a m e   i s   m i s s i n g   i n   v e r s i o n   i n f o .   T h i s   i s   n o t   c o m m o n   t o   m o s t   p r o g r a m s . 
 
                   V e r s i o n   c o n t r o l   i s   m i s s i n g .   T h i s   f i l e   i s   p r o b a b l y   c r e a t e d   b y   a n   i n d i v i d u a l .   T h i s   i s   n o t   t y p i c a l   f o r   m o s t   p r o g r a m s . 
 
                   P r o g r a m   s t a r t s   a u t o m a t i c a l l y   w i t h o u t   u s e r   i n t e r v e n t i o n . 
 
                   T h e   f i l e   i s   i n   u s e   b y   o n e   o r   m o r e   a c t i v e   p r o c e s s e s . 
 
             S t a r t u p 
 
                   C : \ U s e r s \ b r a n d o n . H E L M U T H R E P A I R \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ S t a r t u p \ N e x D e f   P l u g - i n . l n k 
 
                   C : \ U s e r s \ B r a n d o n \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ S t a r t u p \ N e x D e f   P l u g - i n . l n k 
 
             R e f e r e n c e s 
 
                   C : \ U s e r s \ b r a n d o n . H E L M U T H R E P A I R \ A p p D a t a \ L o c a l \ A u t o b a h n \ L a u n c h   N e x D e f   P l u g - i n . l n k 
 
                   C : \ U s e r s \ B r a n d o n \ A p p D a t a \ L o c a l \ A u t o b a h n \ L a u n c h   N e x D e f   P l u g - i n . l n k 
 
             N e t w o r k   P o r t s 
 
                   1 2 7 . 0 . 0 . 1 : 1 9 3 5
 
                   1 2 7 . 0 . 0 . 1 : 8 0 0 1
 
 
 
 
 
 P o t e n t i a l   U n w a n t e d   P r o g r a m s   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
 
 
 
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ A p n S t u b _ R A S A P I 3 2 \   ( A s k B a r ) 
 
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ A p n S t u b _ R A S M A N C S \   ( A s k B a r ) 
 
       H K L M \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ { 1 2 D A 0 E 6 F - 5 5 4 3 - 4 4 0 C - B A A 2 - 2 8 B F 0 1 0 7 0 A F A } \   ( U n i D e a l s ) 
 
       H K U \ . D E F A U L T \ S o f t w a r e \ A p p D a t a L o w \ { 1 2 D A 0 E 6 F - 5 5 4 3 - 4 4 0 C - B A A 2 - 2 8 B F 0 1 0 7 0 A F A } \   ( U n i D e a l s ) 
 
       H K U \ S - 1 - 5 - 1 8 \ S o f t w a r e \ A p p D a t a L o w \ { 1 2 D A 0 E 6 F - 5 5 4 3 - 4 4 0 C - B A A 2 - 2 8 B F 0 1 0 7 0 A F A } \   ( U n i D e a l s ) 
 
       H K U \ S - 1 - 5 - 2 1 - 1 7 8 0 5 8 3 9 3 7 - 3 2 7 5 1 8 1 3 6 8 - 4 1 6 8 1 5 4 3 0 8 - 1 1 1 6 \ S o f t w a r e \ A p p D a t a L o w \ { 1 2 D A 0 E 6 F - 5 5 4 3 - 4 4 0 C - B A A 2 - 2 8 B F 0 1 0 7 0 A F A } \   ( U n i D e a l s ) 
 
       H K U \ S - 1 - 5 - 2 1 - 3 4 6 8 5 9 4 2 8 4 - 1 8 3 6 7 0 3 4 6 0 - 1 8 4 4 5 3 3 7 1 3 - 1 0 0 1 \ S o f t w a r e \ S o f t o n i c \   ( S o f t o n i c ) 
 
 
 
 
 
 [ / c o d e ] 
 
 
========= End of CMD: =========
 
 
=========  type C:\AdwCleaner[C1].txt =========
 
# AdwCleaner v5.001 - Logfile created 18/08/2015 at 13:33:30
# Updated 17/08/2015 by Xplode
# Database : 2015-08-18.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Brandon - BRANDON-NB
# Running from : \\HRSERVER\Shared\Brandon\D7 New\3rd Party Tools\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : HealthAlertsSvc
[-] Service Deleted : 4854a7b8
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\ShowMyPCService
[-] Folder Deleted : C:\Program Files (x86)\BinarySense
[-] Folder Deleted : C:\ProgramData\BinarySense
[-] Folder Deleted : C:\Users\BRANDO~1.HEL\AppData\Local\Temp\Deal Keeper
[-] Folder Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[-] Folder Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
[!] Folder Not Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_baohinapilmkigilbbbcccncoljkdpnd_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\brandon.HELMUTHREPAIR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\user.js
[-] File Deleted : C:\Users\Brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\user.js
[-] File Deleted : C:\Users\Brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\user.js
[-] File Deleted : C:\Users\Brandon.HELMUTHREPAIR\AppData\Roaming\Mozilla\Firefox\Profiles\44w8h5ir.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\BinarySense
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner[C1].txt - [17285 bytes] - [18/08/2015 13:33:30]
C:\AdwCleaner[S1].txt - [16538 bytes] - [18/08/2015 13:28:20]
 
########## EOF - C:\AdwCleaner[C1].txt - [17411 bytes] ##########
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Wireless Network Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c42b:4bb7:6c10:94f0%11
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{DE76D62D-9B37-43C1-ACC4-9BB3254789B3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{93279B0B-DDAB-4D40-8D82-08770EB48B33}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{1F8534AE-B80B-480E-9CE7-B374C5CC3715}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Wireless Network Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c42b:4bb7:6c10:94f0%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.84
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{DE76D62D-9B37-43C1-ACC4-9BB3254789B3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{93279B0B-DDAB-4D40-8D82-08770EB48B33}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{1F8534AE-B80B-480E-9CE7-B374C5CC3715}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {2231EC1E-9E7D-486B-A29D-D9D35796168E}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {2231EC1E-9E7D-486B-A29D-D9D35796168E}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1780583937-3275181368-4168154308-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 2.1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 08:13:22 ====


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 21 August 2015 - 08:19 PM

I am glad its running better and the problems have stopped.

Few more things to do please.

Please run MBAM (already installed).

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

<<<<<<<<<<

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • UNCHECK: Remove found threats (I don't want you to remove anything yet!!)
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Copy and paste the logfile in your reply for my review.

Still running well? Any further troubles?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 bhelm22

bhelm22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 22 August 2015 - 12:19 PM

I will post results on Monday, thanks



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 22 August 2015 - 01:01 PM

I appreciate the notification. I will be here. Have a nice weekend. :)
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 bhelm22

bhelm22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 24 August 2015 - 08:10 AM

Still running good - here are the ESET results...

 

Attached File  eset log.txt   10.45KB   1 downloads



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 24 August 2015 - 11:42 AM

How about the MBAM log? Haven't reviewed your ESET log yet.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 bhelm22

bhelm22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 24 August 2015 - 01:38 PM

The MBAM scan came back clean



#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 24 August 2015 - 05:02 PM

Final steps. Let me clean up leftovers, install any needed security updates then remove all the stuff I had you use.

These familiar to you?
 
C:\Users\brandon.HELMUTHREPAIR\Downloads\kon-boot-all
E:\Images\Operating Systems\ubcd511.iso
E:\My Webs\HR\061912

Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
A Notepad document will open on your desktop. Please copy and paste the contents in your reply
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 bhelm22

bhelm22
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 24 August 2015 - 05:38 PM

Yes, those files/folders are familiar to me.
 
 
Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox 16.0.1 Firefox out of Date!  
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

*Hard drive is an SSD



#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 24 August 2015 - 09:23 PM

Well done. :)

I have enjoyed assisting you.

Please perform these security fixes

Update to IE 11
https://www.microsoft.com/en-us/download/internet-explorer-11-for-windows-7-details.aspx

<<<<<<<<<<

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u60-windows-i586.exe or Windows x64: jre-8u60-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u60-windows-i586.exe (or jre-8u60-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
<<<<<<<<<<

Update Firefox
  • Menu (upper right three horizontal lines)
  • Options
  • Advanced
  • Update
  • Choose automatically install updates
  • Close Firefox
  • Reopen Firefox
  • Allow it to update
<<<<<<<<<<

I think your all set.
Do you have any questions?
Is there anything else your concerned about that I can help with?

<<<<<<<<<<

Please take the time to carefully review this info contained below. Its invaluable.

Answers to common security questions - Best Practices

<<<<<<<<<<

FRST fix:
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:
start
CloseProcesses:
EmptyTemp:
CreateRestorePoint:
Reboot:
end
  • Save the file to your desktop and name it as fixlist.txt
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • The computer will reboot
After the reboot move to the next step.

<<<<<<<<<<

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

delfix.jpg
  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.


Kind Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users