Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Frustrating. Pop ups, fake ads, so much annoyance


  • This topic is locked This topic is locked
13 replies to this topic

#1 Pl3as3HelpM3

Pl3as3HelpM3

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 04 October 2015 - 10:28 PM

I have infected my computer. Admittedly I was looking for free software and I failed horribly. Is there anyone who would willing to help me get rid of the virus?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 06 October 2015 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 07 October 2015 - 01:47 PM

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/6/2015

Scan Time: 11:13 PM

Logfile: mbam log.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.10.06.06

Rootkit Database: v2015.10.06.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Dustin

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 414788

Time Elapsed: 21 min, 24 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 22

PUP.Optional.Cassiopessa, HKLM\SOFTWARE\CLASSES\APPID\{ef494946-9425-4a5c-b373-74ccd38e8c48}, Quarantined, [b20c381b800bb383cba903fa2cd6ae52], 

PUP.Optional.Cassiopessa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EF494946-9425-4A5C-B373-74CCD38E8C48}, Quarantined, [b20c381b800bb383cba903fa2cd6ae52], 

PUP.Optional.Cassiopessa, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EF494946-9425-4A5C-B373-74CCD38E8C48}, Quarantined, [b20c381b800bb383cba903fa2cd6ae52], 

PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SwiftSearch_1.10.0.25, Quarantined, [893567ec6823122472ff7e4243c23bc5], 

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [f6c8aba8d8b3082ef3ce712cab59d030], 

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Cassiopesa nisa, Delete-on-Reboot, [d1edc88be5a6072f0cb6188549bb51af], 

PUP.Optional.SwiftSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SwiftSearch Auto Updater 1.10.0.25 Core, Delete-on-Reboot, [6c52a2b1dab1d3634276ce17679de61a], 

PUP.Optional.SwiftSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SwiftSearch Auto Updater 1.10.0.25 Pending Update, Delete-on-Reboot, [c7f7460d6427b77f96227174dc287d83], 

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Tny_Cassiopesa, Delete-on-Reboot, [e5d9c2910d7eb77ff4ce425b54b0936d], 

PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, Quarantined, [c1fdafa4ee9d181ebaefdfce63a157a9], 

PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, Quarantined, [b707d0836b20d660ea2f537ea262f40c], 

PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASAPI32, Quarantined, [6856b0a36f1c37ffaa0fa93cc63e4fb1], 

PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SwiftSearchAutoUpdateClient_RASMANCS, Quarantined, [f5c9470c7b109e989b1e0dd84eb6bf41], 

PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gmsd_ca_006010106_is1, Quarantined, [5767e96a63289e98aa038627d232ee12], 

PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [3f7f69ea54370f2731339c381ce80bf5], 

PUP.Optional.Cassiopesa, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\tny_cassiopesa, Quarantined, [4c72aca794f7ab8b0db1e5b8e91b10f0], 

PUP.Optional.Tuto4PC, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\TutoTag, Quarantined, [813d5003b5d61c1a055b1aba3ec6b14f], 

PUP.Optional.GamesDesktop, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\GAMESDESKTOP, Quarantined, [cfef97bcb0dbf442d7d0e8c5659fc040], 

PUP.Optional.Conduit, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [c7f768eb6724f73fc7ffbbe5fb09c23e], 

PUP.Optional.Tuto4PC, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [f9c5e86b5a3164d23d20666ea26222de], 

PUP.Optional.Tuto4PC, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\TUTORIALS\updatetutorialshp, Quarantined, [dfdfe3700b8040f6df7f1bb932d28d73], 

PUP.Optional.Tuto4PC, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\TUTORIALS\updv, Quarantined, [932b4e05a5e64beb74eba1332fd57888], 

 

Registry Values: 11

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto7_15_40&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0Bzz0AzytCyE0ByDyD0DtDtN0D0Tzu0StCtAyBtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0A0FtCtC0A0FtDtGtDtB0AtBtGyE0DtBtAtGzzyB0BtCtGzy0E0DtDyB0FyDtAzytBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtAtA0D0EyEyBtG0C0AtAzztGyE0AzzyEtG0Bzzzz0CtGtD0CtAyE0E0ByByCtBtCtAtC2QtN0A0LzuyE&cr=109369073&ir=, Quarantined, [f6c8aba8d8b3082ef3ce712cab59d030]

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto7_15_40&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0Bzz0AzytCyE0ByDyD0DtDtN0D0Tzu0StCtAyBtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0A0FtCtC0A0FtDtGtDtB0AtBtGyE0DtBtAtGzzyB0BtCtGzy0E0DtDyB0FyDtAzytBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtAtA0D0EyEyBtG0C0AtAzztGyE0AzzyEtG0Bzzzz0CtGtD0CtAyE0E0ByByCtBtCtAtC2QtN0A0LzuyE&cr=109369073&ir=, Quarantined, [76483b185536c76f88397a2355af54ac]

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\Dustin\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [328c98bb3754d06671508716768e8080]

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Cassiopesa, Quarantined, [0ab4ba99acdfd165b40d623bcb39b14f]

PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Cassiopesa, Quarantined, [fec0173ce5a6989e19a87d2011f305fb]

PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, D6FCCC04-7131-451B-A10B-00D66187EA95, Quarantined, [3f7f69ea54370f2731339c381ce80bf5]

PUP.Optional.GamesDesktop, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\GAMESDESKTOP|mj, 15.10.05.0, Quarantined, [cfef97bcb0dbf442d7d0e8c5659fc040]

PUP.Optional.Conduit, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag=D100515-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}, Quarantined, [c7f768eb6724f73fc7ffbbe5fb09c23e]

PUP.Optional.Cassiopesa, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto7_15_40&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0Bzz0AzytCyE0ByDyD0DtDtN0D0Tzu0StCtAyBtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0A0FtCtC0A0FtDtGtDtB0AtBtGyE0DtBtAtGzzyB0BtCtGzy0E0DtDyB0FyDtAzytBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtAtA0D0EyEyBtG0C0AtAzztGyE0AzzyEtG0Bzzzz0CtGtD0CtAyE0E0ByByCtBtCtAtC2QtN0A0LzuyE&cr=109369073&ir=, Quarantined, [75498ac9c5c601350cb3217c6a9ad22e]

PUP.Optional.Cassiopesa, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Cassiopesa, Quarantined, [5e6072e196f58caa823d8815de26a45c]

PUP.Optional.NotChromeRun, HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_630423A32D44FC4C2E9E33C8FADD3193, "C:\Users\Dustin\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session, Quarantined, [d6e821326526c96d85f0704f976d19e7]

 

Registry Data: 1

PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~3\{133BF~1\201~1.9\nisa.dll ØÞ( ÷ , Good: (), Bad: (C:\PROGRA~3\{133BF~1\201~1.9\nisa.dll),Replaced,[299591c21576bf77a0af950254b07888]

 

Folders: 12

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\Download, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\gmsd_ca_006010106, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\gmsd_ca_006010106\1.10, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_ca_006010106, Quarantined, [4579afa475162e08523f35f2ef149967], 

PUP.Optional.GamesDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP, Quarantined, [d9e5a4af95f6ed4942507aad93709070], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update, Quarantined, [28964013563553e3895e8faa2ad960a0], 

 

Files: 55

PUP.Optional.SwiftSearch, C:\WINDOWS\SYSTEM32\drivers\swsedrvr_vw_1_10_0_25.sys, Delete-on-Reboot, [5599862c76e1e889e5da8820e9756e6e], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Uninstall.exe, Quarantined, [893567ec6823122472ff7e4243c23bc5], 

PUP.Optional.Somoto, C:\Users\Dustin\AppData\Local\Temp\nsaF54E.tmp, Quarantined, [8d310251a1ea092da8bb19a753b29c64], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\Sqlite3.dll, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\aowLC, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\coca.txt, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\dExtent, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\extent, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\hdat1, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\hdat2, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Amonetize, C:\ProgramData\{133BFBF8-43B9-2A7E-F23F-5AFC22BD8972}\2.0.1.9\nisa.dll, Quarantined, [299591c21576bf77a0af950254b07888], 

PUP.Optional.Boost, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Quarantined, [e3db0053d5b651e54f434f4b679dec14], 

PUP.Optional.Boost, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Quarantined, [f2ccc2910d7e9c9a3a580d8dff05da26], 

PUP.Optional.Boost, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Quarantined, [9826272c7f0c6fc792011c7ec143c13f], 

PUP.Optional.Boost, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Quarantined, [d9e5e96ad1bae0561182c4d65da7956b], 

PUP.Optional.Cassiopesa, C:\Windows\System32\Tasks\Cassiopesa nisa, Quarantined, [ae107bd813785fd7a4181984c83c7d83], 

PUP.Optional.Cassiopesa, C:\Windows\System32\Tasks\Tny_Cassiopesa, Quarantined, [9d216ee50a811d1967550d9025df1de3], 

PUP.Optional.Cassiopesa, C:\Windows\Tasks\Tny_Cassiopesa.job, Quarantined, [417d74df454677bfa815f7a66a9a01ff], 

PUP.Optional.PricePeep, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [7b43c68dc3c88caa8ea1665edf2559a7], 

PUP.Optional.PricePeep, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [a51977dc781379bd002f08bc729244bc], 

PUP.Optional.ReMarkable, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [fec055fe5e2d2511be93ccfa7094ef11], 

PUP.Optional.ReMarkable, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [625c361d414a3cfa9eb30fb77c887e82], 

PUP.Optional.Vitruvian, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [ba04e46fdfac0630332833a3c93ba55b], 

PUP.Optional.Vitruvian, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [318d2d26c5c6f83edb80bf17bd47c937], 

PUP.Optional.Vitruvian, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [5668262de6a581b50e4dae28798bd52b], 

PUP.Optional.Vitruvian, C:\Users\Dustin\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [b70780d36229f442c497597dd62e52ae], 

PUP.Optional.Cassiopessa, C:\Program Files (x86)\Mozilla Firefox\browser\components\lmn.js, Quarantined, [744ada790d7e3501108acb1aa163738d], 

PUP.Optional.SwiftSearch, C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core, Quarantined, [78462b28c8c3f6405d5909dce32123dd], 

PUP.Optional.SwiftSearch, C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update, Quarantined, [b00e025199f2a78f9e18e6ffbc48a65a], 

PUP.Optional.EoRezo, C:\Users\Dustin\AppData\Local\Temp\setup_gmsd_ca.exe, Quarantined, [cef07fd41d6ed75f38f8f8ee5aaa44bc], 

PUP.Optional.Cassiopesa, C:\Users\Dustin\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [ac12e0735d2e24128dc7677f17ed649c], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\upgmsd_ca_006010106.cyl, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\user_profil.cyp, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\gmsd_ca_006010106\1.10\cnf.cyl, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Users\Dustin\AppData\Local\gmsd_ca_006010106\gmsd_ca_006010106\1.10\eorezo.cyl, Quarantined, [615d2e25c9c283b31b75fb2c2dd69868], 

PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_ca_006010106\gamesdesktop_widget.exe, Quarantined, [4579afa475162e08523f35f2ef149967], 

PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_ca_006010106\unins000.dat, Quarantined, [4579afa475162e08523f35f2ef149967], 

PUP.Optional.GamesDesktop, C:\Program Files (x86)\gmsd_ca_006010106\unins000.exe, Quarantined, [4579afa475162e08523f35f2ef149967], 

PUP.Optional.GamesDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk, Quarantined, [d9e5a4af95f6ed4942507aad93709070], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\terms-of-service.rtf, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\buildcrx-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\nsJSON-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\Nustache-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\3rd Party Licenses\UAC-license.txt, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\Microsoft.Win32.TaskScheduler.dll, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\Nustache.Core.dll, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.SwiftSearch, C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.config, Quarantined, [28964013563553e3895e8faa2ad960a0], 

PUP.Optional.Cassiopesa, C:\Users\Dustin\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.cassiopessa.com/?f=7&a=csp_tuto7_15_40&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0Bzz0AzytCyE0ByDyD0DtDtN0D0Tzu0StCtAyBtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0A0FtCtC0A0FtDtGtDtB0AtBtGyE0DtBtAtGzzyB0BtCtGzy0E0DtDyB0FyDtAzytBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtAtA0D0EyEyBtG0C0AtAzztGyE0AzzyEtG0Bzzzz0CtGtD0CtAyE0E0ByByCtBtCtAtC2QtN0A0LzuyE&cr=109369073&ir=&uref=chmm"]}}), Replaced,[caf4e0738b0084b28abef6d2b154ad53]

PUP.Optional.Cassiopesa, C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.cassiopessa.com/?f=7&a=csp_tuto7_15_40&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0Bzz0AzytCyE0ByDyD0DtDtN0D0Tzu0StCtAyBtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0A0FtCtC0A0FtDtGtDtB0AtBtGyE0DtBtAtGzzyB0BtCtGzy0E0DtDyB0FyDtAzytBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtAtA0D0EyEyBtG0C0AtAzztGyE0AzzyEtG0Bzzzz0CtGtD0CtAyE0E0ByByCtBtCtAtC2QtN0A0LzuyE&cr=109369073&ir="]}}), Replaced,[1ba3aba8f9921c1a7bda9e2a6a9b42be]

PUP.Optional.Conduit, C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\b0clicko.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.bing.com/?pc=COSP&ptag=D100515-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038");), Replaced,[734b371c94f773c38b71fac7b84d28d8]

PUP.Optional.Conduit, C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\b0clicko.default\prefs.js, Good: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (browser.startup.homepage", "http://www.bing.com/?pc=COSP&ptag=D100515-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038), Replaced,[902e0b483655b284693e50780ef7c43c]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

=========================================================

# AdwCleaner v5.011 - Logfile created 07/10/2015 at 14:39:14

# Updated 07/10/2015 by Xplode

# Database : 2015-10-07.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Dustin - DWHEALY

# Running from : D:\Downloads\adwcleaner_5.011.exe

# Option : Scan

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

Key Found : HKU\S-1-5-21-178646866-1240154784-113881889-1001\Software\AppDataLow\Software\adawarebp

 

***** [ Web browsers ] *****

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [712 bytes] ##########

 
================================================================================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Dustin (administrator) on DWHEALY (07-10-2015 14:33:21)
Running from D:\Downloads
Loaded Profiles: Dustin (Available Profiles: Dustin)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Lavasoft Limited) D:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
Failed to access process -> igfxCUIService.exe
() D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(Lavasoft) D:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Run: [Google Update] => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3761424 2014-11-10] (Disc Soft Ltd)
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Run: [Web Companion] => D:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1438480 2015-10-05] (Lavasoft)
AppInit_DLLs-x32: ØÞ(÷ => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0C3FFDE2-4416-4577-BB84-8A7319882DC1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{398DDFBB-E844-462C-B36C-13D187A93DFA}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-178646866-1240154784-113881889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\b0clicko.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @talk.google.com/O1DPlugin -> C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dustin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dustin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
CHR Extension: (Skype Click to Call) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-20] (Emsisoft Ltd)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-24] (ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe [2216208 2014-11-10] (Disc Soft Ltd)
S4 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [684144 2015-05-14] (Pulse Secure, LLC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S4 ININ Tracing 3-0; C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-3-0.exe [49664 2015-05-05] (Interactive Intelligence, Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LavasoftAdAwareService11; D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 LavasoftTcpService; D:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-05] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SearchProtectionService; D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [16656 2015-10-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-04-24] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
R1 BdfNdisf; D:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; D:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29864 2015-10-04] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2015-08-07] (Emsisoft GmbH)
R3 gzflt; D:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R1 ININQoS; C:\Windows\system32\DRIVERS\ininqos.sys [51448 2015-04-06] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RDID1115; C:\Windows\system32\Drivers\rdwm1115.sys [82304 2015-10-06] (Roland Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-24] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 23:10 - 2015-10-07 13:41 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-06 23:10 - 2015-10-06 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-06 23:10 - 2015-10-06 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-06 23:10 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-06 23:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-06 23:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-06 00:52 - 2015-10-06 00:52 - 00698248 _____ (Roland Corporation) C:\WINDOWS\system32\RDDP1115.EXE
2015-10-06 00:52 - 2015-10-06 00:52 - 00637952 _____ C:\WINDOWS\system32\RDCP1115.CPL
2015-10-06 00:52 - 2015-10-06 00:52 - 00082304 _____ (Roland Corporation) C:\WINDOWS\system32\Drivers\Rdwm1115.sys
2015-10-06 00:52 - 2015-10-06 00:52 - 00009216 _____ C:\WINDOWS\system32\RdCi1115.dll
2015-10-06 00:52 - 2015-10-06 00:52 - 00000000 ____D D:\Program Files\RdDrv001
2015-10-06 00:52 - 2015-10-06 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roland
2015-10-05 01:01 - 2015-10-05 01:01 - 00000000 ____D C:\ProgramData\BitDefender
2015-10-05 00:55 - 2015-10-05 00:55 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\LavasoftStatistics
2015-10-05 00:54 - 2015-10-07 14:28 - 00001345 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-10-05 00:54 - 2015-10-05 14:59 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Lavasoft
2015-10-05 00:54 - 2015-10-05 11:26 - 00002960 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-05 00:54 - 2015-10-05 11:26 - 00002960 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-10-05 00:54 - 2015-10-05 00:54 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00000000 ____D D:\Program Files (x86)\Lavasoft
2015-10-05 00:54 - 2015-10-05 00:54 - 00000000 ____D C:\Users\Dustin\AppData\Local\Lavasoft
2015-10-05 00:54 - 2015-10-05 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-10-05 00:54 - 2015-01-06 13:47 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00156936 _____ C:\WINDOWS\system32\bdfwcore.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2015-10-05 00:54 - 2015-01-06 13:37 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2015-10-05 00:53 - 2015-10-05 00:54 - 00000000 ____D C:\ProgramData\Lavasoft
2015-10-05 00:53 - 2015-10-05 00:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-10-05 00:53 - 2015-10-05 00:53 - 00000000 ____D D:\Program Files\Lavasoft
2015-10-05 00:53 - 2015-10-05 00:53 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-10-04 23:54 - 2015-10-07 00:54 - 00000100 _____ C:\Users\Dustin\AppData\Roaming\WB.CFG
2015-10-04 23:36 - 2015-10-04 23:36 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Addictive Drums 2
2015-10-04 23:35 - 2015-10-04 23:35 - 00001274 _____ C:\Users\Dustin\Desktop\Addictive Drums 2.lnk
2015-10-04 23:35 - 2015-10-04 23:35 - 00000000 ____D C:\Users\Dustin\Documents\Addictive Drums 2
2015-10-04 23:35 - 2015-10-04 23:35 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio
2015-10-04 23:33 - 2015-10-04 23:35 - 00000000 ____D C:\ProgramData\XLN Audio
2015-10-04 23:25 - 2015-10-04 23:25 - 00000000 ____D C:\Users\Dustin\Desktop\Addictive Drums 2
2015-10-04 22:57 - 2015-10-04 22:57 - 00002183 _____ C:\Users\Dustin\Desktop\Chromium.lnk
2015-10-04 22:56 - 2015-10-04 22:56 - 00000000 ____D C:\Users\Dustin\AppData\Local\Chromium
2015-10-04 22:54 - 2015-10-04 23:54 - 00000000 ____D C:\Users\Dustin\AppData\Local\{27EF11B3-0347-7D0B-6EDF-58E34AB7A47B}
2015-10-04 22:54 - 2015-10-04 22:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-10-04 22:53 - 2015-10-04 22:53 - 00000000 ____D C:\Users\Dustin\Documents\Native Instruments
2015-10-04 22:53 - 2015-10-04 22:53 - 00000000 ____D C:\Users\Dustin\AppData\Local\Native Instruments
2015-10-04 22:52 - 2015-10-04 22:52 - 00000902 _____ C:\Users\Public\Desktop\Guitar Rig 5.lnk
2015-10-04 22:52 - 2015-10-04 22:52 - 00000000 __HDC C:\ProgramData\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9}
2015-10-04 22:50 - 2015-10-04 22:51 - 00000000 ____D D:\Program Files\Native Instruments
2015-10-04 22:50 - 2015-10-04 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-10-04 22:50 - 2015-10-04 22:50 - 00000940 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2015-10-04 22:50 - 2015-10-04 22:50 - 00000913 _____ C:\Users\Public\Desktop\Service Center.lnk
2015-10-04 22:50 - 2015-10-04 22:50 - 00000000 __HDC C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2015-10-04 22:50 - 2015-10-04 22:50 - 00000000 __HDC C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2015-10-04 22:47 - 2015-10-04 22:50 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\DAEMON Tools Pro
2015-10-04 22:47 - 2015-10-04 22:47 - 00029864 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtscsibus.sys
2015-10-04 22:47 - 2015-10-04 22:47 - 00001951 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2015-10-04 22:47 - 2015-10-04 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2015-10-04 22:39 - 2015-10-04 22:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2015-10-04 21:59 - 2015-10-04 21:59 - 00000016 _____ C:\Users\Dustin\AppData\Roaming\msregsvv.dll
2015-10-04 21:59 - 2015-10-04 21:59 - 00000016 _____ C:\ProgramData\autobk.inc
2015-10-04 21:59 - 2015-10-04 21:59 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\IK Multimedia
2015-10-04 21:58 - 2015-10-04 21:58 - 00001232 _____ C:\Users\Dustin\Desktop\Custom Shop.lnk
2015-10-04 21:57 - 2015-10-04 21:57 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-04 21:57 - 2015-10-04 21:57 - 00001783 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-04 21:57 - 2015-10-04 21:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-10-04 21:57 - 2015-10-04 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-04 21:56 - 2015-10-04 21:56 - 00000000 ____D C:\Users\Dustin\AppData\LocalLow\Apple Computer
2015-10-04 21:54 - 2015-10-04 21:58 - 00000000 ____D C:\Users\Dustin\Documents\IK Multimedia
2015-10-04 21:54 - 2015-10-04 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2015-10-04 21:54 - 2015-10-04 21:54 - 00000000 ____D D:\Program Files\VstPlugIns
2015-10-04 21:54 - 2015-10-04 21:54 - 00000000 ____D C:\Program Files\Common Files\Avid
2015-10-04 21:54 - 2012-08-29 13:23 - 12708016 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_def.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 12474544 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_core.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 09917616 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_intel_thread.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 09410736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4m.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 09210032 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 09078960 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4p.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 09033904 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4m3.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 06944944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_core.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 03868848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_intel_thread.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 00530608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libiomp5md.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 00529072 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\msvcp71.dll
2015-10-04 21:54 - 2012-08-29 13:23 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\msvcr71.dll
2015-10-04 14:08 - 2015-10-04 14:08 - 00000000 ____D C:\ProgramData\Steinberg
2015-10-04 13:49 - 2015-10-04 13:49 - 00098150 _____ C:\ProgramData\1443977107.bdinstall.bin
2015-10-04 12:45 - 2015-10-04 12:45 - 00037669 _____ C:\ProgramData\1443977105.bdinstall.bin
2015-10-03 23:40 - 2015-10-03 23:40 - 00000000 ____D C:\Users\Dustin\Desktop\asdf
2015-10-03 23:32 - 2015-10-03 23:37 - 00000000 ____D C:\Users\Dustin\Desktop\Blues Template
2015-10-03 23:31 - 2015-10-03 23:31 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Trillium Lane
2015-10-03 23:30 - 2015-10-03 23:30 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\PACE Anti-Piracy
2015-10-03 23:30 - 2015-10-03 23:30 - 00000000 ____D C:\Users\Dustin\AppData\Local\PACE Anti-Piracy
2015-10-03 23:30 - 2015-10-03 23:30 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2015-10-03 23:09 - 2015-10-03 23:31 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Avid
2015-10-03 23:09 - 2015-10-03 23:09 - 00001915 _____ C:\Users\Public\Desktop\Pro Tools 10.lnk
2015-10-03 23:09 - 2015-10-03 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2015-10-03 23:03 - 2015-10-03 23:03 - 00000000 ____D D:\Program Files\Avid
2015-10-03 22:57 - 2015-10-03 22:57 - 00002108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2015-10-03 22:57 - 2015-10-03 22:57 - 00002096 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2015-10-03 17:59 - 2015-10-03 17:59 - 00000000 ____D C:\ProgramData\PACE
2015-09-30 16:14 - 2015-09-30 16:14 - 00000149 _____ C:\Users\Dustin\Desktop\worth watching stuff.txt
2015-09-29 15:38 - 2015-09-29 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-13 23:29 - 2015-09-13 23:30 - 00000000 ____D C:\Users\Dustin\Desktop\Phone DCIM
2015-09-11 22:08 - 2015-09-11 22:08 - 00311296 _____ C:\WINDOWS\Minidump\091115-18812-01.dmp
2015-09-10 18:25 - 2015-09-10 18:25 - 00284120 _____ C:\WINDOWS\Minidump\091015-18640-01.dmp
2015-09-09 22:43 - 2015-09-09 22:43 - 00000000 ____D D:\Program Files\Windows Journal
2015-09-09 09:27 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 09:27 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 09:27 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 09:27 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 09:27 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 09:27 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 09:27 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 09:27 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 09:27 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 09:27 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 09:27 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 09:27 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 09:27 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 09:27 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 09:27 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 09:27 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 09:27 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 09:27 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 09:27 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 09:27 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 09:27 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 09:27 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 09:27 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 09:27 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 09:27 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 09:27 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 09:27 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 09:27 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 09:27 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 09:27 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 09:27 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 09:27 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 09:27 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 09:27 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 09:27 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 09:27 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 09:27 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 09:27 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 09:27 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 09:27 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 09:27 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 09:27 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 09:27 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 09:27 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 09:27 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 09:27 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 09:27 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 09:27 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 09:27 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 09:27 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 09:27 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 09:27 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 09:21 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 09:21 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 09:21 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 09:21 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 09:21 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 09:21 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 09:21 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 09:21 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 09:21 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 09:21 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 09:21 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 09:21 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 09:21 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 09:21 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 09:21 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 09:21 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 09:21 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 09:21 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 09:21 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 09:21 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 09:21 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 09:21 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-09 09:21 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 09:21 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 09:21 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 09:21 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 09:21 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 14:33 - 2015-07-15 21:23 - 00000000 ____D C:\FRST
2015-10-07 14:33 - 2014-04-20 08:04 - 00000000 ____D C:\Users\Dustin\AppData\Local\CrashDumps
2015-10-07 14:33 - 2014-04-07 01:40 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-178646866-1240154784-113881889-1001
2015-10-07 14:28 - 2014-04-22 12:58 - 00000000 __RDO C:\Users\Dustin\OneDrive
2015-10-07 14:27 - 2015-08-27 17:51 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 14:26 - 2015-04-28 20:17 - 00026629 _____ C:\WINDOWS\setupact.log
2015-10-07 14:26 - 2014-03-18 05:54 - 02044834 _____ C:\WINDOWS\PFRO.log
2015-10-07 14:26 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-07 14:26 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-07 14:25 - 2014-08-09 23:16 - 00000000 ____D C:\AdwCleaner
2015-10-07 14:25 - 2014-04-22 10:22 - 01903484 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-07 14:01 - 2014-04-07 01:38 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-07 02:26 - 2014-06-30 03:23 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-07 02:25 - 2014-05-24 22:04 - 00000000 ____D D:\Program Files (x86)\Steam
2015-10-07 02:25 - 2014-04-07 16:00 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core.job
2015-10-06 22:57 - 2015-04-29 09:27 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-06 20:37 - 2014-08-28 21:00 - 00373248 ___SH C:\Users\Dustin\Desktop\Thumbs.db
2015-10-06 16:41 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-06 16:40 - 2015-08-23 19:53 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-05 00:22 - 2015-08-18 18:58 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\qBittorrent
2015-10-04 23:36 - 2014-06-23 16:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-04 22:54 - 2015-08-09 20:43 - 00000614 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-04 22:54 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-04 22:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-04 22:51 - 2014-06-17 20:59 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2015-10-04 22:50 - 2014-06-17 20:59 - 00000000 ____D C:\ProgramData\Native Instruments
2015-10-03 23:30 - 2014-04-22 10:26 - 00000000 ____D C:\Users\Dustin
2015-10-03 23:23 - 2013-08-22 10:44 - 00567864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-03 22:57 - 2014-04-16 06:06 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Skype
2015-10-03 19:22 - 2014-08-25 20:24 - 00000000 ____D C:\Users\Dustin\AppData\Local\Battle.net
2015-10-01 22:27 - 2015-05-25 22:56 - 00000000 ____D D:\Program Files (x86)\World of Warcraft
2015-09-30 23:36 - 2014-12-16 21:33 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\vlc
2015-09-29 23:08 - 2015-09-04 12:09 - 00001057 _____ C:\Users\Dustin\AppData\Roaming\vso_ts_preview.xml
2015-09-29 23:08 - 2015-09-04 12:09 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Vso
2015-09-29 22:38 - 2015-09-04 12:26 - 00000000 ____D C:\Users\Dustin\Documents\ConvertXToDVD
2015-09-29 15:38 - 2014-04-16 06:06 - 00000000 ____D C:\ProgramData\Skype
2015-09-29 11:12 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-15 11:56 - 2014-04-07 01:38 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 11:56 - 2014-04-07 01:38 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 00:38 - 2014-04-07 16:00 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA
2015-09-15 00:38 - 2014-04-07 16:00 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core
2015-09-15 00:38 - 2014-04-07 16:00 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA.job
2015-09-14 21:18 - 2015-04-29 07:55 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-04-29 07:55 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 13:52 - 2014-04-07 01:37 - 00000000 ____D C:\Users\Dustin\AppData\Local\Google
2015-09-13 11:58 - 2015-09-06 23:52 - 00000000 ____D C:\Users\Dustin\Desktop\GORBA
2015-09-11 22:08 - 2015-06-11 07:38 - 618045050 _____ C:\WINDOWS\MEMORY.DMP
2015-09-11 20:37 - 2014-03-18 06:03 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-10 12:14 - 2014-09-08 17:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-10 12:14 - 2014-09-08 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 23:12 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 22:43 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 12:16 - 2014-04-22 14:20 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-09 11:53 - 2012-07-26 01:26 - 00000199 _____ C:\WINDOWS\win.ini
2015-09-09 11:44 - 2014-04-08 18:35 - 00000000 ____D C:\WINDOWS\system32\MRT
 
==================== Files in the root of some directories =======
 
2015-06-01 16:10 - 2015-06-01 16:10 - 0001102 _____ () D:\Program Files (x86)\Windows Media Player.lnk
2015-10-04 21:59 - 2015-10-04 21:59 - 0000016 _____ () C:\Users\Dustin\AppData\Roaming\msregsvv.dll
2015-09-04 12:09 - 2015-09-29 23:08 - 0001057 _____ () C:\Users\Dustin\AppData\Roaming\vso_ts_preview.xml
2015-10-04 23:54 - 2015-10-07 00:54 - 0000100 _____ () C:\Users\Dustin\AppData\Roaming\WB.CFG
2014-07-28 20:56 - 2014-07-28 20:56 - 0004608 _____ () C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-23 17:27 - 2014-04-23 17:27 - 0000001 _____ () C:\Users\Dustin\AppData\Local\RawCopy.1.02.agreement
2015-06-03 20:20 - 2015-06-03 20:20 - 0007601 _____ () C:\Users\Dustin\AppData\Local\Resmon.ResmonCfg
2015-08-20 15:43 - 2015-08-20 15:43 - 0045373 _____ () C:\ProgramData\1440099633.bdinstall.bin
2015-08-20 16:32 - 2015-08-20 16:32 - 0201219 _____ () C:\ProgramData\1440102253.bdinstall.bin
2015-10-04 12:45 - 2015-10-04 12:45 - 0037669 _____ () C:\ProgramData\1443977105.bdinstall.bin
2015-10-04 13:49 - 2015-10-04 13:49 - 0098150 _____ () C:\ProgramData\1443977107.bdinstall.bin
2014-06-04 17:04 - 2014-06-04 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-04 21:59 - 2015-10-04 21:59 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-06-15 18:24 - 2014-08-05 20:27 - 0000880 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Dustin\AppData\Local\Temp\14387533-9118-41d8-849b-33065cb974db.exe
C:\Users\Dustin\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Dustin\AppData\Local\Temp\bitool.dll
C:\Users\Dustin\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-07 02:37
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Dustin (2015-10-07 14:34:22)
Running from D:\Downloads
Windows 8.1 (X64) (2014-04-22 16:56:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
A49EB00952734B69908B (S-1-5-21-178646866-1240154784-113881889-1005 - Limited - Enabled)
Administrator (S-1-5-21-178646866-1240154784-113881889-500 - Administrator - Disabled)
Dustin (S-1-5-21-178646866-1240154784-113881889-1001 - Administrator - Enabled) => C:\Users\Dustin
Guest (S-1-5-21-178646866-1240154784-113881889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-178646866-1240154784-113881889-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Disabled - Out of date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EDC0E654-60C7-758D-6B81-C8D3ACCEDEE5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AmpliTube 3 version 3.15.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.15.0 - IK Multimedia)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4192.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AvcEngine (Version: 3.11.11387.0 - Lavasoft) Hidden
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.7 - Avid Technology, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bigasoft WMV Converter 3.7.49.5044 (HKLM-x32\...\{69C38733-82AC-42DE-911B-E2826DB235F6}_is1) (Version:  - Bigasoft Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Chromium (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Chromium) (Version: 45.0.2422.0 - Chromium)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Custom Shop version 1.6.1 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.6.1 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 6.0.0.0444 - Disc Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version:  - )
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GenuTax Standard (HKLM-x32\...\{DF0EBD6C-CE87-4623-92FA-A2D08ABC1862}) (Version: 1.46 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
H&R Block Tax Software 2014 (HKLM-x32\...\{D7209B97-5FB9-4276-B670-F659F1057847}) (Version: 16.0.0 - H&R Block)
IC User Applications (64-bit) 2015 R3 (HKLM\...\{49467C4D-9392-4BCF-8F4C-268093576AFC}) (Version: 15.3.4.28 - Interactive Intelligence, Inc.)
IK Multimedia Authorization Manager version 1.0.14 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.14 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.4.31475 - Juniper Networks)
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
magicJack (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-GB)) (Version: 39.0.3 - Mozilla)
Mozilla Firefox 40.0.2 (x86 en-GB) (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Mozilla Firefox 40.0.2 (x86 en-GB)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.)
PizCICNet 2015 (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\088b0599e83ac477) (Version: 2.0.0.0 - Microsoft)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
Psi (remove only) (HKLM-x32\...\Psi) (Version:  - )
Pulse Secure Host Checker (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\PulseSecure_Host_Checker) (Version: 8.1.1.33981 - Pulse Secure, LLC)
Pulse Secure Network Connect 8.1 (HKLM-x32\...\Pulse Secure Network Connect 8.1) (Version: 8.1.1.33981 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Juniper_Setup_Client) (Version: 8.1.1.52267 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.11 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
UM-ONE Driver (HKLM\...\RolandRDID0115) (Version:  - Roland Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Companion (HKLM-x32\...\{adc320e3-65cf-40e6-9cca-5e2e1866c3f0}) (Version: 2.1.1133.2333 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XBMC (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\XBMC) (Version:  - Team XBMC)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
22-09-2015 04:49:57 Windows Update
29-09-2015 14:53:22 Scheduled Checkpoint
03-10-2015 17:57:38 Installed Visual C++ Redistributables
04-10-2015 21:57:28 Installed QuickTime 7
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-08-15 19:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06F4BD9D-D57E-4140-A514-82D91E33CB31} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {09DDEA75-0A1D-400C-A8F1-A1C2FAB10B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {20538128-C1BA-4B03-AED2-75020FD281CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {25001450-445D-457B-9AA1-B19FC0E19CD6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {40BBE82D-F8AC-4D2E-A31B-FF6A40E94954} - System32\Tasks\{E679F263-56F5-4705-8C7D-A3D16D870155} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.105&LastError=404
Task: {49F52EDF-8EFC-4CC8-BCA5-04CDD6D0538D} - \Cassiopesa nisa -> No File <==== ATTENTION
Task: {512A33EA-0FCF-4B57-9FF3-B00C1EA15437} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6179C903-C296-4A89-ABC2-BAEAC16A517F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-04] (ASUSTeK Computer Inc.)
Task: {69420CB6-BECE-4082-984C-99518AEE8AA8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {85A4507E-CA43-40F7-807B-1D0CF127CC86} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {9B38D61E-91A9-4084-9831-87532F0ADEBC} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {B837B670-9F0B-4C01-8333-683481610529} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {BCD1C301-BC11-4D23-A3EF-FACFD310474E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C2AB5087-52D8-40F0-8910-12BA1291655D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {DAA7A664-2861-4FA6-9B28-6BFF34DD65D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EAFD7923-768B-44D1-9AB1-A28608ED3E1F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {F1530323-85C4-4901-9A81-6BCDABFFDC8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F32B9E4F-C1E8-4C99-B4E0-6BADE6957271} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {FCEFA5FE-1B68-4F31-AB49-7F3B18E4A7F9} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core.job => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA.job => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 15:54 - 2015-08-27 15:54 - 00712432 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01210616 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00036096 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00244472 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-10-05 00:54 - 2015-01-06 13:47 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2015-10-05 01:01 - 2015-10-05 01:01 - 00875864 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-10-05 01:01 - 2015-10-05 01:01 - 00741952 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-10-05 01:01 - 2015-10-05 01:01 - 02801464 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-10-05 01:01 - 2015-10-05 01:01 - 01412512 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-10-05 00:54 - 2015-10-05 00:54 - 00016656 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-10-05 00:54 - 2015-10-05 00:54 - 00008976 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00023312 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () D:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-09-25 10:02 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 10:02 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00097040 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00256272 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00049424 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00120080 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00012560 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-10-05 00:54 - 2015-10-05 00:54 - 00036112 _____ () D:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-09-25 10:02 - 2015-09-23 22:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Dustin\Cookies:4NAt4EMkhRoulPweDz
AlternateDataStreams: C:\Users\Dustin\Cookies:ICSNNMN3LQdUf8xjbfx2A
AlternateDataStreams: C:\Users\Dustin\Local Settings:NJI7293AzD3ZOHg29IZeFqLhFQmT
AlternateDataStreams: C:\Users\Dustin\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Dustin\AppData\Local:NJI7293AzD3ZOHg29IZeFqLhFQmT
AlternateDataStreams: C:\Users\Dustin\AppData\Local\Application Data:NJI7293AzD3ZOHg29IZeFqLhFQmT
AlternateDataStreams: C:\Users\Dustin\AppData\Local\Temporary Internet Files:JlUsbjqEgCaZ6RfNmT2CL
AlternateDataStreams: C:\Users\Dustin\AppData\Local\Temporary Internet Files:QcLJghAEFVqMCNX8nDxb6R
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-178646866-1240154784-113881889-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Angels\12023032_475696595924712_456494130_n.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: dsNcService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ININ Tracing 3-0 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: swsesrvc_1.10.0.25 => 2
MSCONFIG\Services: TeamViewer9 => 2
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "gmsd_ca_006010106"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\StartupApproved\Run: => "Pinger"
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_630423A32D44FC4C2E9E33C8FADD3193"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7C4E19CE-4694-45D5-BB42-EBE5C86DD8C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{3D46B3FB-E162-45DA-B61B-BE0A1BCD4C15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [UDP Query User{04570A34-7302-43FF-A380-2200EF593D7E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4E0734AF-529E-46FB-9F05-7287CF8E6644}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{731747DC-F50A-4E46-8582-EC072C3E63CC}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [TCP Query User{5BE144AA-AD72-49C6-B229-65614EDF287C}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{8BB4B5EE-2CA7-4AD6-837A-93942EFAC8D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5D14C10C-6C8A-4AAD-BD41-21593DC0E392}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{1423FF41-C743-41AA-8842-4836BED9EE0E}] => (Allow) C:\Users\Dustin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74CA8E07-4D41-40CE-B0D3-236EECBEB6FA}] => (Allow) C:\Users\Dustin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4967EB7B-8650-42D4-AC82-8C8232873E96}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{349E00B1-5A6B-4723-850F-B464CFFC0132}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{EE7F7907-051E-4DED-AB7B-C0561F4EBF75}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{633301D8-5098-4C9C-ADE9-8D29524326EF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{144A2DB8-F9F6-48CB-81A1-07E269C083C4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3C0F0FD9-A4E9-40AE-AC0F-91451ECE492B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{4B71E392-CAB7-4845-954E-D64608A29505}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{310AC7B9-5D69-4A9B-A248-3B3D0805C5E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{4D2FE157-C71D-4D2A-B84E-E5AB3AA00CAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{3539EE3F-0647-4FE0-BA83-4DBB46922926}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{8D016657-E085-4918-B7C2-2760E30CBFBF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A54EA568-B03E-40BF-981C-C95F62B1B9A3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{E3ED71AD-A97F-4511-8CBF-6FC30CE5B0B6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{80E3B399-C5C7-410F-A261-D19431F5CA80}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4B09B67B-08F6-4BC8-B04D-EF589EBDB51F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{8359676F-DF86-47B6-ADC8-4D2B03425EE1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{9C815AA8-3A81-4BD4-A5FC-BE1D892E79FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{5A7A545A-9D5D-46E6-9348-EBAA934A5048}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{F7656080-27D9-4EBB-B9B9-4A4A7295EFCA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{44B0938A-029C-441F-BF1B-270C4A50C6DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D056426-4627-4D5D-B168-9B568C924CAE}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe
FirewallRules: [{0F5E0BB8-5213-4EAF-B8E7-7EBDD77242CE}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe
FirewallRules: [{B712183D-165A-4686-A44C-2D21A74A04E7}] => (Allow) D:\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{5CF374C4-6711-4B79-9E34-9D15DBE4EB8E}] => (Allow) D:\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{5F784B0A-BB0C-4633-B8C8-6A6BBF1F7176}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9F68E0A2-2F32-47B2-B108-E7CB4B40AF16}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{936E1408-81D4-4D2F-8974-098FC0808FA8}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{26123535-B50A-4EB9-B6A7-207B49285ACD}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4188E0BC-AF5C-438E-A857-CAC43DED3FA4}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A666DACA-5CC5-4F7C-96AA-E8BE4E8310C3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9824182B-DA26-4775-8F62-7D088C63CD19}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BD954DDC-8132-41FD-8E58-F03942D0AC7A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D933A079-A1BB-4A65-9A0E-1247490A1F25}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS5B84\setup\hpznui40.exe
FirewallRules: [{B2B7C017-5617-4066-9182-45A2EB37B388}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{CDEB26CA-25CA-4520-B724-F07BCD5EBEFC}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{824CFA39-58E5-4D44-A487-51DE02572CF5}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{30D68546-7DE7-4313-8D27-F3F99331F496}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C3D4BC51-656E-48EA-A1A6-1381E470C1CC}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2318ABDC-7D20-4526-B50A-B3DFA775EA01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{12F793A1-FA9B-4567-86C3-1F30F911BFDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{FC044F66-F001-45DA-9C93-F16B2F2CCD15}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
FirewallRules: [{F722D6C2-5DFE-489F-B7C0-EC13C4DD0899}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
FirewallRules: [{57277D91-B556-4BFD-9C38-243E6CD4D189}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{8A01E12A-8A90-41C7-AFBE-5170E255497E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{6D9EF100-FC18-429B-AED7-5CC00C4EACBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{17EB0796-E147-4982-B998-8E07DB6E3C25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{EA5C07A5-9881-450A-AD26-5DC02379AA2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{9BCA275E-DFEC-4DEC-93DB-99AFCCCB4897}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{09D6BFC4-B378-4B9C-A0F7-30EA8788DF1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{185659AC-CA63-4431-9EC0-8D6E17AF737F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{33A25405-4B51-4FA0-AF82-FFDD3D1A7A87}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{91EC781C-3A55-4856-AE6E-B090FEA2AD91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{98D36200-7871-484F-B4D8-117DC4012800}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B0A59DE4-FBCE-4323-A274-17CC311B8AA6}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A0B6EB3F-B9E2-4AB6-A4A9-1589C4AA858B}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS3C72\HPDiagnosticCoreUI.exe
FirewallRules: [{69DA6513-CFEE-4589-A5D9-7EBFFE771229}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS3C72\HPDiagnosticCoreUI.exe
FirewallRules: [{8C0EF091-5B34-47DC-955E-E72CCB48B19D}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4920\hppiw.exe
FirewallRules: [{AD535297-345C-4881-BB1F-561D0499C642}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4920\hppiw.exe
FirewallRules: [{424DD602-B3EF-44B5-AA80-242816B2600E}] => (Allow) D:\Steam\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{DCAC1A93-31A7-47CF-A86E-65A736C11184}] => (Allow) D:\Steam\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{7D12D16E-0FDD-436A-9178-CAB664695E4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{25E86124-6BF9-4AA2-83AB-5E945EAAB6B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{254EAEE2-7915-436F-B065-97DF68694330}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{663A2CA2-E57C-4421-80A3-29E6141BC499}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{57FCA79B-AE0D-4528-99F8-84DA696599CC}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS79B1\HPDiagnosticCoreUI.exe
FirewallRules: [{9B14E893-7DEF-4D5D-AAC2-9A8EE0B53029}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS79B1\HPDiagnosticCoreUI.exe
FirewallRules: [{D2654C93-4D6F-4DC4-AE95-98BE90152A84}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4533\HPDiagnosticCoreUI.exe
FirewallRules: [{BA0BD82A-0DD5-4EDB-BD11-3F495CDDA4F5}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4533\HPDiagnosticCoreUI.exe
FirewallRules: [{A59A820E-4088-4C12-87F1-58F16D65BA2B}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4734\HPDiagnosticCoreUI.exe
FirewallRules: [{5187CFD3-6563-4871-86B6-963C8708D5AD}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4734\HPDiagnosticCoreUI.exe
FirewallRules: [{9BEEB95B-7FD6-44BC-9AD7-F4AB26D00E30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{C6FC0285-D8BF-4E0E-BFAB-BCF3122C10E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{7C6BD999-A918-4E5F-AF79-D437E843C2E7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1C583DA8-CB24-42DE-8DEA-90EDEFDB7A15}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{57D2C400-ED47-4364-A937-6E930EBA57BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{23E7B62C-A91D-40D3-A3AB-C755348861B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{1A1F2612-54C8-4C7E-B6B1-F2066D2976ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{E289EA5C-34FD-4E61-A2C2-30FF702BA2DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4A8861DD-74AA-4370-A277-2F8850DBA6C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{948083D6-FF02-476B-99A2-ED53D1DEBA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{5E62E9A9-7F7C-45E7-AEDD-B60B04D88EE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{303563F3-D4B0-4D89-AA3C-2F0D57149ED4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{7AC57944-180F-46F5-A991-CE47B6D04FC5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{A705B69C-3D89-46F0-8AB4-A3F723B0690F}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{821F6B1C-247F-4B82-A29A-0BECEAB3882C}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{523EB68B-7734-474C-B061-BC287D11AF23}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{0F5CF315-7248-4744-8621-D6B91345BB2A}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{67180BA0-9645-4312-9181-533265C0683F}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{3955A436-B4B3-4315-921D-3316C74EAC9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{AAEF15A1-1FF0-4C6B-84B8-52900C6B229C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{F8EE92E6-9D32-4D99-9ABF-7813F43A3786}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{E5F1A174-9FCD-4656-9D52-F9E12C831153}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{82E9EE1F-467E-4729-9B27-B87D6B32D67D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1B50F524-D59E-4B74-BF6D-3B3D9AD71DA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{D55837D3-9B96-4B35-8970-523A8265AF39}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4370D4A7-CB6C-4F23-8792-E07CD2B321FB}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{A25E8584-4A24-4A12-A827-2CF2EB991698}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{30B4F70C-4A74-488F-AD94-AA7F7B4A8BF7}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{C6B51006-28D4-4554-A62C-E98CBD488D32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{7919C5F0-8544-4FEA-AD42-B1B7C1F90BEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{2076C785-6372-4A3D-B9B8-11D9C1DF721C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2DFDA1AC-4ACB-4ABD-BED0-FEB278AF9D31}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{95D5FAAF-04AE-489F-A1FF-C768E1734DF2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9388EF49-6EAB-41E3-940C-5887714BB7FC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A623973E-F033-4F71-93B7-29E9A959562B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FA951738-F823-49FA-AF94-8D6ED2DE24E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{26BCFC82-AD54-48E1-B45E-A84398BCF337}] => (Allow) LPort=2869
FirewallRules: [{7FD27C35-9692-4776-8E61-58E7C6D6F69C}] => (Allow) LPort=1900
FirewallRules: [{84D4AF49-76A5-48A8-BC89-D2B1A1AB2682}] => (Allow) C:\Users\Dustin\Desktop\Steam.exe
FirewallRules: [{46D81687-B6F2-4360-933C-296BB10DA0E4}] => (Allow) C:\Users\Dustin\Desktop\Steam.exe
FirewallRules: [{C5380AE0-BD3D-492A-9AD4-C22591A576A0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{76A1E315-9C26-4F8A-8C0D-593B5401C567}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{CF1EF2DD-0238-4B03-82CE-9A58766CF27B}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{4965522B-8236-49CD-B496-17866DF1D4FC}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{2C57D75A-B19C-463A-9133-20E5AFD1FA36}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7B8F06A-F76A-4091-86D1-09419CEE14D8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FDE72190-3DDC-41A4-BBA8-7707E263BE1C}D:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) D:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [TCP Query User{87FD899E-E4A8-4A5A-A091-C253E2B74FA7}D:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [UDP Query User{3734DBDD-0E29-4CAB-91C7-3B81D8E7715F}D:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [TCP Query User{C0E18224-DAFD-4C5A-A69B-81673A67E149}D:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexdlnaserver.exe
FirewallRules: [UDP Query User{31660B1B-A850-408B-8F49-6333AF61FC79}D:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexdlnaserver.exe
FirewallRules: [{57FFC71D-7D39-4213-866E-3A6D334750D3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{CA736BE2-F558-4C50-8CFB-F5795B8B9241}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{68C6ED31-B543-49F3-9F26-6BABFECF303F}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{B72C4E9D-2FB9-4892-BBC1-6C94DA6249D2}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [TCP Query User{B44AA948-FDCE-4AB2-984D-FE9BE22BBE19}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{CD422B41-7C08-486B-9943-6147EC47F9B1}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{7B01F9C8-47BD-47BD-9581-C1DBD02A5EF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8FF053FD-F145-4E46-A97E-C895908AC4B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{36DDB86C-7EF4-4FB5-993C-8E148C79982A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0FA472DA-DFF3-45A4-8470-785DD9EBB219}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E0ABFB0C-0FE4-4F00-AA1E-80677CCC3B81}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4F101451-E181-4CBA-9BCA-DB563305ED85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8AA70E86-2C2A-4C69-B91F-E7DF58A6365D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{54BA5404-2697-4DEB-8A15-323BD05C2FEB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2CF0709D-517B-4863-A59C-25E0810D58F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AF52296-9CB0-4DD6-95BF-4B7DAB7DBBC7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA55BDC2-A89D-4A2D-99B6-DEF698794CD5}] => (Allow) C:\Program Files (x86)\Interactive Intelligence\ICUserApps\SipSoftPhone.exe
FirewallRules: [{37F8074C-8F22-4C5C-B446-3047377E8592}] => (Allow) C:\Program Files (x86)\Interactive Intelligence\ICUserApps\SipSoftPhone.exe
FirewallRules: [{3CAE234E-2181-4D7C-9A27-44BE9DEE9728}] => (Allow) D:\Firefox\firefox.exe
FirewallRules: [{E1B68AC2-D784-4E4B-8EA1-1B33A328E387}] => (Allow) D:\Firefox\firefox.exe
FirewallRules: [{ECE43C69-D574-4CF7-BA8D-03109B7D34C1}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3C780659-9345-490C-A105-E568317F8D23}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1B904533-7432-43FD-AB0C-B54F3AAB9BD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{09DFAAC9-73FA-4591-BEC0-BAACB4F9BD81}C:\program files (x86)\avid\pro tools\protools.exe] => (Block) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{8B2E6EA6-C8D6-4372-A157-365768476CC9}C:\program files (x86)\avid\pro tools\protools.exe] => (Block) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [{6D7193B1-F127-4953-ACB8-C01DA1A18D11}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D95CE3AC-798E-4500-9521-CB7A62768C51}] => (Allow) C:\Users\Dustin\AppData\Local\Chromium\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2015 02:33:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Faulting module name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Exception code: 0xc0000005
Fault offset: 0x00005391
Faulting process id: 0xe00
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5
 
Error: (10/07/2015 02:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Faulting module name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Exception code: 0xc0000005
Fault offset: 0x00005391
Faulting process id: 0xaac
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5
 
Error: (10/07/2015 02:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Exception code: 0xc0000005
Fault offset: 0x0000000000017719
Faulting process id: 0x380
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3
Faulting package full name: igfxCUIService.exe4
Faulting package-relative application ID: igfxCUIService.exe5
 
Error: (10/07/2015 02:23:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Faulting module name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Exception code: 0xc0000005
Fault offset: 0x00005391
Faulting process id: 0x170c
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5
 
Error: (10/07/2015 02:28:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Exception code: 0xc0000005
Fault offset: 0x0000000000017719
Faulting process id: 0x390
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3
Faulting package full name: igfxCUIService.exe4
Faulting package-relative application ID: igfxCUIService.exe5
 
Error: (10/07/2015 12:54:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNINST~1.EXE, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x40010006
Fault offset: 0x00014598
Faulting process id: 0x2f94
Faulting application start time: 0xUNINST~1.EXE0
Faulting application path: UNINST~1.EXE1
Faulting module path: UNINST~1.EXE2
Report Id: UNINST~1.EXE3
Faulting package full name: UNINST~1.EXE4
Faulting package-relative application ID: UNINST~1.EXE5
 
Error: (10/07/2015 12:31:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (10/06/2015 03:11:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Faulting module name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Exception code: 0xc0000005
Fault offset: 0x00005391
Faulting process id: 0xed8
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5
 
Error: (10/06/2015 03:11:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Faulting module name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Exception code: 0xc0000005
Fault offset: 0x00005391
Faulting process id: 0xafc
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5
 
Error: (10/06/2015 03:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Faulting module name: DTShellHlp.exe, version: 6.0.0.444, time stamp: 0x54608b99
Exception code: 0xc0000005
Fault offset: 0x00005391
Faulting process id: 0x17f0
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5
 
 
System errors:
=============
Error: (10/07/2015 02:28:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated with the following error: 
%%2147500037
 
Error: (10/07/2015 02:27:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TeamViewer 9 service failed to start due to the following error: 
%%2
 
Error: (10/07/2015 02:26:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1069
 
Error: (10/07/2015 02:26:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (10/07/2015 02:26:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/07/2015 02:26:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (10/07/2015 02:26:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/07/2015 02:25:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/07/2015 02:25:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/07/2015 02:25:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-06-17 07:59:41.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-12 08:07:14.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-11 07:51:59.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-05 07:59:03.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-02 09:50:33.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-29 08:32:49.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-28 06:09:06.796
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-25 07:52:13.574
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-17 14:03:12.162
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 08:10:57.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770S CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 6083.28 MB
Available physical RAM: 3865.73 MB
Total Virtual: 12227.28 MB
Available Virtual: 9204.71 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:149.22 GB) (Free:36.61 GB) NTFS
Drive d: (Data) (Fixed) (Total:759.33 GB) (Free:89.77 GB) NTFS
Drive f: (UM-ONE-MK2) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2B3F5DB9)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


#4 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 07 October 2015 - 01:51 PM

I accidentally didn't click export on the adwcleaner and it had a lot of items found. I ran it a second time and pasted that log but originally I forgot to export the log file.

The computer still a bit messed up. The browser is no longer hijacked!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 08 October 2015 - 07:55 AM

Windows Firewall is disabled.

Turn System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7

===

Remove this program in bold using the Add/Remove Programs applet.
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Failed to access process -> igfxCUIService.exe
HKLM\...\Run: [] => [X]
AppInit_DLLs-x32: ØÞ(÷ => No File
S2 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X][/B]
Task: {49F52EDF-8EFC-4CC8-BCA5-04CDD6D0538D} - \Cassiopesa nisa -> No File <==== ATTENTION
Task: {F32B9E4F-C1E8-4C99-B4E0-6BADE6957271} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {FCEFA5FE-1B68-4F31-AB49-7F3B18E4A7F9} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Dustin\Cookies:4NAt4EMkhRoulPweDz
AlternateDataStreams: C:\Users\Dustin\Cookies:ICSNNMN3LQdUf8xjbfx2A
AlternateDataStreams: C:\Users\Dustin\Local Settings:NJI7293AzD3ZOHg29IZeFqLhFQmT
AlternateDataStreams: C:\Users\Dustin\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Dustin\AppData\Local:NJI7293AzD3ZOHg29IZeFqLhFQmT
AlternateDataStreams: C:\Users\Dustin\AppData\Local\Application Data:NJI7293AzD3ZOHg29IZeFqLhFQmT
AlternateDataStreams: C:\Users\Dustin\AppData\Local\Temporary Internet Files:JlUsbjqEgCaZ6RfNmT2CL
AlternateDataStreams: C:\Users\Dustin\AppData\Local\Temporary Internet Files:QcLJghAEFVqMCNX8nDxb6R
C:\Users\Dustin\AppData\Local\Temp\14387533-9118-41d8-849b-33065cb974db.exe
C:\Users\Dustin\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Dustin\AppData\Local\Temp\bitool.dll
C:\Users\Dustin\AppData\Local\Temp\vlc-2.2.1-win32.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#6 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 08 October 2015 - 08:22 PM

Computer seems to be running better so far. Internet explorer won't restart, it gets to the 'restoring default settings' part and then it gets an X. I'm assuming that means it isn't resetting? 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 09 October 2015 - 07:34 AM

Did you click the Apply button?

Restart the computer normally.

How is IE now?

#8 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 09 October 2015 - 02:11 PM

I've attached an image of what happens.

I've restarted multiple times and it doesn't help. I can't even open internet options within internet explorer I'll Click on"Internet Options" and *nothing* happens. The only way I can pull up internet options is by closing IE and hitting windows key + Q and searching "Internet Options" . That's the only way that the menu will open. 

Attached Files


Edited by Pl3as3HelpM3, 09 October 2015 - 02:11 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 10 October 2015 - 07:36 AM

Try the fix on this page.

http://www.sevenforums.com/browsers-mail/321651-unable-reset-internet-explorer-settings.html

Keep me posted.

#10 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 12 October 2015 - 04:58 PM

I was unable to reset IE, but I don't use it at all and I proceeded to delete it. I noticed that the icon "Chromium" is still on my desktop, that downloaded when I inititally got the virus, idk if that helps.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 13 October 2015 - 06:39 AM

I noticed that the icon "Chromium" is still on my desktop, that downloaded when I inititally got the virus, idk if that helps.


Delete it. Keep it in you recycle bin for a week.
If all is well the flush it.

===

I suggest you repair or reinstall Internet Explorer in Windows

How to repair or reinstall Internet Explorer in Windows
https://support.microsoft.com/en-us/kb/318378
Follow the instructions on the page.


If you Chrome goes bad you will not have a good browser to work with.

#12 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 13 October 2015 - 04:00 PM

Okay, I will work on that tonight after work. My computer seems to be functioning well, was just confused about the chromium icon. i'll put it in my recycling bin and also work at repairing internet explorer / reinstalling it. After doing that does it seem like everything is in the clear? I notice my ping is still a bit high in games, has been ever since I had this trouble, but obviously that could be a coincidence. 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 14 October 2015 - 08:48 AM

I notice my ping is still a bit high in games, has been ever since I had this trouble, but obviously that could be a coincidence.

This is not caused by malware and not my forte.

If still an issue, I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/f/21/networking/
An expert may be able to help you.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 20 October 2015 - 08:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users