Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Randomly 404s on sites and is really slow


  • This topic is locked This topic is locked
9 replies to this topic

#1 Jaret

Jaret

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 October 2015 - 03:34 PM

Firefox (41.0.1) delivers 404 results on many sites that should not 404.  Sometimes I seem to be diverted to a yahoo 404 site and othertimes some sort of Lavasoft page which is delvering search type results for the page which could not be found (404). Aadditionally my browser is running pretty slowly generally. Finally, my Kaspersky Total Security seems hobbled, though I think this relates to my Windows 10 upgrade.

 

Running Windows 10 64 bit

 

Thus far I have:

1.  Downloaded and run AdwCleaner.exe (Logs Follow)

2.  Downladed and Updated Malwarebytes and run a full scan (logs follow)

3.  Downloaded and run FRST64.exe (logs follow).

 

 

AdwCleaner Logs:

 

# AdwCleaner v5.013 - Logfile created 12/10/2015 at 12:34:30
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Dad - BULLDOG
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[-] Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\blekko toolbars
[-] Folder Deleted : C:\ProgramData\Systweak
[-] Folder Deleted : C:\Users\Dad\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Dad\AppData\Local\DirectDownloader
[-] Folder Deleted : C:\Users\Dad\AppData\Local\eSupport.com
[-] Folder Deleted : C:\Users\Dad\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Dad\AppData\Local\Slick Savings
[-] Folder Deleted : C:\Users\Dad\AppData\Local\SwvUpdater
[-] Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[-] Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc
[-] Folder Deleted : C:\Users\Dad\AppData\LocalLow\adawaretb
[-] Folder Deleted : C:\Users\Dad\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Dad\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : advanced-System Protector_startup
[-] Task Deleted : ASP
[-] Task Deleted : LaunchSignup

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\Tune
[-] Key Deleted : HKCU\Software\Appscion
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\adawaretb
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Tune
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\OCS
[!] Key Not Deleted : [x64] HKCU\Software\Tune
[!] Key Not Deleted : [x64] HKCU\Software\Appscion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\systweak
[!] Key Not Deleted : HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\AppDataLow\Software\adawarebp
[!] Key Not Deleted : HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{03BD12E0-0E8F-4131-B65D-DCB2C29734EA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E041CBAE-8439-46E9-B8E0-45721E554E0D}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{03BD12E0-0E8F-4131-B65D-DCB2C29734EA}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E041CBAE-8439-46E9-B8E0-45721E554E0D}
[!] Key Not Deleted : HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\Microsoft\Internet Explorer\SearchScopes\{03BD12E0-0E8F-4131-B65D-DCB2C29734EA}
[!] Key Not Deleted : HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E041CBAE-8439-46E9-B8E0-45721E554E0D}

***** [ Web browsers ] *****

[-] [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bohapeiooecafommnlaiccilacgmkaoc
[-] [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oejkcgajlodefenbbjdnaiahmbnnoole

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6214 bytes] ##########
 

 

 



BC AdBot (Login to Remove)

 


#2 Jaret

Jaret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 October 2015 - 03:36 PM

Malwarebytes Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/12/2015
Scan Time: 12:44 PM
Logfile: malwarebytes Scan Log 10122015.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.12.01
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 558546
Time Elapsed: 24 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}, Quarantined, [10019db9c9c279bdc831604b0103aa56],
PUP.Optional.Spigot, HKU\S-1-5-21-2375771536-2672884834-688610250-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6397B43F-F480-4975-A561-CB8D7E307921}, Quarantined, [52bf93c3e9a28da9fe04b223ce36966a],
PUP.Optional.Spigot, HKU\S-1-5-21-2375771536-2672884834-688610250-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{03BD12E0-0E8F-4131-B65D-DCB2C29734EA}, Quarantined, [be53c690642761d5d1328f46996b1de3],

Registry Values: 3
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181104}|AppName, Coupon Companion Plugin-bg.exe, Quarantined, [10019db9c9c279bdc831604b0103aa56]
PUP.Optional.Spigot, HKU\S-1-5-21-2375771536-2672884834-688610250-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6397B43F-F480-4975-A561-CB8D7E307921}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}, Quarantined, [52bf93c3e9a28da9fe04b223ce36966a]
PUP.Optional.Spigot, HKU\S-1-5-21-2375771536-2672884834-688610250-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{03BD12E0-0E8F-4131-B65D-DCB2C29734EA}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, Quarantined, [be53c690642761d5d1328f46996b1de3]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.InstallCore, C:\Users\Dad\Downloads\xmleditor_setup(1).msi, No Action By User, [66ab084e5833fa3c813ed1f0c938b947],
PUP.Optional.Proinstall, C:\Users\Dad\Downloads\xmleditor_setup-50133090.exe, No Action By User, [5eb3e2744f3c3ff719fff48afb06f808],
PUP.Optional.InstallCore, C:\Users\Dad\Downloads\xmleditor_setup.msi, No Action By User, [54bdaea84546dd599f200db406fbbf41],
PUP.Optional.Spigot, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=");), Replaced,[43ce490de3a82511a9a6ac1f1de8e31d]

Physical Sectors: 0
(No malicious items detected)


(end)



#3 Jaret

Jaret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 October 2015 - 03:38 PM

FRST.txt Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 02
Ran by Dad (administrator) on BULLDOG (12-10-2015 13:25:05)
Running from C:\Users\Dad\Desktop\Computer Maint
Loaded Profiles: Dad (Available Profiles: Dad & Courtland School & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
() C:\Program Files\Core Temp\Core Temp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-11] (Razer Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [558672 2013-09-11] (Lavasoft)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Run: [Google Update] => C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-2375771536-2672884834-688610250-1008\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2790C837-199A-4424-B5DB-0B50C15B4199}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{82b32af5-3d4a-40bc-9aa4-a1b937702c84}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8CB3DF3D-9CDD-4C41-A314-B66ADBE67CB5}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2375771536-2672884834-688610250-1000 -> DefaultScope {52555334-7822-4388-B71D-8E2B46CB6341} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2375771536-2672884834-688610250-1000 -> {52555334-7822-4388-B71D-8E2B46CB6341} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-17] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-17] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2375771536-2672884834-688610250-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-14] (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Dad\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF 3D Reader -> C:\Program Files (x86)\Soda PDF 3D Reader\np-previewer.dll [2014-04-23] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-2375771536-2672884834-688610250-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-28] (Citrix Online)
FF Plugin HKU\S-1-5-21-2375771536-2672884834-688610250-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2375771536-2672884834-688610250-1000: @talk.google.com/O1DPlugin -> C:\Users\Dad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2375771536-2672884834-688610250-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2375771536-2672884834-688610250-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2375771536-2672884834-688610250-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-14] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll [2008-10-28] (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll [2008-10-28] (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll [2008-10-28] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Dad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: NetVideoHunter - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\Extensions\netvideohunter@netvideohunter.com [2015-05-29]
FF Extension: Ghostery - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\Extensions\firefox@ghostery.com.xpi [2015-02-23]
FF Extension: ExHentai Easy 2 - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2015-09-12]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-23]
FF Extension: Greasemonkey - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\6nmnufiz.default-1424623644675\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-11]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-09-20]
FF HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Raidcall plugin) - C:\Users\Dad\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2011-08-09] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-06] (ASUSTeK Computer Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-09-20] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-10-12] (Intel Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [744800 2014-04-23] (LULU SOFTWARE LIMITED)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-07] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1006320 2015-09-29] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1598816 2014-04-23] (LULU SOFTWARE LIMITED)
R2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [621408 2014-04-23] (LULU SOFTWARE LIMITED)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [834752 2015-01-19] (Valve Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-06] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\Dad\AppData\Local\Temp\ALSysIO64.sys [25064 2015-10-12] (Arthur Liberman)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)
U0 gteiarq; C:\Windows\System32\drivers\cuuu.sys [79064 2015-10-12] (Malwarebytes Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-10-12] (Intel Corporation)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [937656 2015-06-30] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-27] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [78008 2015-06-26] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [113880 2015-10-12] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-06] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 13:25 - 2015-10-12 13:25 - 00000000 ____D C:\FRST
2015-10-12 13:10 - 2015-10-12 13:10 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\cuuu.sys
2015-10-12 12:42 - 2015-10-12 13:25 - 00000000 ____D C:\Users\Dad\Desktop\Computer Maint
2015-10-12 12:41 - 2015-10-12 12:41 - 00016148 _____ C:\WINDOWS\system32\BULLDOG_Dad_HistoryPrediction.bin
2015-10-12 12:33 - 2015-10-12 12:34 - 00000000 ____D C:\AdwCleaner
2015-10-12 12:11 - 2015-10-12 12:11 - 00000000 ____D C:\Users\Dad\AppData\Local\Steam
2015-10-12 12:00 - 2015-10-12 12:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-12 11:59 - 2015-10-12 12:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dad\Downloads\revosetup.exe
2015-10-09 22:45 - 2015-10-09 22:45 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-10-09 22:44 - 2015-10-02 22:28 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-10-09 22:43 - 2015-10-09 22:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-10-09 22:43 - 2015-10-03 00:58 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 37882488 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 22342264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 18387064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 16548768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 15837152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 14841232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 13525200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 12038368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 02313336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 01994360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435850.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435850.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00877176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00689968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00445216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-10-09 22:43 - 2015-10-03 00:58 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-10-09 22:40 - 2015-10-09 22:41 - 00000000 ____D C:\Users\Dad\Downloads\Dell SX2210 Monitor
2015-10-09 22:35 - 2015-10-09 22:35 - 00000000 ____D C:\Users\Dad\Documents\Dell WebCam Central
2015-10-09 22:35 - 2015-10-09 22:35 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Creative
2015-10-09 22:35 - 2015-10-09 22:35 - 00000000 ____D C:\ProgramData\Creative
2015-10-09 17:17 - 2015-10-09 17:17 - 00000075 __RSH C:\WINDOWS\CT4CET.bin
2015-10-09 17:17 - 2015-10-09 17:17 - 00000000 ____D C:\Users\Public\Documents\Reallusion
2015-10-09 17:17 - 2015-10-09 17:17 - 00000000 ____D C:\Program Files (x86)\Creative
2015-10-09 17:17 - 2006-09-19 21:56 - 00057656 ____N C:\WINDOWS\system32\Drivers\FilterPC.bmp
2015-10-09 17:16 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2015-10-09 17:16 - 2009-06-15 13:06 - 00172704 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\CtClsFlt.sys
2015-10-09 17:16 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\CtAudDrv.sys
2015-10-09 17:13 - 2015-10-09 17:13 - 00000000 ____D C:\Dell
2015-10-09 17:12 - 2015-10-09 17:13 - 09860128 _____ C:\Users\Dad\Downloads\DELL_SX2210-MONITOR_A00-00_R230105.exe
2015-10-09 17:12 - 2015-10-09 17:13 - 00125576 _____ C:\Users\Dad\Downloads\DELL_SX2210-MONITOR_A00-00_R230097.exe
2015-10-09 17:11 - 2015-10-09 17:12 - 155377792 _____ C:\Users\Dad\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103.exe
2015-10-09 17:04 - 2015-10-09 17:04 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-10-09 17:03 - 2015-10-09 17:04 - 00000000 ____D C:\Users\Dad\AppData\Local\Deployment
2015-10-09 17:03 - 2015-10-09 17:03 - 00417064 _____ () C:\Users\Dad\Downloads\DellSystemDetectLauncher.exe
2015-10-08 12:34 - 2015-10-08 12:36 - 00000000 ____D C:\Users\Dad\Documents\STAR WARS Battlefront Beta
2015-10-08 00:04 - 2015-10-08 00:04 - 00001420 _____ C:\Users\Public\Desktop\STAR WARS Battlefront Beta.lnk
2015-10-08 00:04 - 2015-10-08 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront Beta
2015-10-07 22:20 - 2015-10-09 16:01 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Origin
2015-10-07 22:11 - 2015-10-07 22:17 - 17113896 _____ (Electronic Arts, Inc.) C:\Users\Dad\Downloads\OriginThinSetup.exe
2015-10-07 16:24 - 2015-10-07 16:24 - 01515083 _____ C:\Users\Dad\Downloads\1444245196164.webm
2015-10-07 16:24 - 2015-10-07 16:24 - 00522444 _____ C:\Users\Dad\Downloads\1444244343635.webm
2015-10-07 16:18 - 2015-10-07 16:18 - 03096906 _____ C:\Users\Dad\Downloads\1444201427820.webm
2015-10-07 16:18 - 2015-10-07 16:18 - 01899456 _____ C:\Users\Dad\Downloads\1444202343977.webm
2015-10-06 19:49 - 2015-10-06 19:49 - 03739648 _____ C:\Users\Dad\Downloads\Targets_and_Deconstruction.ppt
2015-10-06 19:39 - 2015-10-06 19:39 - 00141064 _____ C:\Users\Dad\Downloads\SuccessCriteriaPowerpoint_DA16FD5EF0B26.pptx
2015-10-02 23:53 - 2015-10-09 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 14:09 - 2015-10-02 14:09 - 04003141 _____ C:\Users\Dad\Downloads\cotton picker.webm
2015-10-02 14:02 - 2015-10-02 14:02 - 04169850 _____ C:\Users\Dad\Downloads\Aint gay.webm
2015-10-02 14:01 - 2015-10-02 14:01 - 03250891 _____ C:\Users\Dad\Downloads\Aint gay 2.webm
2015-10-01 17:24 - 2015-09-15 12:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-01 17:24 - 2015-09-15 12:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-01 08:38 - 2015-10-01 08:38 - 00011232 _____ C:\Users\Dad\Documents\cc_20151001_083813.reg
2015-10-01 05:48 - 2015-10-01 05:48 - 03141122 _____ C:\Users\Dad\Downloads\1443331162040.webm
2015-10-01 00:39 - 2015-09-17 02:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 00:39 - 2015-09-17 02:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 00:39 - 2015-09-17 02:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 00:39 - 2015-09-17 02:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 00:39 - 2015-09-17 02:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 00:39 - 2015-09-17 02:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 00:39 - 2015-09-17 02:12 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 00:39 - 2015-09-17 02:07 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 00:39 - 2015-09-17 02:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 00:39 - 2015-09-17 02:00 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 00:39 - 2015-09-17 02:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 00:39 - 2015-09-17 02:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 00:39 - 2015-09-17 01:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 00:39 - 2015-09-17 01:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 00:39 - 2015-09-17 01:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 00:39 - 2015-09-17 01:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 00:39 - 2015-09-17 01:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 00:39 - 2015-09-17 01:47 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 00:39 - 2015-09-17 01:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 00:39 - 2015-09-17 01:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 00:39 - 2015-09-17 01:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 00:39 - 2015-09-17 01:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 00:39 - 2015-09-17 01:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 00:38 - 2015-09-24 20:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 00:38 - 2015-09-24 20:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 00:38 - 2015-09-24 20:13 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 00:38 - 2015-09-24 19:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 00:38 - 2015-09-24 19:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 00:38 - 2015-09-24 19:24 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 00:38 - 2015-09-24 19:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 00:38 - 2015-09-24 19:23 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 00:38 - 2015-09-24 19:17 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 00:38 - 2015-09-24 19:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 00:38 - 2015-09-24 19:07 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 00:38 - 2015-09-24 19:06 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 00:38 - 2015-09-24 19:05 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 00:38 - 2015-09-24 19:01 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 00:38 - 2015-09-24 19:01 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 00:38 - 2015-09-24 19:00 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 00:38 - 2015-09-24 19:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 00:38 - 2015-09-24 19:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 00:38 - 2015-09-24 19:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 00:38 - 2015-09-24 18:53 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 00:38 - 2015-09-24 18:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 00:38 - 2015-09-24 18:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 00:38 - 2015-09-24 18:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 00:38 - 2015-09-24 18:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 00:38 - 2015-09-24 18:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 00:38 - 2015-09-24 18:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 00:38 - 2015-09-24 18:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 00:38 - 2015-09-24 18:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 00:38 - 2015-09-24 18:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 00:38 - 2015-09-24 18:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 00:38 - 2015-09-19 01:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 00:38 - 2015-09-17 02:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 00:38 - 2015-09-17 02:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 00:38 - 2015-09-17 02:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 00:38 - 2015-09-17 02:49 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 00:38 - 2015-09-17 02:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 00:38 - 2015-09-17 02:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 00:38 - 2015-09-17 02:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 00:38 - 2015-09-17 02:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 00:38 - 2015-09-17 02:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 00:38 - 2015-09-17 02:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 00:38 - 2015-09-17 02:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 00:38 - 2015-09-17 02:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 00:38 - 2015-09-17 02:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 00:38 - 2015-09-17 02:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 00:38 - 2015-09-17 02:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 00:38 - 2015-09-17 02:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 00:38 - 2015-09-17 02:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 00:38 - 2015-09-17 02:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 00:38 - 2015-09-17 02:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 00:38 - 2015-09-17 02:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 00:38 - 2015-09-17 02:39 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 00:38 - 2015-09-17 02:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 00:38 - 2015-09-17 02:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 00:38 - 2015-09-17 02:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 00:38 - 2015-09-17 02:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 00:38 - 2015-09-17 02:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 00:38 - 2015-09-17 02:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 00:38 - 2015-09-17 02:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 00:38 - 2015-09-17 02:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 00:38 - 2015-09-17 02:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 00:38 - 2015-09-17 02:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 00:38 - 2015-09-17 02:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 00:38 - 2015-09-17 02:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 00:38 - 2015-09-17 02:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 00:38 - 2015-09-17 02:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 00:38 - 2015-09-17 02:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 00:38 - 2015-09-17 02:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 00:38 - 2015-09-17 02:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 00:38 - 2015-09-17 02:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 00:38 - 2015-09-17 02:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 00:38 - 2015-09-17 02:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 00:38 - 2015-09-17 02:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 00:38 - 2015-09-17 02:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 00:38 - 2015-09-17 02:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 00:38 - 2015-09-17 02:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 00:38 - 2015-09-17 02:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 00:38 - 2015-09-17 02:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 00:38 - 2015-09-17 02:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 00:38 - 2015-09-17 02:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 00:38 - 2015-09-17 02:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 00:38 - 2015-09-17 02:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 00:38 - 2015-09-17 02:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 00:38 - 2015-09-17 02:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 00:38 - 2015-09-17 02:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 00:38 - 2015-09-17 02:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 00:38 - 2015-09-17 02:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 00:38 - 2015-09-17 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 00:38 - 2015-09-17 02:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 00:38 - 2015-09-17 02:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 00:38 - 2015-09-17 02:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 00:38 - 2015-09-17 02:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 00:38 - 2015-09-17 01:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 00:38 - 2015-09-17 01:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 00:38 - 2015-09-17 01:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 00:38 - 2015-09-17 01:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 00:38 - 2015-09-17 01:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 00:38 - 2015-09-17 01:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 00:38 - 2015-09-17 01:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 00:38 - 2015-09-17 01:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 00:38 - 2015-09-17 01:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 00:38 - 2015-09-17 01:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 00:38 - 2015-09-17 01:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 00:38 - 2015-09-17 01:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 00:38 - 2015-09-17 01:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 00:38 - 2015-09-17 01:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 00:38 - 2015-09-17 01:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 00:38 - 2015-09-17 01:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 00:38 - 2015-09-17 01:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 00:38 - 2015-09-17 01:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 00:38 - 2015-09-17 01:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 00:38 - 2015-09-17 01:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 00:38 - 2015-09-17 01:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 00:38 - 2015-09-17 01:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 00:38 - 2015-09-17 01:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 00:38 - 2015-09-17 01:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 00:38 - 2015-09-17 01:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 00:38 - 2015-09-17 01:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 00:38 - 2015-09-17 01:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 00:38 - 2015-09-17 01:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 00:38 - 2015-09-17 01:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 00:38 - 2015-09-17 01:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 00:38 - 2015-09-17 01:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 00:38 - 2015-09-17 01:45 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 00:38 - 2015-09-17 01:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 00:38 - 2015-09-17 01:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 00:38 - 2015-09-17 01:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 00:38 - 2015-09-17 01:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 00:38 - 2015-09-17 01:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 00:38 - 2015-09-17 01:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 00:38 - 2015-09-17 01:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 00:38 - 2015-09-17 01:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 00:38 - 2015-09-17 01:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 00:38 - 2015-09-17 01:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 00:38 - 2015-09-17 01:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 00:38 - 2015-09-17 01:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 00:38 - 2015-09-17 01:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 00:38 - 2015-09-17 01:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 00:38 - 2015-09-17 01:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 00:38 - 2015-09-17 01:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 00:38 - 2015-09-17 01:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 00:38 - 2015-09-17 01:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 00:38 - 2015-09-17 01:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 00:38 - 2015-09-17 01:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 00:38 - 2015-09-17 01:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 00:38 - 2015-09-17 01:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 00:38 - 2015-09-17 01:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 00:38 - 2015-09-17 01:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 00:38 - 2015-09-17 01:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 00:38 - 2015-09-17 01:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 00:38 - 2015-09-17 01:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 00:38 - 2015-09-17 01:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 00:38 - 2015-09-17 01:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 00:38 - 2015-09-17 01:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 00:38 - 2015-09-17 01:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 00:38 - 2015-09-17 01:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 00:38 - 2015-09-17 01:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 00:38 - 2015-09-17 01:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 00:38 - 2015-09-17 01:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 00:38 - 2015-09-17 01:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 00:38 - 2015-09-17 01:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 00:38 - 2015-09-17 01:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-01 00:38 - 2015-09-17 01:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 00:38 - 2015-09-17 01:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 00:38 - 2015-09-12 22:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 00:38 - 2015-09-12 21:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-09-29 07:50 - 2015-09-29 07:50 - 01472409 _____ C:\Users\Dad\Documents\Parkent National Tpk.JPG.oxps
2015-09-29 01:12 - 2015-09-29 01:12 - 00016148 _____ C:\WINDOWS\system32\BULLDOG_Courtland School_HistoryPrediction.bin
2015-09-29 00:46 - 2015-09-29 00:46 - 00002428 _____ C:\Users\Courtland School.Bulldog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-29 00:46 - 2015-09-29 00:46 - 00000000 ___RD C:\Users\Courtland School.Bulldog\OneDrive
2015-09-29 00:44 - 2015-09-29 00:44 - 04474368 _____ C:\Users\Courtland School.Bulldog\Downloads\PORvsPARA (2) (1).ppt
2015-09-29 00:44 - 2015-09-29 00:44 - 04471808 _____ C:\Users\Courtland School.Bulldog\Downloads\PORvsPARA (2).ppt
2015-09-29 00:42 - 2015-09-29 00:42 - 00000000 ____D C:\Users\Courtland School.Bulldog\AppData\Local\Publishers
2015-09-29 00:40 - 2015-09-29 00:59 - 00000000 ____D C:\Users\Courtland School.Bulldog\AppData\Local\Packages
2015-09-29 00:40 - 2015-09-29 00:40 - 00001656 __RSH C:\Users\Courtland School.Bulldog\ntuser.pol
2015-09-29 00:40 - 2015-09-29 00:40 - 00000020 ___SH C:\Users\Courtland School.Bulldog\ntuser.ini
2015-09-29 00:40 - 2015-09-29 00:40 - 00000000 ____D C:\Users\Courtland School.Bulldog\AppData\Local\TileDataLayer
2015-09-22 21:29 - 2015-09-18 18:08 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-09-22 21:29 - 2015-09-13 20:24 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435598.dll
2015-09-22 21:29 - 2015-09-13 20:24 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435598.dll
2015-09-22 18:32 - 2015-08-11 00:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-09-21 15:43 - 2015-09-21 15:43 - 00000000 ____D C:\Users\Dad\Desktop\0m Enhanced Sound Pack
2015-09-20 14:58 - 2015-09-20 14:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-20 14:56 - 2015-09-20 14:58 - 173954160 _____ (Kaspersky Lab) C:\Users\Dad\Downloads\kts16.0.0.614en_8243.exe
2015-09-20 14:25 - 2015-09-20 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-09-20 14:25 - 2015-09-20 14:23 - 00002184 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-09-20 14:22 - 2015-06-30 01:05 - 00937656 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-09-20 14:20 - 2015-09-20 14:20 - 01732208 _____ (Kaspersky Lab) C:\Users\Dad\Downloads\kts16.0.0.614en_8208.exe
2015-09-20 11:58 - 2015-09-20 11:58 - 02642809 _____ C:\Users\Dad\Downloads\Weebu.webm
2015-09-19 09:33 - 2015-09-19 09:34 - 00036831 _____ C:\Users\Dad\Desktop\Jaret Hill family tree.ged.txt
2015-09-19 09:28 - 2015-09-19 09:34 - 00000000 ____D C:\Users\Dad\Documents\MyHeritage
2015-09-19 09:28 - 2015-09-19 09:32 - 00000000 ____D C:\ProgramData\MyHeritage
2015-09-19 09:28 - 2015-09-19 09:29 - 00000000 ____D C:\Users\Dad\AppData\Roaming\MyHeritage
2015-09-19 09:28 - 2015-09-19 09:28 - 00001194 _____ C:\Users\Dad\Desktop\MyHeritage Family Tree Builder.lnk
2015-09-19 09:28 - 2015-09-19 09:28 - 00000000 ____D C:\Users\Dad\AppData\Roaming\The Complete Genealogy Reporter - FTB
2015-09-19 09:28 - 2015-09-19 09:28 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2015-09-19 09:28 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) C:\WINDOWS\SysWOW64\HexUniRTFBox.ocx
2015-09-19 09:28 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) C:\WINDOWS\SysWOW64\PDFDocScout.DLL
2015-09-19 09:28 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2015-09-19 09:28 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ijl15.dll
2015-09-19 09:28 - 2002-03-07 01:19 - 00454656 _____ () C:\WINDOWS\SysWOW64\PaintX.dll
2015-09-19 09:28 - 2000-05-22 17:58 - 00608448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2015-09-19 09:28 - 1998-06-24 01:00 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmapi32.ocx
2015-09-19 09:27 - 2015-09-19 09:28 - 00000000 ____D C:\Program Files (x86)\MyHeritage
2015-09-19 09:25 - 2015-09-19 09:26 - 36843992 _____ C:\Users\Dad\Downloads\family_tree_builder_7143.exe
2015-09-15 01:29 - 2015-09-15 01:29 - 02979566 _____ C:\Users\Dad\Downloads\1441405032999.webm
2015-09-15 01:15 - 2015-09-15 01:16 - 02983092 _____ C:\Users\Dad\Downloads\1440451952534.webm
2015-09-15 01:14 - 2015-09-15 01:14 - 00694355 _____ C:\Users\Dad\Downloads\1442279672448.webm
2015-09-15 00:46 - 2015-09-15 00:46 - 03046847 _____ C:\Users\Dad\Downloads\1442124153356.webm
2015-09-15 00:44 - 2015-09-15 00:45 - 03115936 _____ C:\Users\Dad\Downloads\1442123886866.webm
2015-09-15 00:36 - 2015-09-15 00:36 - 03006422 _____ C:\Users\Dad\Downloads\Das Horn.webm
2015-09-14 18:57 - 2015-09-14 19:20 - 00000000 ____D C:\Users\Dad\Desktop\Adams, Mark
2015-09-14 09:47 - 2015-09-14 09:47 - 00006958 _____ C:\Users\Dad\Documents\cc_20150914_094740.reg
2015-09-14 09:46 - 2015-09-14 09:46 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-14 09:45 - 2015-09-14 09:46 - 06667640 _____ (Piriform Ltd) C:\Users\Dad\Downloads\ccsetup509.exe
2015-09-13 22:51 - 2015-09-13 22:52 - 04064503 _____ C:\Users\Dad\Downloads\1442114421332.webm
2015-09-13 22:45 - 2015-09-13 22:45 - 02958245 _____ C:\Users\Dad\Downloads\1441947237375.webm
2015-09-13 22:40 - 2015-09-13 22:40 - 03834499 _____ C:\Users\Dad\Downloads\1441706364248.webm
2015-09-13 22:39 - 2015-09-13 22:39 - 04189599 _____ C:\Users\Dad\Downloads\1441702346841.webm
2015-09-13 19:38 - 2015-09-13 19:38 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-09-13 19:38 - 2015-09-13 19:38 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-09-13 19:38 - 2015-09-13 19:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 13:23 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-12 13:10 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-12 12:51 - 2012-11-01 12:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-12 12:50 - 2012-10-14 17:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-12 12:44 - 2015-09-06 13:53 - 01020354 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-12 12:44 - 2014-07-06 16:20 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 12:44 - 2012-10-15 09:47 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-12 12:43 - 2015-01-07 18:28 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2015-10-12 12:41 - 2015-09-06 13:55 - 00000000 ____D C:\Users\Dad
2015-10-12 12:41 - 2012-10-15 09:47 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-12 12:38 - 2015-09-06 13:50 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-12 12:38 - 2015-09-06 13:41 - 00018464 _____ C:\WINDOWS\PFRO.log
2015-10-12 12:38 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-12 12:38 - 2014-07-06 16:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-12 12:37 - 2015-07-10 05:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-12 12:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-12 12:33 - 2014-01-31 14:23 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000UA.job
2015-10-12 12:25 - 2014-12-23 22:23 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-12 12:25 - 2014-12-23 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-12 12:13 - 2014-07-06 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-12 10:43 - 2012-11-13 21:43 - 00000000 ____D C:\Users\Dad\AppData\Roaming\TS3Client
2015-10-12 08:06 - 2015-09-06 21:12 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A00F224A-89A0-4F1F-A0E0-5820B11E8359}
2015-10-11 22:33 - 2014-01-31 14:23 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000Core.job
2015-10-11 18:13 - 2014-03-28 19:24 - 00000000 ____D C:\Users\Dad\AppData\Roaming\vlc
2015-10-11 18:13 - 2012-10-14 19:10 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Azureus
2015-10-11 15:16 - 2012-11-13 21:41 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-10-11 14:37 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-10 10:37 - 2015-09-06 17:29 - 00000000 ____D C:\Windows.old
2015-10-09 23:29 - 2012-10-18 00:34 - 00000000 ____D C:\ProgramData\Origin
2015-10-09 22:45 - 2015-09-06 13:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-09 22:45 - 2015-06-23 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-09 22:45 - 2013-09-15 13:25 - 00000000 ____D C:\Temp
2015-10-09 22:44 - 2015-07-10 08:20 - 00027572 _____ C:\WINDOWS\setupact.log
2015-10-09 17:17 - 2012-10-14 17:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-08 22:46 - 2012-10-14 19:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-08 12:34 - 2012-10-18 00:34 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-10-08 11:10 - 2015-03-22 17:10 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-10-07 22:22 - 2012-10-18 00:34 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-10-07 22:20 - 2014-06-08 15:14 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-07 22:20 - 2012-10-18 00:34 - 00000000 ____D C:\Users\Dad\AppData\Local\Origin
2015-10-07 22:20 - 2012-10-18 00:33 - 00000000 ____D C:\Program Files (x86)\Origin
2015-10-07 22:17 - 2012-10-18 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-10-06 19:39 - 2012-10-14 17:20 - 00151456 _____ C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-06 14:45 - 2015-08-29 00:43 - 11210056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-10-04 07:05 - 2013-07-12 22:28 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Mumble
2015-10-04 05:49 - 2013-01-21 14:34 - 00000000 ____D C:\Users\Dad\Documents\Asheron's Call
2015-10-04 04:23 - 2015-06-23 15:57 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-10-04 04:23 - 2015-06-23 15:57 - 01317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-10-04 04:22 - 2015-06-23 15:57 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-10-04 04:22 - 2015-06-23 15:57 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-10-03 09:20 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-03 00:58 - 2015-08-29 00:43 - 18354984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-10-03 00:58 - 2015-08-29 00:43 - 15803800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-10-03 00:58 - 2015-08-29 00:43 - 12868120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-10-03 00:58 - 2015-08-29 00:43 - 03534888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-10-03 00:58 - 2015-08-29 00:43 - 03121144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-10-03 00:58 - 2015-08-07 08:10 - 00034392 _____ C:\WINDOWS\system32\nvinfo.pb
2015-10-03 00:58 - 2012-10-14 17:15 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-03 00:58 - 2012-10-14 17:15 - 00105264 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-02 22:38 - 2015-09-06 13:50 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-02 22:38 - 2015-09-06 13:50 - 02982704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-02 22:38 - 2015-09-06 13:50 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-02 22:38 - 2015-09-06 13:50 - 00938800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-02 22:38 - 2015-09-06 13:50 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-02 22:38 - 2015-09-06 13:50 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-01 17:24 - 2015-09-06 13:55 - 00000000 ____D C:\Users\Courtland School.Bulldog
2015-10-01 17:18 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-01 17:18 - 2015-07-10 07:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-01 17:18 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-01 17:18 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-01 17:17 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-01 17:17 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-01 17:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-01 17:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-01 17:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-01 07:48 - 2012-10-15 09:47 - 00000000 ____D C:\Users\Dad\AppData\Local\Google
2015-10-01 06:07 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-01 05:30 - 2015-09-06 13:50 - 05284082 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-09-29 00:40 - 2015-09-06 13:55 - 00000000 ___RD C:\Users\Courtland School.Bulldog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-29 00:40 - 2013-01-21 23:45 - 00002332 _____ C:\Users\Courtland School.Bulldog\Desktop\Google Chrome.lnk
2015-09-27 17:16 - 2013-04-12 14:34 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-09-23 11:41 - 2015-06-11 07:25 - 00000000 ____D C:\Users\Dad\Desktop\Ashley Pointe
2015-09-23 11:04 - 2012-10-14 19:31 - 00000000 ____D C:\Users\Dad\Documents\LAW FILES
2015-09-22 12:51 - 2012-11-01 12:57 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-20 14:25 - 2012-10-14 17:26 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-09-20 14:23 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-20 14:22 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2015-09-18 18:08 - 2015-08-29 00:43 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-09-18 18:08 - 2015-08-29 00:43 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-09-18 08:06 - 2015-07-10 09:12 - 00000000 ____D C:\WINDOWS\OCR
2015-09-18 08:06 - 2015-07-10 08:20 - 00477496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-16 03:56 - 2015-09-06 14:31 - 00000000 ____D C:\Users\Dad\AppData\Local\Packages
2015-09-15 22:28 - 2014-01-31 14:23 - 00004028 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000UA
2015-09-15 22:28 - 2014-01-31 14:23 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000Core
2015-09-14 19:39 - 2012-10-15 09:47 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 19:39 - 2012-10-15 09:47 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 09:46 - 2012-10-14 23:32 - 00000000 ____D C:\Program Files\CCleaner
2015-09-12 13:32 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 12:29 - 2015-09-07 16:58 - 00000000 ____D C:\Users\Dad\AppData\Local\Comms

==================== Files in the root of some directories =======

2012-12-04 23:43 - 2012-12-04 23:43 - 0037841 _____ () C:\Users\Dad\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-11-03 19:01 - 2015-07-13 01:25 - 0011776 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-15 00:21 - 2012-10-15 00:21 - 0000091 _____ () C:\Users\Dad\AppData\Local\fusioncache.dat
2015-08-12 08:10 - 2015-08-12 08:10 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Dad\AppData\Local\setup.txt
2012-10-15 14:18 - 2014-11-26 15:51 - 0001289 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Dad\driveragent.exe
C:\Users\Dad\GoogleCalendarSync_Installer.exe


Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\i4jdel0.exe
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-04 09:49

==================== End of FRST.txt ============================


Addition.txt Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by Dad (2015-10-12 13:26:04)
Running from C:\Users\Dad\Desktop\Computer Maint
Windows 10 Pro (X64) (2015-09-06 18:30:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2375771536-2672884834-688610250-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2375771536-2672884834-688610250-1006 - Limited - Enabled)
Courtland School (S-1-5-21-2375771536-2672884834-688610250-1008 - Administrator - Enabled) => C:\Users\Courtland School.Bulldog
Dad (S-1-5-21-2375771536-2672884834-688610250-1000 - Administrator - Enabled) => C:\Users\Dad
DefaultAccount (S-1-5-21-2375771536-2672884834-688610250-503 - Limited - Disabled)
Guest (S-1-5-21-2375771536-2672884834-688610250-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2375771536-2672884834-688610250-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC Multiclient (HKLM-x32\...\{162D12B4-E05F-487A-8782-8A90B8133808}) (Version: 1.0.0 - Losado)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.16 - ASUSTeK Computer Inc.)
Asheron's Call (HKLM-x32\...\{FF85B39D-4403-4F95-90A0-316DC7F75CD2}) (Version: 1.00.0000 - Turbine)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.4 - Auslogics Software Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
dBpoweramp [Arrange Audio] Codec (HKLM-x32\...\dBpoweramp [Arrange Audio] Codec) (Version: Release 3 - Illustrate)
dBpoweramp [Audio Info] Codec (HKLM-x32\...\dBpoweramp [Audio Info] Codec) (Version: Release 1 - Illustrate)
dBpoweramp [Channel Split] Codec (HKLM-x32\...\dBpoweramp [Channel Split] Codec) (Version:  - )
dBpoweramp [ID Tag Update] Codec (HKLM-x32\...\dBpoweramp [ID Tag Update] Codec) (Version:  - )
dBpoweramp [Length Split] Codec (HKLM-x32\...\dBpoweramp [Length Split] Codec) (Version:  - )
dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 3 - Illustrate)
dBpoweramp [ReplayGain] Codec (HKLM-x32\...\dBpoweramp [ReplayGain] Codec) (Version: Release 2 - Illustrate)
dBpoweramp [Tag From Filename] Codec (HKLM-x32\...\dBpoweramp [Tag From Filename] Codec) (Version: Release 1 - Illustrate)
Decal 3.0 (2.9.7.5) (HKLM-x32\...\{6732F78F-6E90-47A5-9A6C-1A59D0C657B9}) (Version: 2.9.0705 - Decal Development)
Dell System Detect (HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )
Dropbox (HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
dupeGuru Picture Edition (HKLM\...\{C9A60D50-28B0-4BCB-B720-1ECACA351F09}) (Version: 2.10.1 - Hardcoded Software)
EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1124 - Intel Corporation)
Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.0.0.2003 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
LifeTank X (HKLM-x32\...\{2C8471EC-67D7-4518-88F9-32D57BB2EBDF}) (Version: 11.9.0.8 - Reality)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{056913A2-B256-4C31-8884-8AB78AF764F4}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Mozilla Thunderbird 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
MSI Afterburner 2.2.4 (HKLM-x32\...\Afterburner) (Version: 2.2.4 - MSI Co., LTD)
MSI Kombustor 2.4.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.89.107.0 - Overwolf Ltd.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 1.00.0001 - Plantronics)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27405 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
School Mate 2 (HKLM-x32\...\{BC980840-FC67-4027-9055-251136406614}_is1) (Version: 1.3 - randompirate)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Soda PDF 3D Reader (HKLM-x32\...\Soda PDF 3D Reader) (Version: 6.0.22.17373 - LULU Software Limited)
Soda PDF 3D Reader Asian Fonts Pack (x32 Version: 6.0.10.16430 - LULU Software Limited) Hidden
Soda PDF 3D Reader Create Module (x32 Version: 6.0.10.16430 - LULU Software Limited) Hidden
Soda PDF 3D Reader View Module (x32 Version: 6.0.10.16430 - LULU Software Limited) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)
StarParse (HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\{fxApplication}}_is1) (Version: 0.6 - Ixale)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The Lord of the Rings Online™ v03.07.00.8037 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.07.00.8037 - Turbine, Inc.)
The Lord of the Rings Online™: Riders of Rohan™! v03.08.00.1107 (HKLM-x32\...\e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1) (Version: 03.08.00.1107 - Turbine, Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Universal Extractor 1.5 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.5 - Jared Breland)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 11.2 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}) (Version: 11.3.8261 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2375771536-2672884834-688610250-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-09-2015 16:23:36 Windows Update
30-09-2015 10:34:49 Scheduled Checkpoint
07-10-2015 22:19:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
09-10-2015 17:15:57 Installed Integrated Webcam
12-10-2015 12:10:42 Revo Uninstaller's restore point - Counter-Strike

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02754D56-6196-46DE-8993-1646FFF7A228} - System32\Tasks\{02330314-59E9-4895-B9FB-54C4616CC9E6} => pcalua.exe -a C:\Users\Dad\Downloads\colorcubesviz.exe -d C:\Users\Dad\Downloads
Task: {0989F3FF-4550-4B61-BC50-B347B281D74A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0D1FD061-01F8-4070-92C2-104709C0AC39} - System32\Tasks\{D96EEC79-06DF-434E-B587-F3A7CC77F945} => pcalua.exe -a C:\Users\Dad\Downloads\trilogyiii.exe -d C:\Users\Dad\Downloads
Task: {0DBF61A2-2A9B-4910-874A-838D80208BA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D22EAFE-F02E-43DC-B76F-F6BD6103EE13} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {254FFAA9-6578-4D15-95E7-F30D61C2F818} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {25CFBD4D-0194-4F3A-A7A3-65EC7513409E} - System32\Tasks\{E8758525-BD4F-4726-8753-018C5B31504F} => D:\SETUP.EXE
Task: {260BCD35-EA85-44AD-9236-10D779793A1F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2E6C4A5F-CF90-4061-BEC9-935CA4992EEA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {377252BB-598A-4F1E-89DF-E670AF16EF53} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {491B16BD-B89A-44D2-85BC-EE44031322F9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {4FD4DE89-70BC-455A-B452-A2206D8FF237} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {53C88061-C20D-454A-95F4-C75B1D13F26A} - System32\Tasks\{7466ED5F-D439-4309-BE00-655CC222050D} => D:\SETUP.EXE
Task: {59B94C4E-ACD8-437B-9AC8-A64E6B67268E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5EBF95AB-8252-4716-B207-B1246B29A8D3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {60C4BBCE-55F5-43FB-BF6B-E2236D649B9C} - System32\Tasks\{06A56FA6-229E-4B6E-BD11-136B22A52598} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Universal Extractor\UniExtract.exe"
Task: {6916DE0B-7B28-4279-9296-1A6697684F88} - System32\Tasks\{8F6F2FB0-9DB6-488D-870F-3F3F3D4187EB} => pcalua.exe -a C:\Users\Dad\Desktop\uniextract15.exe -d C:\Users\Dad\Desktop
Task: {6D2758B5-C1D3-4554-B22E-44D6F978A05D} - System32\Tasks\Core Temp Autostart Dad => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {778959F3-DF1E-41F5-B342-9E160A0A2844} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {7E21E523-5282-4E77-B94D-9900D1EC2DBB} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {8111C12F-1AE4-4E5B-9753-B4B1B5486C04} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {85036DA8-276D-4A3B-A284-C032DED13D23} - System32\Tasks\{4E537D1C-67ED-4606-9015-1B4AF3E9AAD0} => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe
Task: {87797C2F-5958-429C-AFB0-2F65CDCC037E} - System32\Tasks\{DD458984-9B47-4B0C-9C88-F65C28819A4F} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {99C8A6DF-8DCA-4860-B09E-9688F84F3EFF} - System32\Tasks\{71CAD71D-D412-48C1-81DB-25038E0C34BA} => pcalua.exe -a "C:\Users\Dad\Documents\Vuze Downloads\uniextract15.exe" -d "C:\Users\Dad\Documents\Vuze Downloads"
Task: {9F31DF66-8154-4248-9B86-13886B157225} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000UA => C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A39200EE-E109-47CF-9300-47235036EE24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000Core => C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A709DE9B-5E36-4C4D-93BD-70BAA629F541} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {A78D0BC7-FDB4-48A3-989C-76CC5248CAC8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {AD97272F-6D89-48C8-B408-D72F8257B6D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B6651392-8488-44D3-88AE-1F59E50E7D5F} - System32\Tasks\{1E0AC574-7B4E-4830-83E6-2AC0DB0E5ED4} => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe
Task: {B9F47739-0E3E-4F2C-ABE0-A94A5A075DB5} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-09-29] (Overwolf LTD)
Task: {BB592E28-0F0B-46D9-9E46-FA6B651014F4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BEAA8134-6C4C-4305-AEC8-CC8437577698} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C950E685-C892-4CE6-ADD3-85A3A650E341} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CD171D06-947F-4094-8060-0A94E34199AC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CDB4E834-0F91-418B-B063-BE9E3BBE7B9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D2F93F8F-7EFE-42F9-9963-5D76F08EE8C1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D4782DD5-FB6A-4F04-B842-14B38E788754} - System32\Tasks\{95160F8A-BCAB-4ED1-ACE0-9BB3A538B061} => C:\Program Files (x86)\Universal Extractor\UniExtract.exe [2007-02-22] ()
Task: {D4B1DEE0-27A6-48CC-82C1-913452A722B2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D5A6B95A-0911-4AAF-A30C-4B6EBEA17883} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D67B01E4-5ADF-47DA-9373-6B5579DC5221} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DE9BD4C0-6462-4349-A1A9-72C8D2C61292} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {DEB3C56B-A7C1-432D-9C00-9CEB0EBA13A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {DFCBA967-86AF-4FFF-8A30-78E405467B41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E8C55319-AA3F-4412-8FFC-85707C23E6C8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {ECBFAC09-BAFC-4DD5-98BE-9B243BAD67ED} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FAFE4572-FAD0-4B4A-B18B-D1BC086DE5FB} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2011-09-19] (ASUSTeK Computer Inc.)
Task: {FC14CDD8-5C66-4448-A613-31454963E23E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {FF1D96E4-93A9-4E28-9C74-4F1F84F74CDE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000Core.job => C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2375771536-2672884834-688610250-1000UA.job => C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-06 17:28 - 2015-09-06 17:28 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-06 13:50 - 2015-10-02 22:38 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-06 17:28 - 2015-09-06 17:28 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2012-10-14 21:22 - 2011-10-29 09:59 - 00918448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2012-10-14 21:23 - 2010-10-21 17:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2015-06-23 15:11 - 2015-06-23 15:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-10-01 00:39 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-17 08:32 - 2012-10-14 21:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
2015-10-01 00:39 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 00:38 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 00:39 - 2015-09-17 01:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 00:38 - 2015-09-17 01:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 00:38 - 2015-09-17 01:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 00:39 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 14:27 - 2015-09-01 14:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 14:27 - 2015-09-01 14:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2012-10-14 21:22 - 2015-10-12 12:38 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2012-10-14 21:22 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2015-09-08 11:32 - 2015-09-08 11:32 - 00019968 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PSIClient\64ac277a63c8ef2eb9f3dc3a6d5f249b\PSIClient.ni.dll
2015-06-23 15:57 - 2015-10-04 04:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-10-14 21:30 - 2011-03-04 16:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-10-14 21:30 - 2011-09-08 15:23 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2012-10-14 21:23 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-10-14 21:23 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-10-14 21:25 - 2011-08-22 10:36 - 01074688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2012-10-14 21:23 - 2011-09-20 18:11 - 00985600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2012-10-14 21:27 - 2011-08-23 16:19 - 01294848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-10-14 21:23 - 2011-09-29 15:12 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-10-14 21:23 - 2011-09-26 18:37 - 01616384 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-10-14 21:23 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-10-14 21:23 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-10-14 21:23 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-10-14 21:29 - 2011-06-08 11:15 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
2012-10-14 21:23 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-10-14 21:23 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dad\Documents\P4030065.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Dad\Documents\P4030065.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Control Panel\Desktop\\Wallpaper -> c:\users\dad\appdata\local\microsoft\windows\themes\baker det (2)\desktopbackground\desktop background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GamecomSound => C:\Program Files\Plantronics\GameCom780\GameCom780.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RzWizard => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Family Tree Builder Update"
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{1C1E78C1-B5E1-4207-81F4-075993742010}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{D329462B-0B51-47D2-A920-C14153AF38F2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{2D69EE77-6090-4ECE-8507-87B21379ABA6}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{0A5F4342-F630-4BC1-9F53-7498D19F87AF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{98B8AAB1-575E-43A9-90ED-796107888FD9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{A5B1379E-7D01-41F7-B49F-CA5325663F07}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{4A9B8150-FD72-4D13-B8BE-F7525C11F28B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81A6D8FF-4F4F-4B23-850E-4D0DB004F323}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4C77366-2AD4-472C-9EA9-0558ACC45EED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D55D7B1B-1C0A-409E-9DAE-38C24CA6BCC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2806B2B1-8B23-4F22-8C6C-88DFEDAFA577}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{01579611-CC53-4526-B712-CE84336DD3F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FB43EEA4-D49E-4938-B3F5-CFE6DF773DC4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D4D3CD2A-EC9A-4DFE-8B24-111939ABACAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D90C94A-1EE4-43A1-B6C2-8FD7D4A45B61}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0C451DD7-EFC4-41D8-97FA-A8FC861BA0D6}] => (Allow) LPort=1900
FirewallRules: [{1EB32081-E960-4588-8EA7-A9B57FB8470F}] => (Allow) LPort=2869
FirewallRules: [{7FC7FCF2-B1D8-4C40-83AE-DE764E0F0CD5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A9A5684-F18E-4000-BFB7-E15883513E2C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{084A165C-5428-4FCF-A555-75C09A038E5E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{F127C7E6-2C2F-43D4-AFEB-A902FD2906E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0070571D-794E-45A1-84CF-8EDBE4F38E9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DEEA802D-1021-49BF-B953-45BA2579356D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{75FBC77D-2FA7-461A-90F0-5A97357ABD70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DFE10F5-8CFC-4A13-9682-5D8EA06AB99C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F2589452-CAF4-4043-9808-31AA33880C53}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E1AD9FD1-CFBB-4CB6-A77B-8A7A222EA940}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0BF5F7FF-7968-4EF4-9066-5271A2344E95}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2362420E-492D-4615-933F-ECFBECB9AB1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{23DD5DEA-AC1A-430C-87CB-7FE74D6AF5D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C2E205B1-2583-43F8-BCB5-E4F74190BCA3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8590348-A346-45FE-8D55-F5C59F820A33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{710C4B5A-4931-4AE0-87F8-4FDAFB8DD7F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{55F83C44-B2ED-418A-AE1D-3C4D502F5B4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{730722E5-052D-4B7C-9A70-E2EC8D79C328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{FBE2E57C-ED21-4A2E-974B-FACA710EA476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{49F994E7-A552-46C0-89E7-58D30F5E24AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{73459ACB-3CCC-484C-AE06-03BB720CEF69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C3FA516A-1619-4A4C-9C5B-1F40DAC1DF6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7789CF72-9D06-4884-873A-0A96BE2F9E0B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFB3931C-1A65-4198-899D-9CCD5CAD87F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A493E267-523C-464F-98A7-143EDA440751}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3B6F0F1E-9719-4694-825A-61395F35262E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{30483A35-A28B-4AD7-A88D-342B15A9E271}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui40.exe
FirewallRules: [UDP Query User{BB1B56F0-67E5-44C3-83C0-3398BC50F01B}C:\program files (x86)\turbine\asheron's call\acclient.exe] => (Block) C:\program files (x86)\turbine\asheron's call\acclient.exe
FirewallRules: [TCP Query User{3F7D53F5-C07C-4AA8-B9FF-8D03C71AADE7}C:\program files (x86)\turbine\asheron's call\acclient.exe] => (Block) C:\program files (x86)\turbine\asheron's call\acclient.exe
FirewallRules: [UDP Query User{642CABA7-D28C-40F9-BB6C-9C01C0F1A8CA}C:\program files (x86)\turbine\asheron's call\aclauncher.exe] => (Allow) C:\program files (x86)\turbine\asheron's call\aclauncher.exe
FirewallRules: [TCP Query User{E28FA304-6585-48EE-9975-DB9DD4D06789}C:\program files (x86)\turbine\asheron's call\aclauncher.exe] => (Allow) C:\program files (x86)\turbine\asheron's call\aclauncher.exe
FirewallRules: [{FC960346-5947-4561-B946-E089645D0366}] => (Allow) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{320468C3-780A-4BC9-8278-230E7B820916}] => (Allow) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EBBDD792-C65C-449C-8449-174A2BE3ADB9}] => (Allow) LPort=1900
FirewallRules: [{ED0ACF0F-7751-40D4-ABC3-8A0DAF534B27}] => (Allow) LPort=7900
FirewallRules: [{F9DF0A77-99C0-4977-85A6-A7E756DA95E7}] => (Allow) LPort=24234
FirewallRules: [{CF4B70B2-9590-46BA-9F81-697F4BCCE60A}] => (Allow) LPort=7679
FirewallRules: [{74CF0397-8819-476C-B7EB-4806D9103D82}] => (Allow) LPort=7676
FirewallRules: [{0B7D1702-C5B8-4307-BF8F-650DA1EC6047}] => (Allow) LPort=8643
FirewallRules: [{69646A7F-B3F4-4389-8A8A-D6195B00752C}] => (Allow) LPort=8743
FirewallRules: [{6A843BE1-3703-4CDE-BC95-92BD2CF0400B}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
FirewallRules: [{35824D19-146F-4879-A9D0-98D27D58E74D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{723CBBFB-7C1C-43EE-83AE-1F526FBE5FF9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BEA2B111-4C3A-4ABB-AD2E-8D68D4327052}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3AB7C441-4074-4594-95F2-9FB38EC01D89}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1DA6937A-A5E3-42B0-B84B-D5F442A21B06}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{E6699690-7D7F-441F-AF92-B7725189EE43}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{7E2FC5AE-D2B5-4C2D-8A58-3D5257293697}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{361796B8-9CA6-4696-993A-935CA576779F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{7169CA67-6BDE-44A9-A57A-1AF7BFDA667D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{8E2F557D-578C-4B3E-BC00-EA7548573C0A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{1BAAF30F-9C2F-47C1-BE3F-25CDC576EA5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{2A3AD197-6C0D-4BA5-AAD6-105C5ECAA2DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C5A5F8F0-C265-4D80-8D74-151D79AFAD86}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B786B01C-9DED-40EC-8530-417F8B3B79F6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1F00FC3F-748C-4A98-8776-5984E68ED368}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{B082F800-8D3B-4670-B15E-0BA417FB632A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{D45FCD2B-A781-4D29-AFC3-EC843B329F88}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F90DB9A2-7850-4086-A82E-EA8D52A61EF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{3FE9B9FB-05FC-45F4-9D52-B3EDFCDD8FA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{F859462C-F7EC-4742-937E-B8B00930A8E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3CAC68B6-129A-45DC-A1B2-6A77313791ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0117F413-A87A-4BC1-9523-C39318D68556}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{02151EB2-B362-48FF-97DD-BA2D6FF1B075}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{0E544A52-35F9-4764-BB51-9CDE3A85331A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{BDEDCC45-2033-431D-8552-5D85962BA51B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{21F8CE25-EE17-487A-87DA-AD98DC44E057}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{07364480-7986-43E1-B95C-7B807CAE433A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{6A62682E-5C7C-4727-8518-B3BCEC30E86D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{47B0B9AF-569B-4034-83F6-DC1D24C5EBD9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3B59D5D0-F2A5-4C42-82C2-607B98C1031F}] => (Allow) LPort=59028
FirewallRules: [{BE69AD15-A433-4A88-9A7E-846ED3CEA1ED}] => (Allow) LPort=59028
FirewallRules: [{A298E120-41E1-4AC5-876C-1E619DA2B592}] => (Allow) LPort=59028
FirewallRules: [{3053BA7F-68E0-4C3A-A33C-A3E807DDD673}] => (Allow) LPort=59028
FirewallRules: [{89F69405-2B60-444E-AD43-24DFD85BF385}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{1C1966EE-9DE9-4800-BFDC-61D9101D205A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{63ED7FAD-7CA3-4031-B8DA-BFF94D42CE7F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7D6917A3-CB45-4F72-87B5-54011424FB94}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B0FB3621-A2D0-42CE-82F3-A9A49F9F2E28}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{32509B82-FBCE-4740-8E87-6E0EEB1C0908}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{74DBCE6B-DBDB-489A-B482-9969B78A1BDD}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2015 01:06:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (10/12/2015 01:06:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (10/12/2015 12:10:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (10/12/2015 12:44:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/12/2015 12:42:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ROUTER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{82B32AF5-3D4A-40BC-9AA4-A1B937702C84}.
The master browser is stopping or an election is being forced.

Error: (10/12/2015 12:38:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (10/12/2015 12:36:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Message Queuing service depends on the Windows Event Log service which failed to start because of the following error:
%%1069

Error: (10/12/2015 12:36:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Event Log service failed to start due to the following error:
%%1069

Error: (10/12/2015 12:36:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The EventLog service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/12/2015 12:35:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/12/2015 12:35:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/12/2015 12:35:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/12/2015 12:35:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-10-10 10:23:01.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:44:38.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:44:38.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:44:38.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:44:38.872
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:44:37.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:43:14.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:43:14.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:43:14.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-09 22:43:14.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 19%
Total physical RAM: 16325.18 MB
Available physical RAM: 13143.07 MB
Total Virtual: 32709.18 MB
Available Virtual: 29285.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.85 GB) (Free:317.61 GB) NTFS
Drive e: () (Fixed) (Total:153.38 GB) (Free:57.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 153.4 GB) (Disk ID: E39DBBAD)
Partition 1: (Active) - (Size=153.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Jaret

Jaret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 October 2015 - 03:40 PM

I am standing by with ESET Online Scanner ready to run if requested.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 13 October 2015 - 08:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-2375771536-2672884834-688610250-1008\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2375771536-2672884834-688610250-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
U0 gteiarq; C:\Windows\System32\drivers\cuuu.sys [79064 2015-10-12] (Malwarebytes Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Windows\System32\drivers\cuuu.sys
C:\Users\Dad\AppData\Local\Temp\i4jdel0.exe
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll
Task: {0DBF61A2-2A9B-4910-874A-838D80208BA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59B94C4E-ACD8-437B-9AC8-A64E6B67268E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8111C12F-1AE4-4E5B-9753-B4B1B5486C04} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {D67B01E4-5ADF-47DA-9373-6B5579DC5221} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#6 Jaret

Jaret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 13 October 2015 - 12:47 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Dad (2015-10-13 13:32:46) Run:1
Running from C:\Users\Dad\Desktop\Computer Maint
Loaded Profiles: Dad (Available Profiles: Dad & Courtland School & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-2375771536-2672884834-688610250-1008\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2375771536-2672884834-688610250-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
U0 gteiarq; C:\Windows\System32\drivers\cuuu.sys [79064 2015-10-12] (Malwarebytes Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Windows\System32\drivers\cuuu.sys
C:\Users\Dad\AppData\Local\Temp\i4jdel0.exe
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll
Task: {0DBF61A2-2A9B-4910-874A-838D80208BA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59B94C4E-ACD8-437B-9AC8-A64E6B67268E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8111C12F-1AE4-4E5B-9753-B4B1B5486C04} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {D67B01E4-5ADF-47DA-9373-6B5579DC5221} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2375771536-2672884834-688610250-1008\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2375771536-2672884834-688610250-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll => not found.
C:\Windows\system32\Wat\npWatWeb.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
gteiarq => service removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\Windows\System32\drivers\cuuu.sys => moved successfully
"C:\Users\Dad\AppData\Local\Temp\i4jdel0.exe" => File/Folder not found.
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DBF61A2-2A9B-4910-874A-838D80208BA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DBF61A2-2A9B-4910-874A-838D80208BA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59B94C4E-ACD8-437B-9AC8-A64E6B67268E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59B94C4E-ACD8-437B-9AC8-A64E6B67268E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8111C12F-1AE4-4E5B-9753-B4B1B5486C04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8111C12F-1AE4-4E5B-9753-B4B1B5486C04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D67B01E4-5ADF-47DA-9373-6B5579DC5221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67B01E4-5ADF-47DA-9373-6B5579DC5221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
EmptyTemp: => 519.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:33:47 ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 14 October 2015 - 07:32 AM

How is the computer running now?

#8 Jaret

Jaret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 14 October 2015 - 07:59 AM

I applied the fix and rebooted.  I was holding so that I could run and use the system a while.  At first the system ran perfect.  I wasn't having the 404s.  Then they started again.  It appears it was Ad-Aware.  I uninstalled Ad-Aware using Revo Uninstaller "Moderate" setting.  Ad-Aware is now gone (hopefully).  Ad-Aware had been such a good program, I am unclear what exactly went wrong with it to cause these random 404s. [EDIT: In retrospect, I am confusing Ad Blocker Plus with Ad-Aware. I am not sure I ever installed Ad-Aware knowlingly.]

 

I will attach images below if I can.

 

404%20lavasoftCapture_zpskamyunsj.jpg

 

Ad-Aware%20404%20Capture_zpspmieaval.jpg


Edited by Jaret, 14 October 2015 - 08:21 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 14 October 2015 - 09:13 AM

Keep an eye on the system for a few days.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 20 October 2015 - 08:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users