Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Updater.exe in \Appdata\Local\29936?


  • Please log in to reply
18 replies to this topic

#1 clyderr

clyderr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 April 2016 - 01:29 PM

I ran an antivirus scan using AVAST! antivirus, and this file came up, with a severity level of high. It was located in C:\Users\MY_NAME\AppData\Local\29936\Updater.exe. Is it a virus? I haven't been able to find any good info on it online. Also, Avast automatically deleted it.



BC AdBot (Login to Remove)

 


#2 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 April 2016 - 02:34 PM

UPDATE:

Ran FRST

LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Clyde Rypins (administrator) on CLYDERYPINS-PC (10-04-2016 12:21:57)
Running from C:\Users\Clyde Rypins\Downloads
Loaded Profiles: Clyde Rypins (Available Profiles: Clyde Rypins & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\OSC\nvosc.exe
(Flux Software LLC) C:\Users\Clyde Rypins\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Clyde Rypins\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(NVIDIA Corporation) C:\Users\Clyde Rypins\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2777392 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [589976 2015-11-16] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-04] (Valve Corporation)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [f.lux] => C:\Users\Clyde Rypins\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [3122632 2016-03-21] (IDRIX)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\RunOnce: [Uninstall C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\RunOnce: [Uninstall C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\RunOnce: [Uninstall C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-17] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{027c5a7b-21c4-49ba-adc6-6a30f077977d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{831224cc-4226-4f60-b453-29bc473e581d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e92f0ec6-0ef0-4c2f-8e78-3aafa1dd8cbb}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbIgEOWQ9BGBgQJAlZTA1EFAwOeVsBVhQXEwESJAAPV1xIR1YFIk0FA1ADB0VXfVBdFElXTwhwJVxqBEoETUFQCExa
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFaWQ9JFwUabQpcUVhcFQAWeRQBAwBGDFMRdAhcWA5HRAxFIx9aFQQTSEcFME0FCFwEURNNfWpdBGsUUkBPNEpwFFs=&q={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFaWQ9JFwUabQpcUVhcFQAWeRQBAwBGDFMRdAhcWA5HRAxFIx9aFQQTSEcFME0FCFwEURNNfWpdBGsUUkBPNEpwFFs=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086023237-4107132898-1909750932-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFaWQ9JFwUabQpcUVhcFQAWeRQBAwBGDFMRdAhcWA5HRAxFIx9aFQQTSEcFME0FCFwEURNNfWpdBGsUUkBPNEpwFFs=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086023237-4107132898-1909750932-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFaWQ9JFwUabQpcUVhcFQAWeRQBAwBGDFMRdAhcWA5HRAxFIx9aFQQTSEcFME0FCFwEURNNfWpdBGsUUkBPNEpwFFs=&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-17] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-04] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2086023237-4107132898-1909750932-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHA1BeA8AVwlIDAZHcFgVVQxEGBgaIgAPTF9DFQRHeQ4OBAAXQhNBNARaB0tXUUEeGGlxR1dMclBGElxLFFUFUn1WIg==
FF DefaultSearchEngine: Default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Default
FF Homepage: www.google.com
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFaWQ9JFwUabQpcUVhcFQAWeRQBAwBGDFMRdAhcWA5HRAxFIx9aFQQTR0cFME0FB18EURNNfWpdBGsUUkBPNEpwFFs=&q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-04] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF user.js: detected! => C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\user.js [2015-12-14]
FF SearchPlugin: C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\searchplugins\default.xml [2016-03-12]
FF Extension: NoScript - C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-03-27]
FF Extension: Avira Browser Safety - C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\Extensions\abs@avira.com.xpi [2016-04-07]
FF Extension: Tails Download and Verify - C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\Extensions\dave@tails.boum.org.xpi [2016-04-06]
FF Extension: Avira SafeSearch Plus - C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\Extensions\safesearchplus2@avira.com.xpi [2016-04-07]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-17]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-17]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-03-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
CHR Extension: (Google Docs) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
CHR Extension: (Google Drive) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (YouTube) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
CHR Extension: (Google Search) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
CHR Extension: (Tampermonkey) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-03-20]
CHR Extension: (Google Sheets) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
CHR Extension: (Avira Browser Safety) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-08]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Doctor Who) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkdlaimpkpbbegfgjflmjicbigjemoo [2016-03-16]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-04-08]
CHR Extension: (Skype) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
CHR Extension: (Doctor Who: Escape from the Box) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkddllgcmaandjjllaejbelgldpaoldc [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Clyde Rypins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-17] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [218384 2016-03-22] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11073256 2015-08-20] (DisplayLink Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-12-08] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [508936 2016-03-30] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-25] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6299952 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4804400 2015-12-08] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [51200 2015-11-19] (Razer Inc.) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2015-08-28] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-17] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-02-22] (Avira Operations GmbH & Co. KG)
R3 AX88179; C:\Windows\System32\drivers\ax88179_178a.sys [81576 2015-07-29] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 CV2K1; C:\Windows\system32\DRIVERS\cv2k1.sys [21608 2012-10-06] (TamoSoft)
S3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
S3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150904.003\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150904.003\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-04-02] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [174000 2016-02-18] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129456 2016-02-18] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207280 2016-02-18] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133552 2016-02-18] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146864 2016-02-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117168 2016-02-18] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
S3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-09-18] (Scarlet.Crush Productions)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1606000.08E\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22120 2012-10-06] (TamoSoft)
R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [26256 2012-10-06] (TamoSoft)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
R0 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-03-21] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-10 12:21 - 2016-04-10 12:24 - 00044815 _____ C:\Users\Clyde Rypins\Downloads\FRST.txt
2016-04-10 12:21 - 2016-04-10 12:21 - 02374144 _____ (Farbar) C:\Users\Clyde Rypins\Downloads\FRST64.exe
2016-04-10 12:21 - 2016-04-10 12:21 - 00000000 ____D C:\FRST
2016-04-10 12:01 - 2016-04-10 12:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 12:00 - 2016-04-10 12:20 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 12:00 - 2016-04-10 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 11:59 - 2016-04-10 12:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-10 11:59 - 2016-04-10 11:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-10 11:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-10 11:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-10 11:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-09 22:02 - 2016-04-09 22:05 - 22908888 _____ (Malwarebytes ) C:\Users\Clyde Rypins\Downloads\mbam-setup-neuber.2005-2.2.0.1024.exe
2016-04-08 12:30 - 2016-04-08 12:30 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Avira_Operations_GmbH_&_C
2016-04-07 20:54 - 2016-04-07 20:54 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
2016-04-07 20:54 - 2016-04-07 20:54 - 00001113 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-04-07 20:54 - 2016-04-07 20:54 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Avira
2016-04-07 20:45 - 2016-02-22 16:44 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-04-07 20:45 - 2016-02-22 16:44 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-04-07 20:45 - 2016-02-22 16:44 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-04-07 20:45 - 2016-02-22 16:44 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-04-07 20:31 - 2016-04-07 20:56 - 00000000 ____D C:\ProgramData\Avira
2016-04-07 20:31 - 2016-04-07 20:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-07 20:31 - 2016-04-07 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-07 20:31 - 2016-04-07 20:32 - 00001283 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-07 20:25 - 2016-04-07 20:26 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Clyde Rypins\Downloads\avira_en_av_57072333046f4__ws.exe
2016-04-07 20:23 - 2016-04-07 20:23 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Panda Security
2016-04-07 20:23 - 2015-06-16 07:41 - 00062080 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-04-07 20:22 - 2016-04-07 20:26 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2016-04-07 20:22 - 2016-04-07 20:26 - 00002266 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-04-07 20:22 - 2016-04-07 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-04-07 20:22 - 2016-02-24 05:26 - 00146864 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINProt.sys
2016-04-07 20:22 - 2016-02-18 09:37 - 00207280 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINKNC.sys
2016-04-07 20:22 - 2016-02-18 09:37 - 00174000 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINAflt.sys
2016-04-07 20:22 - 2016-02-18 09:37 - 00133552 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINProc.sys
2016-04-07 20:22 - 2016-02-18 09:37 - 00129456 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINFile.sys
2016-04-07 20:22 - 2016-02-18 09:37 - 00117168 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINReg.sys
2016-04-07 20:21 - 2016-04-07 20:23 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-04-07 20:18 - 2016-04-07 20:23 - 00000000 ____D C:\ProgramData\Panda Security
2016-04-07 20:17 - 2016-04-07 20:18 - 02113152 _____ C:\Users\Clyde Rypins\Downloads\PANDAFREEAV.exe
2016-04-07 08:02 - 2016-04-08 13:20 - 00000927 _____ C:\Users\Clyde Rypins\Desktop\Start Tor Browser.lnk
2016-04-07 07:59 - 2016-04-07 08:02 - 00000000 ____D C:\Users\Clyde Rypins\Desktop\Tor Browser
2016-04-07 07:58 - 2016-04-07 07:59 - 43786008 _____ C:\Users\Clyde Rypins\Downloads\torbrowser-install-5.5.4_en-US (1).exe
2016-04-06 19:38 - 2016-04-06 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-06 19:38 - 2016-04-06 19:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-04-06 17:51 - 2016-04-06 17:51 - 01088958 _____ (pendrivelinux.com) C:\Users\Clyde Rypins\Downloads\Universal-USB-Installer.exe
2016-04-06 17:50 - 2016-04-06 17:59 - 1143314432 _____ C:\Users\Clyde Rypins\Desktop\tails-i386-2.2.1.iso
2016-04-02 20:13 - 2016-04-02 20:13 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\CrashRpt
2016-04-02 11:50 - 2016-04-02 12:20 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2016-04-02 11:50 - 2016-04-02 11:55 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\thriXXX
2016-04-02 11:08 - 2016-04-02 11:09 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\NETGEARGenie
2016-04-02 11:07 - 2016-04-02 11:07 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-04-02 11:07 - 2016-04-02 11:07 - 00002127 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2016-04-02 11:06 - 2016-04-02 11:07 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2016-04-02 11:05 - 2016-04-02 11:06 - 42794200 _____ (NETGEAR Inc.) C:\Users\Clyde Rypins\Downloads\NETGEARGenie-install.exe
2016-03-28 18:21 - 2016-03-28 18:21 - 00000000 ____D C:\Users\Clyde Rypins\Documents\DyingLightDemo
2016-03-28 17:49 - 2016-03-28 17:49 - 00000222 _____ C:\Users\Clyde Rypins\Desktop\Dying Light Demo.url
2016-03-28 07:48 - 2016-03-28 07:48 - 00000974 _____ C:\Users\Clyde Rypins\Documents\speech.txt
2016-03-27 12:17 - 2016-03-27 12:50 - 00688911 _____ C:\Users\Clyde Rypins\Downloads\METAL.GEAR.SOLID.5.TPP.V1.08.PLUS22TRN.FLING.ZIP
2016-03-26 16:01 - 2015-09-02 16:15 - 00156160 _____ C:\WINDOWS\system32\FW1FontWrapper_x64.dll
2016-03-26 16:01 - 2015-09-02 16:15 - 00129536 _____ C:\WINDOWS\SysWOW64\FW1FontWrapper.dll
2016-03-25 09:16 - 2016-03-25 09:54 - 247324672 _____ C:\Users\Clyde Rypins\Downloads\9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO
2016-03-24 21:20 - 2016-03-24 21:26 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Mozilla
2016-03-24 21:20 - 2016-03-24 21:20 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-24 21:20 - 2016-03-24 21:20 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-24 21:19 - 2016-03-24 21:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-24 21:17 - 2016-03-24 21:18 - 00242128 _____ C:\Users\Clyde Rypins\Downloads\Firefox Setup Stub 45.0.1 (1).exe
2016-03-24 19:51 - 2016-03-24 20:00 - 1030300184 _____ (Microsoft ) C:\Users\Clyde Rypins\Downloads\SC2012_R2_SCVMM.exe
2016-03-24 19:30 - 2016-04-08 13:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-03-24 19:27 - 2016-03-24 19:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-24 18:59 - 2016-03-24 19:04 - 06868672 _____ (Piriform Ltd) C:\Users\Clyde Rypins\Downloads\ccsetup516.exe
2016-03-23 20:43 - 2016-03-23 20:43 - 00000279 _____ C:\Users\Clyde Rypins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2016-03-23 16:48 - 2016-03-23 16:48 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\MicrosoftEdge
2016-03-23 15:44 - 2016-03-23 15:44 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Eraser 6
2016-03-23 15:35 - 2016-03-23 15:35 - 01835008 _____ C:\Users\Clyde Rypins\Documents\VeraCrypt Rescue Disk.iso
2016-03-23 15:33 - 2016-03-23 15:33 - 00000000 ____D C:\ProgramData\VeraCrypt
2016-03-22 18:16 - 2016-03-22 18:16 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-03-22 18:16 - 2016-03-22 18:16 - 00002507 _____ C:\Users\Public\Desktop\Safari.lnk
2016-03-22 18:15 - 2016-03-22 18:16 - 00000000 ____D C:\Program Files (x86)\Safari
2016-03-22 18:13 - 2016-03-22 18:14 - 38494576 _____ (Apple Inc.) C:\Users\Clyde Rypins\Downloads\SafariSetup.exe
2016-03-22 16:22 - 2016-04-06 17:46 - 00003176 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458688946
2016-03-22 16:22 - 2016-04-06 17:46 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-22 16:22 - 2016-03-22 16:22 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-22 16:21 - 2016-03-22 16:21 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-21 20:08 - 2016-03-28 17:36 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\VeraCrypt
2016-03-21 20:08 - 2016-03-21 20:08 - 00000888 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2016-03-21 20:08 - 2016-03-21 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2016-03-21 20:07 - 2016-03-21 20:07 - 00198248 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2016-03-21 20:06 - 2016-03-21 20:07 - 00000000 ____D C:\Program Files\VeraCrypt
2016-03-21 20:05 - 2016-03-21 20:06 - 13954552 _____ (IDRIX) C:\Users\Clyde Rypins\Downloads\VeraCrypt Setup 1.17.exe
2016-03-21 18:59 - 2016-04-07 08:02 - 00000975 _____ C:\Users\Clyde Rypins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-03-21 18:57 - 2016-03-21 18:58 - 43786008 _____ C:\Users\Clyde Rypins\Downloads\torbrowser-install-5.5.4_en-US.exe
2016-03-20 18:23 - 2016-03-24 19:05 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-20 18:23 - 2016-03-20 18:23 - 00002882 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-03-20 18:23 - 2016-03-20 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-20 18:23 - 2016-03-20 18:23 - 00000000 ____D C:\Program Files\CCleaner
2016-03-20 18:22 - 2016-03-20 18:23 - 06837784 _____ (Piriform Ltd) C:\Users\Clyde Rypins\Downloads\ccsetup515.exe
2016-03-20 18:13 - 2016-03-20 18:14 - 00242128 _____ C:\Users\Clyde Rypins\Downloads\Firefox Setup Stub 45.0.1.exe
2016-03-20 17:59 - 2016-04-08 16:21 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\TeamViewer
2016-03-20 17:20 - 2016-03-20 17:20 - 00001828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-03-20 17:20 - 2016-03-20 17:20 - 00001816 _____ C:\Users\Public\Desktop\Eraser.lnk
2016-03-20 17:20 - 2016-03-20 17:20 - 00000000 ____D C:\Program Files\Eraser
2016-03-20 17:14 - 2016-03-20 17:15 - 08338384 _____ (The Eraser Project) C:\Users\Clyde Rypins\Downloads\Eraser 6.2.0.2970.exe
2016-03-20 16:40 - 2016-03-20 16:40 - 00001186 _____ C:\Users\Clyde Rypins\Desktop\DVDStyler.lnk
2016-03-20 16:40 - 2016-03-20 16:40 - 00000000 ____D C:\Users\Clyde Rypins\.thumb
2016-03-20 16:40 - 2016-03-20 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
2016-03-20 16:40 - 2016-03-20 16:40 - 00000000 ____D C:\Program Files (x86)\DVDStyler
2016-03-20 16:38 - 2016-03-20 16:39 - 24559509 _____ ( ) C:\Users\Clyde Rypins\Downloads\DVDStyler-2.9.6-win32.exe
2016-03-20 13:59 - 2016-04-08 22:06 - 00000000 ____D C:\Program Files\Recuva
2016-03-20 13:59 - 2016-03-20 13:59 - 00001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-03-20 13:59 - 2016-03-20 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-03-20 13:58 - 2016-03-20 13:59 - 04426120 _____ (Piriform Ltd) C:\Users\Clyde Rypins\Downloads\rcsetup152.exe
2016-03-17 20:54 - 2016-03-24 19:24 - 00003406 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-17 20:54 - 2016-03-17 20:54 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-03-17 20:54 - 2016-03-17 20:54 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-03-17 20:54 - 2016-03-17 20:54 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-17 20:53 - 2016-03-24 19:24 - 00002507 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-03-17 20:51 - 2016-03-24 19:24 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2016-03-17 20:50 - 2016-03-24 19:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-03-17 20:50 - 2016-03-17 20:51 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-03-17 15:12 - 2016-03-17 15:09 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-17 15:11 - 2016-03-17 15:11 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\AVAST Software
2016-03-17 15:10 - 2016-03-17 15:10 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-03-17 15:10 - 2016-03-17 15:10 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-17 15:09 - 2016-03-19 16:20 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-17 15:09 - 2016-03-17 15:09 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-17 15:09 - 2016-03-17 15:09 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-17 15:08 - 2016-03-17 15:08 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-17 15:07 - 2016-03-22 16:21 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-17 15:06 - 2016-03-22 16:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-17 15:06 - 2016-03-17 15:06 - 05066104 _____ (AVAST Software) C:\Users\Clyde Rypins\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-03-17 03:31 - 2016-03-17 03:31 - 00082864 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspihsw.sys
2016-03-16 07:08 - 2016-03-16 07:09 - 09711616 _____ C:\Users\Clyde Rypins\Downloads\chromeremotedesktophost.msi
2016-03-15 20:11 - 2016-03-15 20:12 - 00103197 _____ C:\Users\Clyde Rypins\Downloads\LOIC-1.0.8-binary.zip
2016-03-14 20:10 - 2016-03-14 20:10 - 00000004 _____ C:\Users\Clyde Rypins\advanced_port_scanner_MAC.bin
2016-03-14 20:06 - 2016-03-14 20:06 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Geckofx
2016-03-14 20:01 - 2016-03-14 20:01 - 00001070 _____ C:\Users\Public\Desktop\Advanced Port Scanner.lnk
2016-03-14 20:01 - 2016-03-14 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner v2
2016-03-14 20:01 - 2016-03-14 20:01 - 00000000 ____D C:\Program Files (x86)\Advanced Port Scanner
2016-03-14 20:00 - 2016-03-14 20:00 - 08830152 _____ (Famatech Corp. ) C:\Users\Clyde Rypins\Downloads\pscan24.exe
2016-03-14 19:40 - 2016-03-14 19:40 - 00000000 ____D C:\Users\Clyde Rypins\Tracing
2016-03-14 19:36 - 2016-04-09 21:40 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Skype
2016-03-14 19:36 - 2016-03-14 19:36 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-14 19:36 - 2016-03-14 19:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-14 19:36 - 2016-03-14 19:36 - 00000000 ____D C:\ProgramData\Skype
2016-03-14 19:36 - 2016-03-14 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-14 19:35 - 2016-03-14 19:35 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Clyde Rypins\Downloads\SkypeSetup.exe
2016-03-14 19:32 - 2016-03-14 19:34 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Gui Booter
2016-03-14 19:32 - 2016-03-14 19:32 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\xulrunner
2016-03-14 19:20 - 2016-03-14 19:30 - 00000468 _____ C:\Users\Clyde Rypins\AppData\Roaming\burnaware.ini
2016-03-14 19:20 - 2016-03-14 19:20 - 00001127 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2016-03-14 19:20 - 2016-03-14 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2016-03-14 19:19 - 2016-03-14 19:20 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2016-03-14 19:18 - 2016-03-14 19:19 - 07747320 _____ (Burnaware ) C:\Users\Clyde Rypins\Downloads\burnaware_free.exe
2016-03-12 12:23 - 2016-03-24 21:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-12 10:52 - 2016-03-12 10:52 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Macromedia
2016-03-11 20:55 - 2016-03-11 20:55 - 00000000 _____ C:\Users\Clyde Rypins\Downloads\_(wwww.font-cat.com).ttf
2016-03-11 20:52 - 2012-11-19 17:43 - 00787154 _____ C:\Users\Clyde Rypins\Desktop\Motion Warfare.aep
2016-03-11 20:47 - 2016-03-11 20:48 - 48918684 _____ C:\Users\Clyde Rypins\Downloads\motion-warfare.zip
2016-03-11 19:19 - 2016-03-11 19:19 - 28068334 _____ C:\Users\Clyde Rypins\Desktop\googleearth 2016-02-21 13-26-55-72_1.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-10 12:18 - 2015-08-28 12:51 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 12:09 - 2015-08-29 02:42 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-10 11:50 - 2016-01-02 22:37 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\ClassicShell
2016-04-09 21:42 - 2015-12-28 15:56 - 00000000 ___RD C:\Users\Clyde Rypins\Creative Cloud Files
2016-04-09 21:41 - 2015-11-15 15:24 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\LogMeIn Hamachi
2016-04-09 21:41 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-09 21:37 - 2016-02-23 18:05 - 00003046 _____ C:\WINDOWS\System32\Tasks\AsrSP.exe
2016-04-09 21:37 - 2015-11-09 20:02 - 00000404 _____ C:\WINDOWS\Tasks\AmiUpdXp.job
2016-04-09 21:37 - 2015-08-29 02:42 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-09 21:36 - 2015-11-08 12:17 - 00000000 ____D C:\ProgramData\LogMeIn
2016-04-09 13:32 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-09 13:31 - 2016-01-02 12:22 - 00000000 ____D C:\Users\Clyde Rypins
2016-04-08 20:28 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-08 17:15 - 2015-12-09 21:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-08 13:21 - 2015-09-02 16:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-08 13:13 - 2015-11-30 22:21 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-04-08 13:12 - 2016-01-02 12:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 13:12 - 2016-01-02 12:20 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-08 12:31 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-07 20:30 - 2015-08-29 02:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-07 17:43 - 2016-01-02 12:22 - 01011616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-06 19:38 - 2015-11-15 15:23 - 00000995 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-04-05 07:43 - 2016-01-04 20:15 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-04 18:41 - 2015-09-16 20:32 - 00000000 ____D C:\ProgramData\Oracle
2016-04-04 18:39 - 2015-09-16 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-04 18:39 - 2015-09-16 20:32 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-04 18:37 - 2015-09-16 20:32 - 00000000 ____D C:\Users\Clyde Rypins\.oracle_jre_usage
2016-04-04 18:36 - 2015-09-16 20:32 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-04 18:17 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-03 19:15 - 2016-02-23 19:03 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\GeometryDash
2016-04-03 10:33 - 2015-08-28 13:04 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-02 20:54 - 2015-10-11 20:06 - 00000098 _____ C:\Users\Clyde Rypins\AppData\Roaming\LauncherSettings_live.cfg
2016-04-02 11:07 - 2013-02-28 18:49 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2016-04-02 11:07 - 2013-02-28 18:49 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2016-04-02 11:07 - 2013-02-28 18:49 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2016-04-02 11:07 - 2013-02-28 18:49 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2016-04-02 11:07 - 2013-02-28 18:49 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2016-04-02 03:53 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-30 16:21 - 2015-11-30 22:21 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-03-30 16:20 - 2015-11-30 22:21 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2016-03-30 16:20 - 2015-11-30 22:21 - 00100864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2016-03-30 16:13 - 2015-08-29 02:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 16:13 - 2015-08-29 02:42 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-30 01:11 - 2015-08-29 02:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-26 16:59 - 2015-11-29 20:30 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-26 16:59 - 2015-11-29 20:30 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-25 18:02 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-22 18:17 - 2016-01-17 16:05 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Apple Computer
2016-03-22 18:17 - 2016-01-06 19:31 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Apple Computer
2016-03-22 14:34 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-21 19:02 - 2015-11-30 22:21 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2016-03-20 18:31 - 2016-01-02 12:15 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-20 18:31 - 2015-09-02 16:26 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\CrashDumps
2016-03-20 16:26 - 2016-01-17 17:40 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Audacity
2016-03-17 20:56 - 2015-08-28 12:52 - 00000000 ____D C:\ProgramData\Norton
2016-03-17 20:50 - 2015-08-28 12:52 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-17 20:23 - 2016-01-02 16:06 - 00001375 _____ C:\Users\Clyde Rypins\Desktop\Norton Installation Files.lnk
2016-03-16 07:10 - 2015-08-29 02:57 - 00000000 ____D C:\ProgramData\Google
2016-03-16 07:08 - 2015-12-05 22:15 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-03-15 20:21 - 2015-12-01 15:55 - 00000000 ____D C:\Users\Clyde Rypins\.VirtualBox
2016-03-14 20:01 - 2015-11-09 21:53 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Advanced Port Scanner 2
2016-03-14 19:51 - 2015-09-04 21:21 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-03-12 10:51 - 2015-08-28 15:11 - 00000000 ____D C:\Users\Clyde Rypins\AppData\Local\Adobe
2016-03-12 04:16 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-12 04:16 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-12 04:16 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-12 04:16 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 22:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-11 19:55 - 2015-12-28 16:13 - 00000000 ____D C:\Users\Clyde Rypins\Documents\Adobe
2016-03-11 19:13 - 2016-01-02 14:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-11 18:57 - 2016-01-02 14:43 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-11 18:50 - 2016-01-02 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-11 18:45 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-11 18:45 - 2015-10-30 00:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-11 18:45 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-11 18:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-11 18:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-11 18:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-11 18:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-11 18:45 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-11 18:45 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-11 08:13 - 2016-01-02 12:42 - 00002432 _____ C:\Users\Clyde Rypins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 08:13 - 2016-01-02 12:42 - 00000000 ___RD C:\Users\Clyde Rypins\OneDrive
 
==================== Files in the root of some directories =======
 
2016-01-17 17:21 - 2016-01-17 17:21 - 0000033 _____ () C:\Users\Clyde Rypins\AppData\Roaming\AdobeWLCMCache.dat
2016-03-14 19:20 - 2016-03-14 19:30 - 0000468 _____ () C:\Users\Clyde Rypins\AppData\Roaming\burnaware.ini
2015-10-11 20:06 - 2016-04-02 20:54 - 0000098 _____ () C:\Users\Clyde Rypins\AppData\Roaming\LauncherSettings_live.cfg
2015-10-11 18:55 - 2015-10-11 18:57 - 0000040 _____ () C:\Users\Clyde Rypins\AppData\Roaming\TheHunterSettings_steam_live.cfg
2016-01-02 12:19 - 2016-01-02 12:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Clyde Rypins\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-05 17:41
 
==================== End of FRST.txt ============================


#3 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 April 2016 - 02:38 PM

Sorry to keep updating, but it is possible that the log I posted doesn't contain info from the original question I posted. It is simply there for extra info.



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 10 April 2016 - 05:22 PM

Hello clyderr and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 

Which do you use antivirus software ?

==========================================

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far


Edited by olgun52, 10 April 2016 - 05:28 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 April 2016 - 05:34 PM

Here's addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Clyde Rypins (2016-04-10 12:26:25)
Running from C:\Users\Clyde Rypins\Downloads
Windows 10 Pro Version 1511 (X64) (2016-01-02 19:35:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2086023237-4107132898-1909750932-500 - Administrator - Disabled)
Clyde Rypins (S-1-5-21-2086023237-4107132898-1909750932-1000 - Administrator - Enabled) => C:\Users\Clyde Rypins
DefaultAccount (S-1-5-21-2086023237-4107132898-1909750932-503 - Limited - Disabled)
Guest (S-1-5-21-2086023237-4107132898-1909750932-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2086023237-4107132898-1909750932-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Edge Animate CC 2015 (HKLM-x32\...\{92AC6B8F-F962-11E4-867D-81149C0292DF}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2015 (HKLM-x32\...\{31390329-FFF0-11E4-85AD-AF2C4143F080}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Fuse CC (Preview) (HKLM-x32\...\{06F1F289-ACFE-43A2-A654-7950079D6685}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InCopy CC 2015 (HKLM-x32\...\{9EF1DB49-6D32-1014-93B7-EB62FA572532}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{25CC1EC0-19D9-11E5-952D-BD72CD08879E}) (Version: 2015.0.2.4 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Prelude CC 2015 (HKLM-x32\...\{4D911A81-7146-470C-A48F-98479255251C}) (Version: 4.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2015 (HKLM-x32\...\{8FD7F1DB-7355-469E-A3F2-2118148D8477}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advanced Port Scanner 2.4 (HKLM-x32\...\{10F177CF-543F-4BC2-A297-DBF73709D3C5}) (Version: 2.4.2750 - Famatech)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AMD Catalyst Install Manager (HKLM\...\{7D4332CC-C86B-671A-592C-2F72B996D8C8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Aperture Tag: The Paint Gun Testing Initiative (HKLM-x32\...\Steam App 280740) (Version:  - Aperture Tag Team)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.5-r5 - Arduino LLC)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.1.2 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.0.0.20945 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clyde CC (Version: 1.0.0 - Adobe Systems Incorporated) Hidden
CommView (HKLM-x32\...\{70C4E840-DAB4-11DF-5F90-014727066952}) (Version: 6.5 - TamoSoft)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
DisplayLink Core Software (HKLM\...\{0A7DC53D-6DAE-493F-805F-74F7ED7BD438}) (Version: 7.9.478.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{C4BA56E5-1992-41BC-B3FE-0D693B93DCA1}) (Version: 7.9.522.0 - DisplayLink Corp.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dying Light Demo (HKLM\...\Steam App 381570) (Version:  - Techland)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)
f.lux (HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\...\Flux) (Version:  - )
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Fishing Planet (HKLM-x32\...\Steam App 380600) (Version:  - Fishing Planet LLC)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\Steam App 322170) (Version:  - RobTop Games)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
I am Bread (HKLM-x32\...\Steam App 327890) (Version:  - Bossa Studios)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Keep Talking and Nobody Explodes (HKLM-x32\...\Steam App 341800) (Version:  - Steel Crate Games)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{9C9094DB-BDBD-408C-B136-FFC67E3F0DFB}) (Version: 4.1.6422 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
Node.js (HKLM\...\{8C7BB038-9DF2-4B43-8BF7-42D95559E459}) (Version: 4.1.1 - Node.js Foundation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.6.0.142 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.0.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.0.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security)
Panda Free Antivirus (Version: 8.21.00 - Panda Security) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAR Password Cracker (HKLM-x32\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.1.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28129 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.0.48 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version:  - ) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Way of Life Free Edition (HKLM-x32\...\Steam App 310370) (Version:  - Fabio Ferrara)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Velvet Sundown (HKLM-x32\...\Steam App 307290) (Version:  - Tribe Studios)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
Viridi (HKLM-x32\...\Steam App 375950) (Version:  - Ice Water Games)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH)
Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2086023237-4107132898-1909750932-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Clyde Rypins\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2086023237-4107132898-1909750932-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CDC44CF-26ED-46BD-8A4F-D8ADE07051A6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {146CBA67-FE76-4816-878A-1DFBAE93014F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1EF1B10C-2A7A-4F28-BE51-7F74D6B853C6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {2F240F06-1BCD-4445-9E74-809ED03942EA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {36B82A44-C146-4CBB-B9DD-5F7FAEA2074A} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3C2994D6-2405-4177-BB32-EC58252127BA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3FB89079-E64C-448E-A5E3-BD37A9C8BC30} - System32\Tasks\{1DDFBDB2-F087-45B1-BD73-2670D0D0B350} => pcalua.exe -a D:\Utilities\GoogleChrome\Google\(v1.0.1)\ASRock_Chrome_Installer.exe -d D:\Utilities\GoogleChrome\Google\(v1.0.1)\ -c /r:ASRM /b /q
Task: {4FA95AA6-8B87-41D1-B90B-75455BB07870} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-17] (AVAST Software)
Task: {59666F53-AD14-4F3F-A061-9EF9B5E55949} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {5BD4BDFA-1A15-4203-96DE-D749500526DC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5F899D25-CB2B-4744-B658-DB8E1AAD1820} - System32\Tasks\AdobeAAMUpdater-1.0-ClydeRypins-PC-Clyde Rypins => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {622AF09B-424A-479E-A129-7B10D247D501} - System32\Tasks\CommView Update => C:\Program Files (x86)\CommView\Updater.exe
Task: {69B23D8B-D1B4-45B1-817B-681F8BBA1784} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71059410-035E-4303-97E4-44FC7D00CC43} - System32\Tasks\SafeZone scheduled Autoupdate 1458688946 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
Task: {731E7F19-E4D9-4D59-A761-D4C90F141CCC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {763BD50E-B392-4218-9F0F-2CD2EEFE038E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {7B360E56-3FC7-4067-9357-297E4D35C30F} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-05-27] ()
Task: {7D6132A6-FAA4-42AC-A13A-6D848F770DE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {7DF366CD-5B07-44CF-81CD-33C0DB3C5FE9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7E40E4D5-22C8-4963-9720-23A54FDB7A3C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {83224149-3805-4BCD-A9B7-2468F0E2E168} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9042E08A-52BE-4B8B-90EE-83F5C4D4F4E1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {92DE53BA-7EDC-4099-8D03-AD90A62084C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {95436CFA-ABF5-4043-A7A5-A196C4209CDE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {976650C7-A7BB-442E-A09B-922C1E912F37} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9C74D9BF-30D8-485C-9627-3C55A32E511F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe [2016-02-25] (Symantec Corporation)
Task: {AFA5840E-5204-4E94-933B-4B9B3C363A17} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {B528E631-084D-47CD-BD7D-697FAA310B15} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-02-25] (Symantec Corporation)
Task: {B6354DDE-7855-460B-9959-99F60CA92127} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {B95B0490-0B25-469E-99E9-B895C9846F07} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BA51D7E3-58EA-4A92-81B5-3B22B03F971D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {BBDCD9E9-1DEA-4F4F-90C7-4EED6477C335} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BEFE2A24-74A4-4BB7-BA0D-0953526474A1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {C21B06B5-1FBA-49CF-8E8E-6019EB286B9E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C4A69B34-6CB1-41B6-9FDA-EEA8B88CF192} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C896718F-609C-4E2B-ADC9-FD70C1C9930B} - System32\Tasks\AmiUpdXp => C:\Users\Clyde Rypins\AppData\Local\29936\Updater.exe <==== ATTENTION
Task: {CF6144CF-716E-49E8-80CE-EA588D189A9F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {D3D82DAF-5473-483A-9AF6-81256E3BC5D7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D52F47C9-1B08-4301-A06C-4421BA4A34DB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {D63DB631-4B49-4DC1-975E-CD307F9F30B0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E136A8E3-834B-408A-975D-C97027EF7004} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EEDBAB1E-0836-4206-B7B2-835395205514} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Clyde Rypins\AppData\Local\29936\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:17 - 2015-10-30 00:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-28 12:49 - 2013-07-25 15:04 - 00454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2015-12-28 16:43 - 2015-12-08 11:51 - 00284464 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-02 12:20 - 2015-12-16 07:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-02 16:12 - 2015-12-08 11:51 - 00012080 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll
2015-08-20 00:52 - 2015-08-20 00:52 - 01612520 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-03-02 08:22 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-22 18:24 - 2016-01-22 18:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-02 08:22 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-14 12:49 - 2016-01-22 14:55 - 00553136 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-01-02 12:12 - 2016-01-02 12:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 08:22 - 2016-02-23 01:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 21:05 - 2016-01-04 18:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 21:05 - 2016-01-04 18:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-09 17:51 - 2016-01-15 22:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-09 17:51 - 2016-01-15 22:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-02 16:12 - 2015-12-08 11:51 - 00708912 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-09-02 16:12 - 2015-12-08 11:51 - 00854320 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-09-18 00:23 - 2014-09-18 00:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 11:23 - 2015-03-12 11:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 00:23 - 2014-09-18 00:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 11:23 - 2015-03-12 11:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-10-07 19:12 - 2015-12-08 11:55 - 04399920 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\MessageBus.dll
2015-10-07 19:12 - 2015-06-25 08:03 - 00970240 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.Core.dll
2015-10-07 19:12 - 2015-06-25 08:03 - 53344768 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libcef.dll
2015-10-07 19:12 - 2015-06-25 08:03 - 00613888 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.BrowserSubprocess.Core.dll
2015-10-07 19:12 - 2015-06-25 08:03 - 01015296 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\ffmpegsumo.dll
2015-10-07 19:12 - 2015-06-25 08:03 - 00208896 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libEGL.dll
2015-10-07 19:12 - 2015-06-25 08:03 - 01750016 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libGLESv2.dll
2015-10-07 19:12 - 2015-12-08 11:49 - 00391352 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\NvRemux64.dll
2015-07-07 23:58 - 2015-07-07 23:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-02-14 12:49 - 2016-01-22 14:54 - 31420080 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-03-17 15:08 - 2016-03-17 15:08 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-17 15:08 - 2016-03-17 15:08 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-08 12:13 - 2016-04-08 12:13 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16040802\algo.dll
2016-03-17 15:08 - 2016-03-17 15:08 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-10 10:02 - 2016-04-10 10:02 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041001\algo.dll
2015-12-15 10:17 - 2015-12-15 10:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-22 18:24 - 2016-01-22 18:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 18:24 - 2016-01-22 18:25 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-09-02 16:12 - 2015-12-08 11:51 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-16 03:48 - 2015-11-16 03:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-02-14 12:49 - 2016-01-28 13:32 - 40523456 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-03-17 15:08 - 2016-03-17 15:08 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-14 12:49 - 2016-01-28 13:32 - 01365696 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2016-02-14 12:49 - 2016-01-28 13:32 - 00219328 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-12-25 15:42 - 2014-11-25 19:12 - 40622592 _____ () C:\Users\Clyde Rypins\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 01:22 - 2016-01-21 01:22 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 11:24 - 2016-02-12 11:24 - 00158400 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-12-25 15:42 - 2014-11-25 19:12 - 00911360 _____ () C:\Users\Clyde Rypins\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-12-25 15:42 - 2014-11-25 19:12 - 00134144 _____ () C:\Users\Clyde Rypins\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-02-14 12:52 - 2016-01-08 04:05 - 00124416 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-02-14 12:52 - 2016-01-08 04:05 - 00121344 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-02-14 12:52 - 2016-01-08 04:05 - 00129536 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-14 12:52 - 2016-01-08 04:05 - 00188416 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-02-14 12:52 - 2016-01-28 14:03 - 00158400 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2016-02-14 12:52 - 2016-01-08 04:05 - 00085504 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2016-02-14 12:52 - 2016-01-08 04:05 - 00086016 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2016-02-14 12:52 - 2016-01-08 04:05 - 00081408 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{6139711F-47EC-4C03-8DC7-E80CA6441D0C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{194625FD-08C1-4473-9A4F-324B0826FC91}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{6F6CA5B1-DDC6-499D-B57C-0EA78D669F2A}] => (Allow) C:\Users\Clyde Rypins\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{957B6939-3CB9-4A77-AC31-1DBD4F68FB9D}] => (Allow) C:\Users\Clyde Rypins\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E90322C9-03D6-4ECA-8263-A300FEAC96E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{BD644361-F59A-4A17-A27E-BEF8C9BBEA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{313E5DE2-0C92-4B74-8B05-946933729CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{2D20D762-0C25-453A-91C9-AA2BEF234C42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{8715B8BD-4D5C-497F-A590-195170C0EA6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aperture Tag\portal2.exe
FirewallRules: [{696ACCF1-B3E1-443E-B145-AFD9F292DE5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aperture Tag\portal2.exe
FirewallRules: [{F56C5BE9-92A8-4669-8A93-6D57DF614009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{68FB7FED-2183-4B04-8671-122091E5E357}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{69F40B7F-95EB-4510-8B2D-4C1974F7DA7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{CCC29DBF-E7CA-4A41-99D3-7EB94D20BAB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{BC203605-F6CD-4EF8-8699-53926285E8BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{85354CD9-7DFB-4437-A9C6-CDD2A0877D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{40FC428E-00B1-49A6-B538-66A1E4E1890D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe
FirewallRules: [{958895DB-9C6A-448A-AE85-758D9B572E7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe
FirewallRules: [{C8437FBB-4B2D-4DAD-8D0E-BA384D68CDB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{67D8225B-C7C7-4262-9997-D5E8B7B9CB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{63FA4372-A0BD-4E9A-8894-401F0AEF359D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{E463759D-EAB8-48CB-8BF3-6A9A32F87419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [UDP Query User{25585F01-8AD1-41EB-984F-EF48D2A85A2D}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{C33C20BB-06F9-4825-A6A2-696B34CCE173}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{CA1771EC-249F-417F-BF0A-40202DA7C77E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{54D30A71-1A2C-43BF-9F79-66BB5DAEB905}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{62A5D470-1B63-425E-B708-1F50B4D1A905}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe
FirewallRules: [{AC9C5716-97CE-455B-9653-628D27F03713}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe
FirewallRules: [{5CC30872-1A7B-4430-A55F-8D63BDA54E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{3A1DEDD5-9A78-4869-A673-CA3B1429C7C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [UDP Query User{C031E2A1-36B8-41B8-B6D3-C56A5FCEBEBC}C:\users\clyde rypins\desktop\ogar-windows-9bec584.exe] => (Allow) C:\users\clyde rypins\desktop\ogar-windows-9bec584.exe
FirewallRules: [TCP Query User{6149EC77-ED6E-43F9-A42E-CE6EA6B809FD}C:\users\clyde rypins\desktop\ogar-windows-9bec584.exe] => (Allow) C:\users\clyde rypins\desktop\ogar-windows-9bec584.exe
FirewallRules: [UDP Query User{3FB34C3B-2995-48FC-B897-5719019ECD02}C:\users\clyde rypins\downloads\ogar-windows-9bec584.exe] => (Allow) C:\users\clyde rypins\downloads\ogar-windows-9bec584.exe
FirewallRules: [TCP Query User{6626E3B4-977D-4618-9550-283B8894387A}C:\users\clyde rypins\downloads\ogar-windows-9bec584.exe] => (Allow) C:\users\clyde rypins\downloads\ogar-windows-9bec584.exe
FirewallRules: [UDP Query User{1C4F58E6-FE1A-4E2F-BC0C-FDF1DA0F2B81}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [TCP Query User{3F94F5D1-4B53-4E59-AABF-60B03213BE31}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{050AB3C8-2C76-4C4E-84D3-803209DAF8EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{7E2F9FB6-BC21-4A17-8332-FF7E82A48F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{FCE9BF8B-9705-4ABF-8427-B0A9595A411F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VelvetSundown\VelvetSundown.exe
FirewallRules: [{B1793CD9-B4E9-4E03-B278-69D0BF5245C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VelvetSundown\VelvetSundown.exe
FirewallRules: [{0C9392FB-D507-44C2-AB81-526A653B2FBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{3090BB73-B979-4613-8E07-8BE78A160BF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{DD1B1857-CB4D-47A2-83C9-4C0772B82BDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C0232C6A-3E01-4BD6-90EC-DCA97565990A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F208B655-59BE-4519-AEEB-81DA3143E010}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4CFCE9EE-6894-4B9A-8D5F-D16D9F2C9AF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{589DC6C2-34A6-4AF5-A0E9-FFFF4C3E7E1D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E3C75BDB-CA1F-4B1D-8229-CDFD31A08A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{114DD943-58B3-45A5-A123-DA022694CE32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [UDP Query User{C68A67DE-74C1-4D10-B4F5-2E00D31A66D7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{D047574B-56BA-4371-BC6C-B61C75BBC99E}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{C022B49D-1F96-41DC-8699-A0091E652C47}C:\program files (x86)\steam\steamapps\common\portal stories mel\portal2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [TCP Query User{D957FC9F-576A-4605-80DC-159B2EFE060A}C:\program files (x86)\steam\steamapps\common\portal stories mel\portal2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [{426E23B6-1AE3-4AAF-91FD-4B7F006C673F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{6A61A17B-4F9D-4FE6-8E60-30D3DD9C4A00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{DD2E8DF1-A2D2-4E8B-8C42-05658C2AE740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{42E0419D-B4C4-4ACF-8542-27C125DF1E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{87E3FA46-D366-471E-BA11-48E4B0CAC5F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{429833AF-06D4-4DCF-8D84-37AE09FAA3CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{72E1D3AA-E1C7-4B9E-818B-2E8143477100}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{5831D890-5D6C-4083-B565-0E93A633346D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{E9B5FC3F-89E3-4CB5-A474-C9511E223668}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D2611502-C6BF-4410-BDD9-35136395CE97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46F40EAA-0866-4C25-A8C3-674418DAB31D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{DD45595C-5F25-4286-BB1A-DC96614DB4CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{DF03BE0F-FAB3-484F-A03A-45611B8169B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EDF10CC9-6BC1-4808-BD13-8B027D40AB89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D517CDE9-F1C1-4AFC-AF4A-91A8D2CF94A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4AB3F415-9CC9-455A-AB41-161D188E13F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A15AA740-37E4-494E-9D6C-05DCA63759D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DEE90A04-18DE-47A5-9C75-DACDF9C566FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ADFB9D39-A27F-46E2-B2E6-6E5115830B76}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{040D128A-B68D-4B41-B76B-CA21EF6C7A99}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.7 (64 Bit)\FlashBuilder.exe
FirewallRules: [{6D668857-01D7-46FF-B53F-F90A57DCFB4B}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.7 (64 Bit)\FlashBuilder.exe
FirewallRules: [{B515AFAB-C652-46AD-930B-204E82E291F1}] => (Allow) LPort=7935
FirewallRules: [{E4F272EF-D3FB-49B4-9B61-4C1FB2BF9B02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iambread\IamBread.exe
FirewallRules: [{E1A7A622-B20C-4357-9230-E0ECF03A9F27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iambread\IamBread.exe
FirewallRules: [{24248BDA-7F19-4BEC-BF98-44F98566995B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{B2E06BAF-5226-4C3B-A09F-A0985C3D8C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{C64D7954-49A5-4647-8378-A856E7D03C98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{14C093F5-AFF0-4F6D-89D0-16CDA5A11E28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{BA473BC5-FCCD-42A1-B12C-0109EE3F61B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{EB7AA0AE-53C9-4605-954E-84763FDD9E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{90C98F85-90E2-4C0C-BC84-12C7B113AC1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{80639E8F-334C-4550-A7F1-F101D852E8B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{28060AF7-8014-4BB2-BF69-4EADE0529725}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{53264702-1B6B-4225-86D8-918A37109BAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{D81D2927-9BB4-4605-A6CE-BC47AD9D4E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{31099720-63C3-4419-9A16-1DEE56C1BE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{77BEDAA4-CFD7-48CA-BFB3-C9EB684A5D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{D11731DB-FF1B-49DF-97C4-87C32247FE9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{777CF2EF-E0F2-4889-A088-9B622F06ACF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{3A4378DA-64E5-4A43-BA42-A0A45CDBD850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{FA1D4717-9C0C-41FD-8A2D-6EAAFA602BC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4944D0B4-62FF-4FD3-BF72-D207D58ABA99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4EF77AF3-65A9-4F82-BDCC-C96F74114D1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C78549DA-C241-4B0F-944B-23374A2B798F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60F635DD-DBFA-4066-974C-335E2147FB71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2253BEE9-57EC-421E-8D25-3D62FCA6DA00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{640D8EFC-F412-4D3A-AE0E-183ABC57E9D6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{4442DE44-45F7-4E82-B183-0BE9ED89B9B3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9334406F-84E8-4437-8193-214607FFA21C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{0931EF61-DF73-46CB-94DA-2BFAF77F88E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D88B5095-8C3A-4C85-9209-E2D5F4DC6431}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3C95EE22-EC47-4A60-8A45-8DFBE79660E0}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{D3E0B0AB-D237-43E1-B55D-5D3004BC0076}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{0EFC11A2-9303-4394-BB23-A53514B16AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [{767296C0-B6E4-4774-A1E7-275793FC2B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [{5B7886E3-B8DA-4167-906E-5253B954C43E}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{75BA01BF-3EF3-4B7D-9E85-E4ACC19A835F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5DA44B31-8F4E-41C0-9284-493C25FBB4B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{346B155A-0587-49A5-8BAF-A8F6ACFBEF83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [TCP Query User{DEAD49EA-4734-4A6E-961F-B8E7A38B2BF7}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{E25DAE35-46D1-453C-96C1-E1A6066572DF}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: ASUS PCE-N10 11n Wireless LAN PCI-E Card
Description: ASUS PCE-N10 11n Wireless LAN PCI-E Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: rtwlane_13
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/10/2016 12:32:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2144
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (04/10/2016 11:51:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10586.11, time stamp: 0x56457cb1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x5790
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5
 
Error: (04/10/2016 10:06:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (04/09/2016 09:41:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
 
Error: (04/09/2016 09:41:40 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (04/09/2016 09:41:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
System errors:
=============
Error: (04/09/2016 01:31:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_1bcb1b service to connect.
 
Error: (04/09/2016 01:31:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1bcb1b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/09/2016 11:43:41 AM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 09:57:47 AM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 09:20:45 AM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 10:05:58 PM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 06:35:20 PM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 05:18:19 PM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 05:12:32 PM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 04:48:21 PM) (Source: DCOM) (EventID: 10016) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
 
CodeIntegrity:
===================================
  Date: 2016-03-22 16:21:10.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-13 11:37:58.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-12 03:19:48.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 17:49:52.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-04 13:04:13.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 13:32:54.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-14 11:44:49.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-19 12:58:04.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-15 11:52:44.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-10 13:32:00.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 49%
Total physical RAM: 8143.13 MB
Available physical RAM: 4083.85 MB
Total Virtual: 16335.13 MB
Available Virtual: 10606.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.97 GB) (Free:585.82 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:580.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4BB6C944)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 5E3A0E68)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 10 April 2016 - 07:09 PM

Hi clyderr,

1-Panda Security
2-Panda Free Antivirus
3-Avira Antivirus
4-Norton Internet Security
5-Avast Free Antivirus

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

=============================

Please remove all

 

1-Panda Security

2-Panda Free Antivirus

http://www.bleepingcomputer.com/download/panda-antivirus-uninstaller/

3-Avira Antivirus

http://www.avira.com/en/download/product/avira-registry-cleaner

4-Norton Internet Security

https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&pvid=f-home
5-Avastclear
https://www.avast.com/uninstall-utility

PC restart now.
 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 April 2016 - 07:40 PM

Here's the report:

 

Zemana AntiMalware 2.20.2.140 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/4/10
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-4590 CPU @ 3.30GHz
BIOS Mode              : Legacy
CUID                   : 00EC7760E7157D43C29B68
Scan Type              : Smart Scan
Duration               : 10m 46s
Scanned Objects        : 19109
Detected Objects       : 10
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Search
Status             : Scanned
Object             : %fps_browser_user_profile_string%\ - http://searchinterneat-a.akamaihd.net
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search
 
Internet Explorer Search
Status             : Scanned
Object             : %fps_browser_user_profile_string%\ - http://searchinterneat-a.akamaihd.net
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search
 
Internet Explorer Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
 
Firefox Search
Status             : Scanned
Object             : %fps_browser_user_profile_string%\ - http://searchinterneat-a.akamaihd.net
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search
 
Firefox Newtab
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Newtab
 
Chrome Policy
Status             : Scanned
Object             : jbnbfpjjblebipgdnplfdidedpojjfgf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Policy
 
Avira SafeSearch Plus
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\ipmkfpcnmccejididiaagpgchgjfajgp
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Avira SafeSearch Plus
 
Default CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CCFCAF5DF02060D41BD99719B2DF281230B3F742\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CCFCAF5DF02060D41BD99719B2DF281230B3F742\Blob = 190000000100000010000000EBC827A5D201A6FD5596D0F894D54EC00F000000010000002000000037AC0F05EC348679B2482000A64758FCCE2C47296C6F17D8E959587E7299DAC50200000001000000BC0000001C0000006C0000000100000020000000000000000000000001000000620034006400340036003100630036002D0066003500650036002D0034003800610065002D0062006300320033002D0061006300360038003600330066003400350031003400630000000000000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072000000030000000100000014000000CCFCAF5DF02060D41BD99719B2DF281230B3F742140000000100000014000000E4654000D0DA5DC9327AF1377EE6A81B3754BC702000000001000000A10200003082029D30820206A00302010202086224457806CF7EF8300D06092A864886F70D01010B05003022310B30090603550406130255533113301106035504030C0A44656661756C74204341301E170D3136303130323139323832355A170D3234313233303139323832355A3022310B30090603550406130255533113301106035504030C0A44656661756C7420434130819F300D06092A864886F70D010101050003818D0030818902818100E9BDC3B5452EB6BF447BCA0362D39444D4FE8B9E55B606FE203A9A83469C011275A1C1A81B6D109A69D05395542E06964ADC8329636BD3C42587187F76CF1C0168A7E641B27E566B4C317E6CE68363C3923B4A1A504DD91602A0E3C8C88C64C8C974B1572D7CE828853598D657CC024EC74FE5EFE573A78C7E67D3EE6B7856050203010001A381DB3081D8300E0603551D0F0101FF04040302010630120603551D130101FF040830060101FF020104301106096086480186F8420101040403020106301D0603551D0E04160414E4654000D0DA5DC9327AF1377EE6A81B3754BC7030510603551D23044A30488014E4654000D0DA5DC9327AF1377EE6A81B3754BC70A126A4243022310B30090603550406130255533113301106035504030C0A44656661756C7420434182086224457806CF7EF8302D06096086480186F842010D0420161E436572746966696361746520697373756564206279204C6F674D65496E2E300D06092A864886F70D01010B0500038181003C80604A600C0F6DF6FE54F1AC069C1A74CC4D2390165E7B4374AC5B3EF5CF70CBAE1B06011C7857DD708B5E5DDAA3D5C66CE3F593F2701F6319E84C8DA4E8B6CEE75C4A5BB725A05B4EBEAE1A7B5A7EE2EC95D19653D8C9561EB066B92E60579B1AF0868DC6EFA768AC82C2E4172E979D83CCA8DB2EFCD9DB5245035437B2E0
 
Default CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\1BBE293F7CE0C30393695BB876B4B4F5AB43B6B5\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\1BBE293F7CE0C30393695BB876B4B4F5AB43B6B5\Blob = 19000000010000001000000019AD4A43E5E588073B62BFC723C8BC4A0F0000000100000020000000AD39B0378C40285F6C7F3FCA1C3C38FC8EF277B61A655FDAF68E52A71D711B3D0200000001000000BC0000001C0000006C0000000100000020000000000000000000000001000000620030003500380030003100370065002D0036006600380063002D0034003300350066002D0061003200300033002D0066003600320033003600350037003800640062003000370000000000000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F007600690064006500720000000300000001000000140000001BBE293F7CE0C30393695BB876B4B4F5AB43B6B514000000010000001400000081DBF617FFF8C025DFE38172DB7CC2DDAC6D2BF42000000001000000A10200003082029D30820206A0030201020208201BFA3609792C92300D06092A864886F70D01010B05003022310B30090603550406130255533113301106035504030C0A44656661756C74204341301E170D3135313230313035323133305A170D3234313132383035323133305A3022310B30090603550406130255533113301106035504030C0A44656661756C7420434130819F300D06092A864886F70D010101050003818D0030818902818100CE33B488283CB43FFA626716F5CF2574AB3D122EFD3CA8D87D1B8AFDCF5CE5EB73A8BCE187A0D3F094F1E3E707B2C6840688B80FB579B0CA51E6E15579C5F291C21C5623BEF4E2E9258C075F04AD768DBFA23B5332D3C2A8677AEF290F65D4ACCE15CDDF2417CF7C898C1C1C09D316F3AFA3A00DD1FFC300E126398F759F263D0203010001A381DB3081D8300E0603551D0F0101FF04040302010630120603551D130101FF040830060101FF020104301106096086480186F8420101040403020106301D0603551D0E0416041481DBF617FFF8C025DFE38172DB7CC2DDAC6D2BF430510603551D23044A3048801481DBF617FFF8C025DFE38172DB7CC2DDAC6D2BF4A126A4243022310B30090603550406130255533113301106035504030C0A44656661756C742043418208201BFA3609792C92302D06096086480186F842010D0420161E436572746966696361746520697373756564206279204C6F674D65496E2E300D06092A864886F70D01010B05000381810050D1FF2F5B84EF6AC07CA2FC55B7BE3A77FD5349BACA95ED5E53F7605BEF5E0C9B580DE7E8705461533FFBE247C457289CB187C086591207F396CE3E4F850094AC92B06D4282EC9DC7E1D0CAE2FB100B214ECA84D291077B514229A90F0E824C88EEFF84D1256C671AA25E74C7972EDC249C31F49BBCF7290653A4696DC28FD0
 
Metal Gear Solid V The Phantom Pain v1.01 Plus 22 Trainer.exe
Status             : Scanned
Object             : %userprofile%\desktop\metal gear solid v the phantom pain v1.01 plus 22 trainer.exe
MD5                : 9698A25742F82261A318933C7752C548
Publisher          : -
Size               : 1001472
Version            : 1.0.0.0
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\metal gear solid v the phantom pain v1.01 plus 22 trainer.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 10
Reported as safe      : 0
Failed                : 0


#8 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 10 April 2016 - 08:17 PM

Hi again,

 

Step1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step2:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Step3:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 April 2016 - 09:58 PM

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/10/2016
Scan Time: 6:28 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.10.05
Rootkit Database: v2016.04.09.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Clyde Rypins
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407994
Time Elapsed: 1 hr, 14 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Delete-on-Reboot, [79b43a73029770c6b36c5bb15fa5a15f], 
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Delete-on-Reboot, [81acaeff99003bfb70af4ac29371aa56], 
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AmiUpdXp, Delete-on-Reboot, [e647426b792011254df9aad0bd47926e], 
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [75b82c813f5aba7c2bea48e3c3407f81], 
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [31fc84291881b48275de52f39272ae52], 
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [45e8b4f97821a1950451a4a126de837d], 
PUP.Optional.OutBrowse, HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\SOFTWARE\OB, Quarantined, [80ad337a71287db96a223ff331d315eb], 
 
Registry Values: 5
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [ea43affebddcf64098453320947004fc]
PUP.Optional.Yontoo, HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [58d5c2eb5445c472110f1b3855afe21e]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\SOFTWARE\OB|monitype2, 12/14/15 17:12:35, Quarantined, [80ad337a71287db96a223ff331d315eb]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\SOFTWARE\OB|monitype15, 12/14/15 17:12:35, Quarantined, [b37acce132671a1c90fcec46a3619a66]
PUP.Optional.OutBrowse, HKU\S-1-5-21-2086023237-4107132898-1909750932-1000\SOFTWARE\OB|monitype27, 12/14/15 17:12:35, Quarantined, [ac81b4f96633db5b424add559074d32d]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 5
HackTool.LOIC, C:\Users\Clyde Rypins\Downloads\LOIC-1.0.8-binary.zip, Quarantined, [6fbe149975245dd9068575169e63837d], 
PUP.Optional.SoftwareUpdater, C:\Windows\Tasks\AmiUpdXp.job, Quarantined, [2b02921b32670e28a2a12b4f689c6a96], 
PUP.Optional.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, Quarantined, [75b848651287d95d7bca0a7029db758b], 
PUP.Optional.Yontoo, C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQFaWQ9JFwUabQpcUVhcFQAWeRQBAwBGDFMRdAhcWA5HRAxFIx9aFQQTR0cFME0FB18EURNNfWpdBGsUUkBPNEpwFFs=&q={searchTerms}");), Replaced,[111c921bf8a1c86e9d6915458085f907]
PUM.Optional.FireFoxSearchOverride, C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\user.js, Quarantined, [b27bd6d76534a1954452bda1cc394bb5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
FSS:
 
Farbar Service Scanner Version: 27-01-2016
Ran by Clyde Rypins (administrator) on 10-04-2016 at 18:28:12
Running from "C:\Users\Clyde Rypins\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
MTB:
 
 
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Clyde Rypins (administrator) on 10-04-2016 at 18:24:59
Running from "C:\Users\Clyde Rypins\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
LogMeIn Hamachi Virtual Ethernet Adapter = Hamachi (Connected)
ASUS PCE-N10 11n Wireless LAN PCI-E Card = Wireless Network Connection (Hardware not present)
ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter = Ethernet 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
set interface interface="VirtualBox Host-Only Network" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ClydeRypins-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : LogMeIn Hamachi Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 7A-79-19-88-D0-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1988:d0cd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::bcb2:7ccd:67b8:70c0%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.136.208.205(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Saturday, April 09, 2016 9:37:10 PM
   Lease Expires . . . . . . . . . . : Sunday, April 09, 2017 9:37:07 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 167923954
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-73-3A-59-D0-50-99-66-EB-3C
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : D8-EB-97-BD-2E-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D0-50-99-66-EB-3C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b8ef:a166:6746:9707%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.16(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, April 08, 2016 1:12:59 PM
   Lease Expires . . . . . . . . . . : Monday, April 11, 2016 9:37:02 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248533145
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-73-3A-59-D0-50-99-66-EB-3C
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{8DEF002A-30A1-4045-890E-D00253448BBE}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:10b3:3b8a:b8f6:4d0(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::10b3:3b8a:b8f6:4d0%6(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 520093696
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-73-3A-59-D0-50-99-66-EB-3C
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{831224CC-4226-4F60-B453-29BC473E581D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:80b::200e
 74.125.138.139
 74.125.138.100
 74.125.138.113
 74.125.138.138
 74.125.138.102
 74.125.138.101
 
 
Pinging google.com [173.194.219.138] with 32 bytes of data:
Reply from 173.194.219.138: bytes=32 time=82ms TTL=37
Reply from 173.194.219.138: bytes=32 time=77ms TTL=37
 
Ping statistics for 173.194.219.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 82ms, Average = 79ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=93ms TTL=44
Reply from 98.139.183.24: bytes=32 time=85ms TTL=44
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 85ms, Maximum = 93ms, Average = 89ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...7a 79 19 88 d0 cd ......LogMeIn Hamachi Virtual Ethernet Adapter
  2...d8 eb 97 bd 2e 46 ......ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter
 13...d0 50 99 66 eb 3c ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.16     10
          0.0.0.0          0.0.0.0         25.0.0.1   25.136.208.205   9256
         25.0.0.0        255.0.0.0         On-link    25.136.208.205   9256
   25.136.208.205  255.255.255.255         On-link    25.136.208.205   9256
   25.255.255.255  255.255.255.255         On-link    25.136.208.205   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.16    266
     192.168.1.16  255.255.255.255         On-link      192.168.1.16    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.16    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.16    266
        224.0.0.0        240.0.0.0         On-link    25.136.208.205   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.16    266
  255.255.255.255  255.255.255.255         On-link    25.136.208.205   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15   9005 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6abd:10b3:3b8a:b8f6:4d0/128
                                    On-link
 15    261 2620:9b::/96             On-link
 15    261 2620:9b::1988:d0cd/128   On-link
 13    266 fe80::/64                On-link
 15    261 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::10b3:3b8a:b8f6:4d0/128
                                    On-link
 13    266 fe80::b8ef:a166:6746:9707/128
                                    On-link
 15    261 fe80::bcb2:7ccd:67b8:70c0/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
 15    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/10/2016 03:36:58 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 7.18.0.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 42b4
 
Start Time: 01d192e2ff549ba5
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: ba5de263-ff6c-11e5-92c2-d8eb97bd2e46
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/10/2016 12:32:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2144
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (04/10/2016 11:51:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10586.11, time stamp: 0x56457cb1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x5790
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5
 
Error: (04/10/2016 10:06:40 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (04/09/2016 09:41:43 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
 
Error: (04/09/2016 09:41:40 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (04/09/2016 09:41:40 PM) (Source: Perflib) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
System errors:
=============
Error: (04/10/2016 05:20:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.217.1043.0).
 
Error: (04/09/2016 01:31:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_1bcb1b service to connect.
 
Error: (04/09/2016 01:31:28 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_1bcb1b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/09/2016 11:43:41 AM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 09:57:47 AM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 09:20:45 AM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 10:05:58 PM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 06:35:20 PM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 05:18:19 PM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/08/2016 05:12:32 PM) (Source: DCOM) (User: ClydeRypins-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ClydeRypins-PCClyde RypinsS-1-5-21-2086023237-4107132898-1909750932-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
 
Microsoft Office Sessions:
=========================
Error: (04/10/2016 03:36:58 PM) (Source: Application Hang)(User: )
Description: Skype.exe7.18.0.11242b401d192e2ff549ba54294967295C:\Program Files (x86)\Skype\Phone\Skype.exeba5de263-ff6c-11e5-92c2-d8eb97bd2e46
 
Error: (04/10/2016 12:32:02 PM) (Source: Application Error)(User: )
Description: SearchUI.exe10.0.10586.63568b1fdcunknown0.0.0.000000000e04646450000000000000000214401d192e2d4300052C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeunknown02dff721-88b0-47ef-8dca-37b2671ef5afMicrosoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyCortanaUI
 
Error: (04/10/2016 11:51:00 AM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.10586.1156457cb1unknown0.0.0.000000000e04646450000000000000000579001d193283d498251C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeunknowna2737c1c-530e-4b1b-a189-9cc4173c7bd0windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
 
Error: (04/10/2016 10:06:40 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (04/09/2016 09:41:43 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
 
Error: (04/09/2016 09:41:40 PM) (Source: PerfNet)(User: )
Description: 
 
Error: (04/09/2016 09:41:40 PM) (Source: Perflib)(User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib)(User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll8
 
Error: (04/09/2016 09:41:38 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-03-22 16:21:10.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-13 11:37:58.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-12 03:19:48.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 17:49:52.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-04 13:04:13.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-15 13:32:54.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-14 11:44:49.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-19 12:58:04.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-15 11:52:44.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-10 13:32:00.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Edge Animate CC 2015 (HKLM-x32\...\{92AC6B8F-F962-11E4-867D-81149C0292DF}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2015 (HKLM-x32\...\{31390329-FFF0-11E4-85AD-AF2C4143F080}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Fuse CC (Preview) (HKLM-x32\...\{06F1F289-ACFE-43A2-A654-7950079D6685}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InCopy CC 2015 (HKLM-x32\...\{9EF1DB49-6D32-1014-93B7-EB62FA572532}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{25CC1EC0-19D9-11E5-952D-BD72CD08879E}) (Version: 2015.0.2.4 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Prelude CC 2015 (HKLM-x32\...\{4D911A81-7146-470C-A48F-98479255251C}) (Version: 4.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2015 (HKLM-x32\...\{8FD7F1DB-7355-469E-A3F2-2118148D8477}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advanced Port Scanner 2.4 (HKLM-x32\...\{10F177CF-543F-4BC2-A297-DBF73709D3C5}) (Version: 2.4.2750 - Famatech)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AMD Catalyst Install Manager (HKLM\...\{7D4332CC-C86B-671A-592C-2F72B996D8C8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Aperture Tag: The Paint Gun Testing Initiative (HKLM-x32\...\Steam App 280740) (Version:  - Aperture Tag Team)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.5-r5 - Arduino LLC)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.1.2 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clyde CC (HKLM\...\{E4736CEB-AE4D-48E8-BC7B-B9CA6892697B}) (Version: 1.0.0 - Adobe Systems Incorporated) Hidden
CommView (HKLM-x32\...\{70C4E840-DAB4-11DF-5F90-014727066952}) (Version: 6.5 - TamoSoft)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
DisplayLink Core Software (HKLM\...\{0A7DC53D-6DAE-493F-805F-74F7ED7BD438}) (Version: 7.9.478.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{C4BA56E5-1992-41BC-B3FE-0D693B93DCA1}) (Version: 7.9.522.0 - DisplayLink Corp.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dying Light Demo (HKLM\...\Steam App 381570) (Version:  - Techland)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)
f.lux (HKCU\...\Flux) (Version:  - )
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Fishing Planet (HKLM-x32\...\Steam App 380600) (Version:  - Fishing Planet LLC)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\Steam App 322170) (Version:  - RobTop Games)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
I am Bread (HKLM-x32\...\Steam App 327890) (Version:  - Bossa Studios)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Keep Talking and Nobody Explodes (HKLM-x32\...\Steam App 341800) (Version:  - Steel Crate Games)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{9C9094DB-BDBD-408C-B136-FFC67E3F0DFB}) (Version: 4.1.6422 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\{446B150E-993B-4D5B-BA82-3C496B5F62D5}) (Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
Node.js (HKLM\...\{8C7BB038-9DF2-4B43-8BF7-42D95559E459}) (Version: 4.1.1 - Node.js Foundation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.6.0.142 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.0.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.0.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
OSC Third Party Libraries (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSCLib) (Version: 1.1 - NVIDIA Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAR Password Cracker (HKLM-x32\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.1.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28129 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.95 (HKLM-x32\...\SafeZone 1.48.2066.95) (Version: 1.48.2066.95 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.9.0.48 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Way of Life Free Edition (HKLM-x32\...\Steam App 310370) (Version:  - Fabio Ferrara)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Velvet Sundown (HKLM-x32\...\Steam App 307290) (Version:  - Tribe Studios)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
Viridi (HKLM-x32\...\Steam App 375950) (Version:  - Ice Water Games)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH)
Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, http://www.wireshark.org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 8143.13 MB
Available physical RAM: 4090.67 MB
Total Virtual: 16335.13 MB
Available Virtual: 10485.5 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:930.97 GB) (Free:587.95 GB) NTFS
4 Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:580.45 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CLYDERYPINS-PC
 
Administrator            Clyde Rypins             DefaultAccount           
Guest                    
 
 
**** End of log ****


#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 11 April 2016 - 06:42 AM

Please run again as administrator.

4-Norton Internet Security
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&pvid=f-home
5-Avastclear
https://www.avast.com/uninstall-utility
PC restart now.
 
============================================================

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 11 April 2016 - 12:48 PM

# AdwCleaner v5.110 - Logfile created 11/04/2016 at 10:12:11
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Clyde Rypins - CLYDERYPINS-PC
# Running from : C:\Users\Clyde Rypins\Downloads\adwcleaner_5.110 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\prefs.js] [Preference] Deleted : user_pref("extensions.safesearchplus2@avira.com.prev_default_engine_name", "\"Google\"");
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1695 bytes] - [11/04/2016 10:12:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [6590 bytes] - [10/04/2016 16:59:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [1944 bytes] - [11/04/2016 10:09:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1914 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Pro x64 
Ran by Clyde Rypins (Administrator) on Mon 04/11/2016 at 10:27:07.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
 
Deleted the following from C:\Users\Clyde Rypins\AppData\Roaming\Mozilla\Firefox\Profiles\984nydm3.default\prefs.js
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\Clyde Rypins\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\984nydm3.
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/11/2016 at 10:32:39.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 11 April 2016 - 01:11 PM

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Clyde Rypins [Administrator]
Started from : C:\Users\Clyde Rypins\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/11/2016 11:12:11
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2086023237-4107132898-1909750932-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2086023237-4107132898-1909750932-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-1ER162 SCSI Disk Device +++++
--- User ---
[MBR] ed205f34a2182ddb44422d38b3c30e58
[BSP] e914e544ebf4c572712149d503b03094 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User != LL1 ... KO!
--- LL1 ---
[MBR] ed205f34a2182ddb44422d38b3c30e58
[BSP] e914e544ebf4c572712149d503b03094 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB[Invalid]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB[Invalid]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User != LL2 ... KO!
--- LL2 ---
[MBR] ed205f34a2182ddb44422d38b3c30e58
[BSP] e914e544ebf4c572712149d503b03094 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB[Invalid]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB[Invalid]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
 
+++++ PhysicalDrive1: Seagate FreeAgent GoFlex USB Device +++++
--- User ---
[MBR] 56667edc96c5066b0f64b61e9bda374b
[BSP] 0986f2b83b0c7abc7be2c8d4e6ea2408 : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#13 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 11 April 2016 - 04:02 PM

Thanks. Your report is clean.

===========================

Run Eset Online Scan
Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

---------------------

How is your system responding now, any issues or concerns ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 clyderr

clyderr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 12 April 2016 - 01:10 PM

C:\Users\Clyde Rypins\Downloads\ccsetup515.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted

C:\Users\Clyde Rypins\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Clyde Rypins\Downloads\METAL.GEAR.SOLID.5.TPP.V1.08.PLUS22TRN.FLING.ZIP a variant of Win64/GameHack.M potentially unsafe application deleted
C:\Users\Clyde Rypins\Downloads\rcsetup152.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
___________________________________________________
 
 
In terms of other questions:
In my original question, I asked about a specific malware that I believe was deleted. Can you or someone else on the forum answer that question?
I really appreciate your help in cleaning my computer.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 12 April 2016 - 06:26 PM

 We have made many fix . Now let's look at the latest situation

For this, please post a fresh FRST Logs. (Frst.txt and Additional.txt)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users