Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wpad Proxies, High CPU by wuauserv doing nothing, slow performance


  • Please log in to reply
24 replies to this topic

#1 Janmihkkel

Janmihkkel

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 14 July 2016 - 04:45 PM

My work PC's already 4 years old and it's a DIY desktop,not a branded one. And since the day I bought it till now, I've been very keen on avoiding all kinds of trouble, especially viruses. But last night, actually it's been a week, a lot of things had been going on with it from problems with the network icon loading times, long post boot times, recurring browser redirects, to almost 82 proxy entries (Wpad related) in my registry. My latest DDS scan also revealed I have more than 50 domain listings??? I managed to clean the 82 proxies but I think there are still remnants. I can only do much as my knowledge permits, hope someone here can help. Attached here are my scans. Thank you very much in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:43 PM

Posted 16 July 2016 - 08:28 AM

​Hi,

​We will use FRST to clean some items out of the log and go from there.

Copy/paste whats below into notepad and save it as fixlist.txt in the same location that you have FRST saved. Start FRST like before except this time click on the Fix button once.

Machine may reboot to finish. After the restart it will display an new log: fixlog.txt which you can copy/paste in your reply.

​Usually only on this site once or twice per day so you may not get a reply back until the following day.

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5021296 2011-12-06] (VIA)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1963877699-599521954-4202938636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2016-07-14 18:13 - 2016-07-14 18:13 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Public\C360_2015-07-05-18-25-30-569.jpg.bat
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
Empty Temp:
Hosts:


How Can I Reduce My Risk to Malware?


#3 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 17 July 2016 - 01:59 PM

Hi and a million thanks, Shelf Life! I am terribly sorry for my late response, catching up on my deadlines while my PC still allows some work to be done despite the troubles. Please keep me company during the cleanup, I'll do my best to follow instructions and comply. I love my gear so much and I'm avoiding reinstallation. =(

 

I'll do the fix this morning and will update you.

 

God bless



#4 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 17 July 2016 - 02:13 PM

Hi Shelf Life,

 

Here are the log contents:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03
Ran by Michael (2016-07-18 03:05:49) Run:1
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5021296 2011-12-06] (VIA)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1963877699-599521954-4202938636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2016-07-14 18:13 - 2016-07-14 18:13 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Public\C360_2015-07-05-18-25-30-569.jpg.bat
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
Empty Temp:
Hosts:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HDAudDeck => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1963877699-599521954-4202938636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"C:\Users\Public\C360_2015-07-05-18-25-30-569.jpg.bat" => not found.
"C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47117035 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3716 B
Edge => 0 B
Chrome => 531177491 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 418 B
systemprofile32 => 33058 B
LocalService => 33058 B
NetworkService => 34544 B
Michael => 14357286 B
Administrator => 15152 B
 
RecycleBin => 0 B
EmptyTemp: => 573.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 03:05:55 ====


#5 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 17 July 2016 - 02:16 PM

One of the issues persistent right now is that Windows update always start at high CPU readings everytime I start my PC and I have to disable it temporarily. I also seem to lost administrative privileges since I enabled my builtin admin account 3 days ago while troubleshooting the problems. =(

 

Will keep you posted and post additional scans for your kind reference. 

 

Thank you.



#6 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:43 PM

Posted 17 July 2016 - 05:45 PM

Check this link, in the first reply theres a link to a MS update troubleshooter you can download and run as well as some other suggestions.

https://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-update-service-uses-high-cpu-manual-update/b30d46c5-1c58-4ded-b55b-c3282c3668b1?auth=1


How Can I Reduce My Risk to Malware?


#7 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 17 July 2016 - 06:06 PM

Thank you,Shelf Life. =) I'm doing the instructions you gave and I'll keep you posted on the results.How can we be sure it's not malware messing with my Windows Update client? Thank you for your efforts at helping, they are very much appreciated. =)



#8 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:43 PM

Posted 18 July 2016 - 04:31 PM

HI,

​Ok  thanks for the info.

"How can we be sure it's not malware"

​all we can do really is run the usual tools. If you want 100 confidence then you wipe (format) and reinstall the OS. Depending on the malware involved that measure may not be necessary. Rootkits,ransomware then probably yes.

​Looks like you have run several tools already like MBAM, SAS, tdsskiller and Roguekiller etc these are the typical tools used around here.

​You can do a online scan also as another opinion and see if that digs up anything.

​Theres a scan now button at ESET:

https://www.eset.com/us/online-scanner/


How Can I Reduce My Risk to Malware?


#9 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 18 July 2016 - 10:29 PM

Hi Shelf Life,

 

Am scanning with ESET now. Good news, seems like the only problem I have is with the privilege restoration and Windows update  starting and hogging CPU resources. No malware related problems so far. The fix you gave me is magic, since I deployed it, my PC's been recovering gradually. Thank you so very much! =)

 

Will post some scan results later this afternoon.



#10 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:43 PM

Posted 19 July 2016 - 05:36 PM

Hi,

Ok thats good news on that front.

 

Some info about the high cpu usage at link below:

 

https://social.technet.microsoft.com/Forums/windows/en-US/4a782e40-bbd8-40b7-869d-68e3dfd1a5b4/windows-update-scan-high-memory-usage?forum=w7itproperf


How Can I Reduce My Risk to Malware?


#11 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 19 July 2016 - 06:06 PM

Hi Shelf Life! =)

 

Am reading the article now and will apply the fixes. Meanwhile, here are my latest FRST scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by Michael (administrator) on MICHAEL-PC (20-07-2016 07:00:07)
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(AddGadgets) C:\Users\Michael\Desktop\Neutron Utilities\PCMeter\PCMeterV0.3.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Charles DeWeese) C:\Program Files (x86)\iTraffic Monitor\iTrafficMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTraffic Monitor] => C:\Program Files (x86)\iTraffic Monitor\iTrafficMon.exe [942080 2009-04-22] (Charles DeWeese)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-30] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-09-03]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
BootExecute: autocheck autochk /k:C * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{351A649A-1C17-491F-B01F-16FE380F57D7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{371E031E-1F19-4BE9-AE97-62D5EA4DC5BF}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{5E447FBD-20BE-497B-9312-F4F3D1097F84}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{FD56687A-A0E5-49A0-BB72-66800EC97ECD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1963877699-599521954-4202938636-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1963877699-599521954-4202938636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-1963877699-599521954-4202938636-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?pc=UE09&ocid=UE09DHP
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-30] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Filter-x32: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files (x86)\YAMAHA\MidRadio Player\MidRadio.ocx [2006-12-26] (YAMAHA CORPORATION)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-30]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-30]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR StartupUrls: Profile 1 -> "hxxp://google.com.ph/"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Avast Online Security) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-16] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-30] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2015-01-24] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-06-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-06-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-06-30] (AVAST Software)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-14] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [55856 2014-08-30] (MusicLab, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-15] (Tobias Erichsen)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Michael\AppData\Local\Temp\mfe_rr.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Michael\AppData\Local\Temp\tmp6BBD.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-20 06:58 - 2016-07-20 06:59 - 47143404 _____ C:\Users\Michael\Desktop\ItMight_Akin_Master.wav
2016-07-20 05:29 - 2016-07-20 05:40 - 94290784 _____ C:\Users\Michael\Desktop\ItMight_Akin.wav
2016-07-20 02:47 - 2016-07-20 02:47 - 02391552 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2016-07-19 13:13 - 2016-07-19 13:15 - 25353288 _____ C:\Users\Michael\Downloads\RogueKillerX64 (6).exe
2016-07-19 12:41 - 2016-07-19 12:53 - 106362268 _____ C:\Users\Michael\Downloads\Unconfirmed 634314.crdownload
2016-07-19 09:37 - 2016-07-19 09:37 - 00000000 ____D C:\Users\Michael\Documents\SPL
2016-07-19 02:12 - 2016-07-19 02:12 - 00000326 _____ C:\Users\Michael\Desktop\MamiManok's Proposal =).txt
2016-07-18 16:31 - 2016-07-18 16:31 - 00738880 _____ (Oracle Corporation) C:\Users\Michael\Downloads\JavaSetup8u91.exe
2016-07-18 15:53 - 2016-07-18 15:53 - 00027492 _____ C:\Users\Michael\Downloads\LBC - Cost Estimate - Zambales, North Luzon, Luzon, Philippines-Bulacan, South Luzon, Luzon, Philippines.pdf
2016-07-18 13:03 - 2016-07-18 13:25 - 69903778 _____ C:\Users\Michael\Desktop\JustDon'tMindMe_FullDraft.wav
2016-07-18 08:55 - 2016-07-18 08:58 - 52437728 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.38.exe
2016-07-18 07:18 - 2016-07-18 07:18 - 00313366 _____ C:\Users\Michael\Downloads\WindowsUpdateDiagnostic (5).diagcab
2016-07-18 06:56 - 2016-07-18 06:56 - 00313366 _____ C:\Users\Michael\Downloads\WindowsUpdateDiagnostic (4).diagcab
2016-07-18 03:07 - 2016-07-18 03:07 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-07-17 11:35 - 2016-07-17 11:37 - 41942208 _____ C:\Users\Michael\Downloads\Unconfirmed 559222.crdownload
2016-07-17 11:11 - 2016-07-17 11:12 - 00692572 _____ C:\TDSSKiller.3.1.0.9_17.07.2016_11.11.16_log.txt
2016-07-17 11:09 - 2016-07-17 11:09 - 00006098 _____ C:\TDSSKiller.3.1.0.9_17.07.2016_11.09.26_log.txt
2016-07-17 11:07 - 2016-07-17 11:07 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\iExplore (1).exe
2016-07-17 10:52 - 2016-07-17 10:52 - 00001480 _____ C:\Users\Michael\Desktop\scan_160717-104418.txt
2016-07-17 08:20 - 2016-07-20 06:58 - 00000032 _____ C:\Users\Michael\AppData\Roaming\msregsvv.dll
2016-07-17 05:26 - 2016-07-17 05:26 - 00380928 _____ C:\Users\Michael\Downloads\8cqi1dol.exe
2016-07-17 05:18 - 2016-07-17 05:18 - 00031879 _____ C:\ComboFix.txt
2016-07-17 04:59 - 2016-07-18 02:50 - 00000000 ____D C:\Qoobox
2016-07-17 03:04 - 2016-07-17 03:04 - 00214298 _____ C:\Users\Michael\Downloads\winfilefolder.DiagCab
2016-07-17 02:57 - 2016-07-17 02:57 - 00001170 _____ C:\Users\Michael\Downloads\folderfix.zip
2016-07-15 11:20 - 2016-07-15 11:20 - 00000000 _____ C:\Windows\system32\config\SOFTWAREb54ff8d8
2016-07-15 08:44 - 2016-07-15 09:06 - 50483930 _____ C:\Users\Michael\Documents\Pepperoni_2016.wav
2016-07-15 06:14 - 2016-07-15 06:14 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-07-15 02:23 - 2016-07-15 02:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill.exe
2016-07-15 01:42 - 2016-07-15 01:42 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2016-07-15 01:02 - 2016-07-15 01:02 - 03298367 _____ C:\Users\Michael\Downloads\Windows6.1-KB3050265-x64.msu
2016-07-15 01:02 - 2016-07-15 01:02 - 00000000 ____D C:\02f188c045654ae630aff0
2016-07-14 23:10 - 2016-07-17 10:52 - 00000000 ____D C:\EEK
2016-07-14 22:51 - 2016-07-14 23:04 - 243789992 _____ C:\Users\Michael\Downloads\EmsisoftEmergencyKit.exe
2016-07-14 22:48 - 2016-07-14 22:48 - 00212772 _____ C:\TDSSKiller.3.1.0.9_14.07.2016_22.48.17_log.txt
2016-07-14 22:43 - 2016-07-14 22:44 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\iExplore.exe
2016-07-14 20:42 - 2016-07-14 20:42 - 00174147 _____ C:\Users\Michael\Downloads\Voice-034.m4a
2016-07-14 18:39 - 2016-07-14 18:39 - 00000000 ____D C:\Program Files\PSLoggedon
2016-07-14 18:19 - 2016-07-14 18:20 - 14324408 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\MSEInstall.exe
2016-07-14 08:56 - 2016-07-14 09:01 - 00006537 _____ C:\Users\Michael\Downloads\netadapter-log-2016-07-14-8-56-47.txt
2016-07-14 08:56 - 2016-07-14 08:56 - 00003646 _____ C:\Users\Michael\Downloads\netadapter-log-2016-07-14-8-56-26.txt
2016-07-14 08:56 - 2016-07-14 08:56 - 00003646 _____ C:\Users\Michael\Downloads\netadapter-log-2016-07-14-8-56-06.txt
2016-07-14 08:54 - 2016-07-14 08:54 - 02091520 _____ (Conner Bernhard) C:\Users\Michael\Downloads\NetAdapterRepair1.2.exe
2016-07-14 08:15 - 2016-07-14 08:15 - 00001321 _____ C:\Users\Michael\Downloads\Reset_Windows_Update_History.bat
2016-07-14 08:11 - 2016-07-14 08:11 - 00313366 _____ C:\Users\Michael\Downloads\WindowsUpdateDiagnostic (3).diagcab
2016-07-14 07:38 - 2015-12-24 21:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-07-14 06:11 - 2016-07-14 06:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\earmaster pro 6
2016-07-14 05:59 - 2016-07-14 03:42 - 02943858 _____ C:\Windows\ntbtlog.txt
2016-07-14 05:17 - 2016-07-14 05:17 - 03712064 _____ C:\Users\Michael\Downloads\adwcleaner_5.201 (1).exe
2016-07-13 21:46 - 2016-07-13 21:48 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe
2016-07-13 19:08 - 2016-07-13 19:09 - 24482376 _____ C:\Users\Michael\Downloads\RogueKillerX64 (5).exe
2016-07-13 19:05 - 2016-07-13 19:06 - 20201032 _____ C:\Users\Michael\Downloads\RogueKiller.exe
2016-07-13 15:56 - 2016-07-13 15:56 - 00000000 ____D C:\.oracle_jre_usage
2016-07-12 15:20 - 2016-07-12 15:20 - 01743625 _____ C:\Windows\SysWOW64\TmpA68847422
2016-07-12 15:20 - 2016-07-12 15:20 - 01743625 _____ C:\Windows\SysWOW64\TmpA68836392
2016-07-12 15:20 - 2016-07-12 15:20 - 01743625 _____ C:\Windows\SysWOW64\TmpA68828015
2016-07-12 12:23 - 2016-07-12 12:23 - 00000000 ____D C:\Users\Michael\Desktop\Bibe
2016-07-12 04:57 - 2016-07-12 04:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SPL Plug-Ins
2016-07-12 04:52 - 2016-07-12 04:52 - 00000000 ____D C:\ProgramData\Plugin Alliance
2016-07-12 03:26 - 2016-07-14 14:27 - 00000000 ____D C:\Program Files (x86)\Plugin Alliance
2016-07-12 03:26 - 2016-07-12 03:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plugin Alliance
2016-07-12 00:17 - 2016-07-12 00:17 - 00000000 ____D C:\Program Files (x86)\Softube
2016-07-11 23:31 - 2016-07-12 00:12 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\uTorrent
2016-07-11 07:03 - 2016-07-11 07:03 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2016-07-11 06:46 - 2011-11-11 21:50 - 02915440 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2016-07-11 06:46 - 2011-11-11 21:50 - 02182768 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2016-07-11 06:46 - 2011-11-11 21:50 - 00675952 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2016-07-11 06:14 - 2016-07-11 06:14 - 00000000 ____D C:\Cakewalk Projects
2016-07-10 23:33 - 2016-07-10 23:33 - 04250121 _____ C:\Users\Michael\Downloads\P8H61-M-LX3-PLUS-R2-ASUS-1106.zip
2016-07-10 22:23 - 2016-07-10 22:23 - 00000000 ____D C:\Program Files (x86)\Toontrack
2016-07-10 15:24 - 2016-07-10 15:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Softube
2016-07-10 15:23 - 2016-07-12 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Softube
2016-07-10 15:23 - 2016-07-10 15:23 - 00000000 ____D C:\Program Files\Softube
2016-07-10 15:23 - 2016-07-10 15:23 - 00000000 ____D C:\Program Files\Common Files\Softube
2016-07-09 18:38 - 2016-07-09 18:38 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-07-08 19:12 - 2016-07-08 19:22 - 94204742 _____ C:\Users\Michael\Documents\ItMightBeYou_AltMaster.wav
2016-07-08 18:38 - 2016-07-08 18:39 - 47143404 _____ C:\Users\Michael\Documents\ItMight_Remix_Master.wav
2016-07-08 18:37 - 2016-07-08 18:39 - 04005751 _____ C:\Users\Michael\Downloads\FG-X-User-Guide.pdf
2016-07-08 18:30 - 2016-07-08 18:32 - 94290784 _____ C:\Users\Michael\Documents\ItMight_Remix.wav
2016-07-08 11:34 - 2016-07-08 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Slate Digital
2016-07-08 11:26 - 2016-07-08 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SlateDigital
2016-07-08 06:41 - 2016-07-08 06:42 - 00448315 _____ C:\Users\Michael\Downloads\plugin-presets-from-waves-artists.zip
2016-07-08 06:17 - 2016-07-11 02:29 - 00317464 _____ C:\Users\Michael\activity.txt
2016-07-08 06:16 - 2016-07-08 06:16 - 00000000 _____ C:\Users\Michael\activity
2016-07-08 02:44 - 2016-07-08 02:44 - 05963008 _____ (JAM Software ) C:\Users\Michael\Downloads\TreeSizeFreeSetup (3).exe
2016-07-07 01:08 - 2016-07-07 01:09 - 03183949 _____ C:\Users\Michael\Downloads\Snort_2_9_8_3_Installer.exe
2016-07-06 10:46 - 2016-07-07 01:57 - 00001529 _____ C:\Users\Public\Documents\Lurssen TimeLimitReadExpiration.txt
2016-07-06 10:46 - 2016-07-07 01:57 - 00000284 _____ C:\Users\Public\Documents\Lurssen TimeLimitGenerateLockNames Log.txt
2016-07-06 10:46 - 2016-07-07 01:57 - 00000095 _____ C:\Users\Public\Documents\Lorssen Log.txt
2016-07-06 10:46 - 2016-07-07 01:57 - 00000069 _____ C:\Users\Public\Documents\Lurssen CopyProt Log.txt
2016-07-06 10:46 - 2016-07-07 01:57 - 00000008 _____ C:\Users\Public\Documents\Lurssen TimeLimitWriteOneProductSettings.txt
2016-07-06 04:43 - 2016-07-06 04:43 - 02530304 _____ (BitTorrent Inc.) C:\Users\Michael\Downloads\uTorrent (3).exe
2016-07-06 02:06 - 2016-07-06 02:06 - 03611863 _____ C:\Users\Michael\Downloads\Yiruma - Piano Album.pdf
2016-07-06 01:30 - 2016-07-12 05:08 - 00000000 ____D C:\Users\Michael\Desktop\New Software
2016-07-05 15:59 - 2016-07-05 15:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AudioEase
2016-07-05 15:55 - 2016-07-10 15:23 - 00000000 ____D C:\Users\Michael\Documents\VST3 Presets
2016-07-05 15:55 - 2016-07-05 15:55 - 00000000 ____D C:\Users\Michael\Documents\Pro Tools
2016-07-05 15:55 - 2016-07-05 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altiverb 7
2016-07-05 15:50 - 2016-07-05 15:50 - 00000000 ____D C:\Program Files\Audio Ease
2016-07-05 10:26 - 2016-07-05 10:26 - 00000000 ____D C:\Windows\Trend Micro
2016-07-03 14:25 - 2016-07-03 14:26 - 21334281 _____ C:\Users\Michael\Downloads\multirmx.mov
2016-07-02 15:41 - 2016-07-02 15:41 - 03712064 _____ C:\Users\Michael\Downloads\adwcleaner_5.201.exe
2016-07-02 05:16 - 2016-07-02 05:20 - 36469234 _____ C:\Users\Michael\Documents\LaMesa_Theme.wav
2016-07-01 04:28 - 2016-07-01 04:28 - 00001591 _____ C:\Users\Michael\Downloads\Phlearn+Facial+Hair+Brush.zip
2016-06-30 21:41 - 2016-06-30 21:42 - 21749858 _____ C:\Users\Michael\Downloads\pocketBlakusSpicGift.zip
2016-06-30 21:38 - 2016-06-30 21:40 - 51388879 _____ C:\Users\Michael\Downloads\pocketBlakus 1.6 (1).zip
2016-06-30 09:52 - 2016-06-30 09:54 - 51388879 _____ C:\Users\Michael\Downloads\pocketBlakus 1.6.zip
2016-06-30 08:52 - 2016-07-14 14:27 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2016-06-30 08:52 - 2016-06-30 08:52 - 00002863 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2016-06-30 08:52 - 2016-06-30 08:52 - 00000000 ____D C:\Program Files (x86)\MSECACHE
2016-06-30 03:56 - 2016-06-30 03:56 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-30 03:56 - 2016-06-30 03:56 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-27 02:05 - 2016-06-27 02:06 - 02856736 _____ (MyCity) C:\Users\Michael\Downloads\MCShield-Setup.exe
2016-06-26 08:57 - 2016-06-26 08:57 - 06226734 _____ C:\Users\Michael\Downloads\cd400.zip
2016-06-26 03:42 - 2016-06-26 03:43 - 04646910 _____ C:\Users\Michael\Downloads\4pan1tapk.zip
2016-06-25 23:27 - 2016-07-07 08:23 - 00000000 ____D C:\Users\Michael\Desktop\Tanya
2016-06-24 07:37 - 2016-06-24 07:37 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-06-24 07:17 - 2016-03-09 20:43 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-06-24 07:16 - 2016-06-24 07:16 - 06525488 _____ (Intel) C:\Users\Michael\Downloads\Intel Driver Update Utility Installer (1).exe
2016-06-21 05:08 - 2016-06-21 05:08 - 00049515 _____ C:\Users\Michael\Downloads\DYING INSIDE©=TIMMY THOMAS.kar
2016-06-20 01:49 - 2016-06-20 02:23 - 08494498 _____ C:\Users\Michael\Documents\ForeverMine_MainTheme.wav
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-20 07:00 - 2016-05-13 04:52 - 00000000 ____D C:\FRST
2016-07-20 07:00 - 2015-10-24 10:37 - 00015566 _____ C:\Users\Michael\Downloads\FRST.txt
2016-07-20 06:58 - 2015-12-15 19:26 - 00000048 _____ C:\ProgramData\autobk.inc
2016-07-20 06:58 - 2013-08-04 22:00 - 00000144 _____ C:\Windows\msocreg32.dat
2016-07-20 06:58 - 2013-08-04 22:00 - 00000080 _____ C:\Windows\system32\w3data.vss
2016-07-20 06:58 - 2013-08-04 22:00 - 00000080 _____ C:\Windows\system32\msvcsv60.dll
2016-07-20 06:44 - 2013-08-05 15:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AudioGate
2016-07-20 06:41 - 2009-07-14 12:45 - 00037168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-20 06:41 - 2009-07-14 12:45 - 00037168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-20 06:37 - 2013-08-03 18:46 - 00000000 ____D C:\Users\Michael
2016-07-20 06:29 - 2015-05-30 00:49 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2016-07-20 06:28 - 2013-08-03 18:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 06:27 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 05:04 - 2013-08-03 18:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 02:47 - 2013-08-04 03:16 - 00000000 ___RD C:\Users\Michael\Desktop\Antivirus
2016-07-19 19:10 - 2013-08-03 19:27 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-07-19 13:17 - 2014-07-10 15:58 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-19 11:48 - 2013-08-03 22:56 - 00007611 _____ C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2016-07-19 06:51 - 2013-08-03 23:38 - 00000000 ___RD C:\Users\Michael\Desktop\Music Production
2016-07-18 16:31 - 2014-08-05 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-18 13:27 - 2013-08-21 09:08 - 00000000 ____D C:\AdwCleaner
2016-07-18 13:03 - 2013-08-05 21:43 - 00000000 ____D C:\Users\Michael\Documents\Finale Files
2016-07-18 08:58 - 2013-08-03 19:51 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-18 03:17 - 2013-08-04 02:22 - 00000000 ___RD C:\Users\Michael\Desktop\Neutron Utilities
2016-07-18 03:05 - 2015-03-16 04:07 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Temp
2016-07-18 03:05 - 2009-07-14 11:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-18 02:50 - 2015-01-23 23:36 - 00000000 ____D C:\Windows\erdnt
2016-07-17 09:31 - 2015-07-11 19:39 - 00000000 ____D C:\Users\Michael\New folder
2016-07-17 05:12 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2016-07-17 04:59 - 2009-07-14 13:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-17 04:29 - 2015-09-07 22:28 - 00000000 ____D C:\ProgramData\New Index ni Neutron
2016-07-17 04:26 - 2016-03-04 16:19 - 00000000 ____D C:\Users\Michael\Desktop\Sir Lito New
2016-07-17 04:26 - 2015-12-04 02:15 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-07-17 04:26 - 2015-11-20 20:54 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-17 04:26 - 2015-08-19 19:10 - 00000000 ____D C:\Users\Public\Movies
2016-07-17 04:26 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-17 04:26 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-07-17 04:26 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-07-17 03:05 - 2013-08-03 22:41 - 00000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2016-07-15 18:36 - 2016-02-21 16:45 - 00000000 ____D C:\Users\Michael\Desktop\MyPrettyCousin
2016-07-15 11:06 - 2015-09-26 17:14 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-07-15 09:12 - 2013-08-03 18:46 - 00000000 ____D C:\Users\Michael\AppData\Local\VirtualStore
2016-07-15 06:14 - 2014-12-11 11:33 - 00000000 ____D C:\Users\Michael\Documents\Addictive Keys Logs
2016-07-15 02:05 - 2015-07-21 23:22 - 00000000 ____D C:\Users\Michael\Downloads\FRST-OlderVersion
2016-07-15 01:20 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-07-14 22:32 - 2016-05-27 02:10 - 00000000 ____D C:\Users\Michael\Desktop\Julius Project
2016-07-14 22:32 - 2015-11-03 22:47 - 00000000 ____D C:\Users\Michael\Desktop\Julius Santillan
2016-07-14 19:57 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-14 18:10 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-14 14:27 - 2015-09-03 17:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TP-LINK
2016-07-14 14:27 - 2014-12-11 09:43 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-07-14 14:27 - 2014-10-12 02:39 - 00000000 ____D C:\Program Files (x86)\Adobe Audition VSTs
2016-07-14 14:27 - 2013-08-03 23:40 - 00000000 ____D C:\Program Files\vstplugins
2016-07-14 14:27 - 2013-08-03 23:40 - 00000000 ____D C:\Program Files (x86)\vstplugins(x86)
2016-07-14 08:05 - 2013-08-08 14:02 - 01517474 _____ C:\Users\Michael\AppData\Local\census.cache
2016-07-14 08:05 - 2013-08-08 14:02 - 00115362 _____ C:\Users\Michael\AppData\Local\ars.cache
2016-07-14 08:03 - 2015-07-20 04:09 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-07-14 07:49 - 2015-05-28 06:43 - 00000010 _____ C:\Users\Michael\AppData\Local\sponge.last.runtime.cache
2016-07-14 06:13 - 2014-12-18 18:07 - 00000000 ____D C:\Users\Michael\AppData\Local\NPE
2016-07-14 06:11 - 2016-01-17 23:46 - 00000000 ____D C:\Program Files (x86)\EarMaster Pro 6
2016-07-14 06:00 - 2016-01-24 21:04 - 00000000 ____D C:\NPE
2016-07-14 05:38 - 2016-02-16 16:14 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-07-14 03:59 - 2013-08-04 13:15 - 00000000 ____D C:\Users\Michael\Documents\Neutron's Registry Backups
2016-07-14 00:56 - 2014-07-08 10:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-13 19:56 - 2015-12-18 19:53 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2016-07-13 19:49 - 2016-05-13 06:57 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-13 16:42 - 2016-02-21 04:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-13 16:42 - 2014-12-24 21:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 04:28 - 2014-02-21 20:22 - 00000000 ____D C:\Program Files (x86)\mbar
2016-07-13 04:28 - 2014-01-26 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-13 01:29 - 2014-07-08 10:12 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-13 00:06 - 2009-07-14 13:13 - 00787322 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-12 18:44 - 2013-08-04 22:00 - 00000112 _____ C:\Windows\SysWOW64\w3data.vss
2016-07-12 15:48 - 2016-05-13 22:17 - 00000000 ____D C:\Users\Michael\Desktop\New folder
2016-07-12 15:48 - 2015-02-16 14:57 - 00000000 ____D C:\Users\Michael\Documents\Vegas 13
2016-07-12 15:20 - 2013-08-05 00:10 - 00000000 ____D C:\Program Files (x86)\EMI
2016-07-12 04:56 - 2013-08-05 00:44 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-07-12 04:51 - 2014-10-28 23:34 - 00000000 ____D C:\Program Files\Plugin Alliance
2016-07-12 04:34 - 2014-12-11 12:23 - 00000000 ____D C:\Program Files\Ableton VSTs
2016-07-12 04:33 - 2013-08-04 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sample Modeling The Trumpet
2016-07-12 04:33 - 2013-08-04 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sample Modeling Mr. Sax T
2016-07-12 04:33 - 2013-08-04 16:45 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2016-07-12 03:38 - 2014-10-08 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kong Audio
2016-07-12 03:33 - 2013-08-04 21:42 - 00000000 ____D C:\Users\Michael\Documents\License Files
2016-07-12 03:17 - 2014-04-01 23:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Tokyo Dawn Labs
2016-07-12 03:11 - 2016-01-04 07:25 - 00000000 ____D C:\Program Files\PSPaudioware
2016-07-12 01:59 - 2016-02-23 16:20 - 00000024 _____ C:\ProgramData\.BusDriver
2016-07-11 07:09 - 2013-08-13 23:21 - 00000000 ___RD C:\Users\Michael\Desktop\Media Players
2016-07-11 07:04 - 2013-08-03 18:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-11 07:04 - 2013-08-03 18:53 - 00001769 _____ C:\Windows\Language_trs.ini
2016-07-11 07:03 - 2015-05-30 16:16 - 00000000 ____D C:\Program Files (x86)\VIA
2016-07-10 19:13 - 2013-12-26 20:59 - 00000000 ____D C:\Program Files (x86)\Finale VSTs
2016-07-10 15:26 - 2013-08-04 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Cakewalk
2016-07-10 03:37 - 2015-03-14 02:11 - 00114176 _____ C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-09 22:05 - 2014-12-11 09:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-09 19:23 - 2013-08-04 00:02 - 00000000 ____D C:\Users\Michael\Documents\Native Instruments
2016-07-08 12:13 - 2014-12-12 03:55 - 00000000 ____D C:\Users\Michael\AvidLogFiles
2016-07-08 11:35 - 2015-01-14 01:57 - 00000000 ____D C:\ProgramData\Slate Digital
2016-07-08 06:08 - 2013-08-05 21:55 - 00001066 _____ C:\Windows\demdata.txt
2016-07-08 02:54 - 2015-12-03 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-07-08 02:54 - 2013-08-04 03:18 - 00000000 ___RD C:\Users\Michael\Desktop\Uninstallers
2016-07-08 02:45 - 2013-09-15 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2016-07-08 02:41 - 2015-01-24 07:18 - 00000000 ____D C:\Users\Michael\Documents\PhotodexPro
2016-07-07 03:27 - 2013-08-04 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2016-07-06 10:46 - 2013-08-07 22:55 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IK Multimedia
2016-07-06 10:38 - 2015-12-05 01:28 - 00000000 ____D C:\Program Files\IK Multimedia
2016-07-06 10:38 - 2013-08-04 21:53 - 00000000 ____D C:\Users\Michael\Documents\IK Multimedia
2016-07-05 20:57 - 2015-07-20 04:09 - 00000000 ____D C:\ProgramData\Skype
2016-07-05 16:05 - 2013-10-21 21:01 - 00000000 ____D C:\Program Files (x86)\Audio Ease
2016-07-05 15:50 - 2013-10-21 21:01 - 00000000 ____D C:\ProgramData\Audio Ease
2016-07-05 15:48 - 2015-04-22 15:04 - 00000000 ____D C:\Program Files (x86)\Ozone 6 Plugins
2016-07-05 15:39 - 2013-10-21 21:01 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audio Ease
2016-07-05 15:39 - 2013-10-21 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Ease
2016-07-05 10:54 - 2015-12-21 01:42 - 00000000 ____D C:\Program Files\KMSpico
2016-07-05 08:47 - 2015-02-10 15:59 - 00868864 ___SH C:\Users\Public\Thumbs.db
2016-07-03 17:13 - 2013-09-16 14:43 - 00006656 _____ C:\Windows\system32\lpcio.dll
2016-07-02 11:43 - 2013-08-04 02:41 - 00000000 ____D C:\Program Files\CCleaner
2016-07-01 08:43 - 2016-05-13 05:21 - 00000000 ____D C:\Windows\Minidump
2016-06-30 09:02 - 2014-04-21 03:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-30 03:57 - 2016-05-13 06:57 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-30 03:56 - 2016-05-13 06:57 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-30 03:56 - 2016-05-13 06:57 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146723023196202
2016-06-30 03:56 - 2016-05-13 06:57 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-30 03:56 - 2016-05-13 06:57 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-30 03:56 - 2016-05-13 06:57 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-30 03:56 - 2016-05-13 06:57 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-30 03:56 - 2016-05-13 06:57 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-30 03:56 - 2016-05-13 06:57 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-24 07:35 - 2013-08-22 02:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 07:35 - 2013-08-22 02:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 07:34 - 2013-08-22 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-24 07:25 - 2013-08-03 18:56 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-24 07:23 - 2015-05-30 00:24 - 00000000 ____D C:\Users\Michael\Downloads\Intel Components
2016-06-24 07:17 - 2013-08-03 19:02 - 00000000 ____D C:\ProgramData\Intel
2016-06-24 07:17 - 2013-08-03 19:02 - 00000000 ____D C:\Program Files\Intel
2016-06-23 23:22 - 2014-05-03 02:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-21 21:25 - 2015-03-05 03:16 - 00000000 ____D C:\Users\Michael\Documents\Addictive Drums 2 Logs
2016-06-21 12:13 - 2010-11-21 11:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-11-06 17:57 - 2014-11-06 17:58 - 0495511 _____ () C:\Program Files (x86)\unins000.dat
2014-11-06 17:57 - 2014-11-06 17:57 - 0722680 _____ () C:\Program Files (x86)\unins000.exe
2013-11-20 18:48 - 2014-12-13 12:21 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-10-30 01:08 - 2015-01-10 23:11 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-04 02:29 - 2016-06-14 01:47 - 0000624 _____ () C:\Users\Michael\AppData\Roaming\All CPU MeterV3_Settings.ini
2015-02-16 11:29 - 2015-02-16 12:01 - 0000127 _____ () C:\Users\Michael\AppData\Roaming\Camdata.ini
2015-02-16 11:29 - 2015-02-16 12:01 - 0000408 _____ () C:\Users\Michael\AppData\Roaming\CamLayout.ini
2015-02-16 11:29 - 2015-02-16 12:01 - 0000408 _____ () C:\Users\Michael\AppData\Roaming\CamShapes.ini
2016-07-17 08:20 - 2016-07-20 06:58 - 0000032 _____ () C:\Users\Michael\AppData\Roaming\msregsvv.dll
2015-02-16 11:29 - 2015-02-16 11:31 - 0000096 _____ () C:\Users\Michael\AppData\Roaming\version2.xml
2015-01-07 16:21 - 2012-12-31 23:00 - 0098137 _____ () C:\Users\Michael\AppData\Roaming\_license.png
2015-05-03 14:45 - 2015-05-03 14:46 - 182564492 _____ () C:\Users\Michael\AppData\Local\ACCCx3_0_0_74.zip.aamdownload
2015-05-03 14:45 - 2015-05-03 14:46 - 0002194 _____ () C:\Users\Michael\AppData\Local\ACCCx3_0_0_74.zip.aamdownload.aamd
2015-05-09 08:08 - 2015-05-09 08:09 - 182572124 _____ () C:\Users\Michael\AppData\Local\ACCCx3_0_1_88.zip.aamdownload
2015-05-09 08:08 - 2015-05-09 08:09 - 0002194 _____ () C:\Users\Michael\AppData\Local\ACCCx3_0_1_88.zip.aamdownload.aamd
2016-03-27 11:34 - 2016-03-27 11:34 - 238722213 _____ () C:\Users\Michael\AppData\Local\ACCCx3_5_1_209.zip.aamdownload
2016-03-27 11:34 - 2016-03-27 11:34 - 0002741 _____ () C:\Users\Michael\AppData\Local\ACCCx3_5_1_209.zip.aamdownload.aamd
2016-04-28 18:09 - 2016-04-28 18:10 - 266040255 _____ () C:\Users\Michael\AppData\Local\ACCCx3_6_0_248.zip.aamdownload
2016-04-28 18:09 - 2016-04-28 18:10 - 0003014 _____ () C:\Users\Michael\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd
2015-11-14 17:51 - 2016-04-17 21:58 - 0001456 _____ () C:\Users\Michael\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-08-08 14:02 - 2016-07-14 08:05 - 0115362 _____ () C:\Users\Michael\AppData\Local\ars.cache
2013-08-08 14:02 - 2016-07-14 08:05 - 1517474 _____ () C:\Users\Michael\AppData\Local\census.cache
2015-03-14 02:11 - 2016-07-10 03:37 - 0114176 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-08 13:28 - 2013-08-08 13:28 - 0000036 _____ () C:\Users\Michael\AppData\Local\housecall.guid.cache
2013-08-03 22:56 - 2016-07-19 11:48 - 0007611 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-05-28 06:43 - 2016-07-14 07:49 - 0000010 _____ () C:\Users\Michael\AppData\Local\sponge.last.runtime.cache
2016-02-23 16:20 - 2016-07-12 01:59 - 0000024 _____ () C:\ProgramData\.BusDriver
2015-12-15 19:26 - 2016-07-20 06:58 - 0000048 _____ () C:\ProgramData\autobk.inc
 
Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-17 07:56
 

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016
Ran by Michael (2016-07-20 07:00:36)
Running from C:\Users\Michael\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-08-03 10:46:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1963877699-599521954-4202938636-500 - Administrator - Disabled) => C:\Users\Administrator
DF5F1280CF504D29BC9D (S-1-5-21-1963877699-599521954-4202938636-1311 - Limited - Enabled)
Guest (S-1-5-21-1963877699-599521954-4202938636-501 - Limited - Disabled)
Michael (S-1-5-21-1963877699-599521954-4202938636-1000 - Administrator - Enabled) => C:\Users\Michael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
A.O.M. Audio Plug-ins VST 64bit 1.7.1 (HKLM\...\{838FB947-41C9-4294-8E00-6920C8281669}) (Version: 1.7.1 - A.O.M.)
A.O.M. License Manager 1.1.0 (HKLM-x32\...\{ADF5AA3C-9FA0-4AD9-9A8D-5428A550AC56}) (Version: 1.1.0 - A.O.M.)
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0.1 (HKLM-x32\...\Abbeyroadplugins EMI RS 124 Compressor_is1) (Version:  - )
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
AltDrag (HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\AltDrag) (Version: 1.1 - Stefan Sundin)
Altiverb 7 Uninstaller (HKLM\...\{367662CA-394A-4095-9549-973FC3807B9B}_is1) (Version: 7.2 - Audio Ease BV)
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version:  - www.amrplayer.com)
Antares AVOX Evo VST RTAS v3.0.2 (HKLM-x32\...\Antares AVOX Evo VST RTAS_is1) (Version:  - )
Antares Microphone Modeler DX v1.32 (HKLM-x32\...\Antares Microphone Modeler DX v1.32) (Version:  - )
AnyToISO (HKLM-x32\...\AnyToISO_is1) (Version: 3.2 - CrystalIdea Software, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{404BB1FF-A84F-432F-B77B-301E88E8D1C7}) (Version: 3.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.0.1 (HKLM\...\ARIA Engine_is1) (Version: v1.8.0.1 - Plogue Art et Technologie, Inc)
Artensoft Photo Mosaic Wizard (HKLM\...\Artensoft Photo Mosaic Wizard_is1) (Version: 1.7 - Artensoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.7 - Avid Technology, Inc.)
BBE D82 Sonic Maximizer VST RTAS v2.0 (HKLM-x32\...\BBE D82 Sonic Maximizer VST RTAS_is1) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.)
Boris Continuum Complete 9 OFX for Sony (64-Bit) (HKLM\...\{3DF67BF0-17E8-4537-951C-758102AB87F7}) (Version: 9.0.2005 - Boris FX, Inc.)
BusDriver 64bit (HKLM-x32\...\BusDriver1.0.2) (Version: 1.0.2 - Nomad Factory)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CDXtract 4.5 (HKLM-x32\...\CDXTRACT 4.5_is1) (Version:  - CDXTRACT.COM)
Chicken Systems Translator Pro v2.9.0.123 (HKLM-x32\...\Chicken Systems Translator Pro_is1) (Version:  - )
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
CPUID HWMonitor Pro 1.18 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dimension Pro Free Expansion Packs 1-3 (HKLM-x32\...\Dimension Pro Free Expansion Packs 1-3_is1) (Version: 1.0 - Cakewalk)
EarMaster Pro 6.2 (HKLM-x32\...\EarMaster Pro 6_is1) (Version: 6.2 - EarMaster ApS)
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version:  - )
Edirol Hyper Canvas VSTi DXi 1.6.0 (HKLM-x32\...\Edirol Hyper Canvas VSTi DXi_is1) (Version:  - )
Edirol SuperQuartet v1.5 (HKLM-x32\...\Edirol SuperQuartet v1.5) (Version:  - )
Effectrix (HKLM-x32\...\Effectrix) (Version: 1.0 - Sugar Bytes)
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.3.0.0 - Best Service)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Engine 2 (HKLM-x32\...\Engine 2) (Version: 2.1.0.224 - Best Service)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EZXClaustrophobic (HKLM-x32\...\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}) (Version: 1.0 - Toontrack)
EZXElectronic (HKLM-x32\...\{238539DC-253F-401B-90F4-A928A98BC866}) (Version: 1.0.0 - Toontrack)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
Finale 2014d (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.0 - MakeMusic)
Flux_BitterSweetII (HKLM-x32\...\{7119FA97-78F9-4DA2-90CE-C72E52AE5EC0}) (Version: 2.4.8.14315 - Flux:: sound and picture development)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
Garritan Concert and Marching Band 2.0 (HKLM\...\__ARIA_2003___is1) (Version: v1.0.0.6 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.0 - Garritan)
Garritan Jazz and Big Band 3 1.004 (HKLM\...\__ARIA_2002___is1) (Version: v1.0.0.4 - Garritan)
Garritan World Instruments 0.003 (HKLM\...\__ARIA_2001___is1) (Version: v0.0.0.4 - Garritan)
GDPAddinSetup (HKLM-x32\...\{7F486528-5581-452C-8D92-4C45DE8ABDA8}) (Version: 1.0.0 - Follett)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gregg College Keyboarding & Document Processing Home 10 (HKLM-x32\...\{17234AFC-A60C-4C00-AFB2-67843F72C3F4}) (Version: 10.00.000 - )
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
High-Definition Video Playback (x32 Version: 7.3.10800.5.0 - Nero AG) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.70.0000 - Intel® Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTraffic Monitor v1.0 (HKLM-x32\...\itrafficmonitor_is1) (Version: 1.0 - )
iZotope Alloy 2 (HKLM-x32\...\iZotope Alloy 2_is1) (Version: 2.03 - iZotope, Inc.)
iZotope BreakTweaker (HKLM-x32\...\iZotope BreakTweaker_is1) (Version: 1.01 - iZotope, Inc.)
iZotope BreakTweaker Factory Content (HKLM-x32\...\iZotope BreakTweaker Factory Content_is1) (Version: 1.00 - iZotope, Inc.)
iZotope iDrum (HKLM-x32\...\iZotope iDrum_is1) (Version: 1.75 - iZotope, Inc.)
iZotope Ozone 6 Advanced (HKLM-x32\...\iZotope Ozone 6 Advanced_is1) (Version: 6.1 - iZotope, Inc.)
iZotope RX 4 (HKLM-x32\...\iZotope RX 4_is1) (Version: 4.01 - iZotope, Inc.)
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KORG Legacy Collection - ANALOG EDITION 2007 (HKLM-x32\...\{620FE3A6-F576-4ECC-9734-FA2DCFA4FF82}) (Version: 1.2.3 - KORG Inc.)
KORG Legacy Collection - DIGITAL EDITION (HKLM-x32\...\{D0E565B0-03A0-40D9-A514-000634AA58C6}) (Version: 1.3.2 - KORG Inc.)
Lurssen Mastering Console version 1.0.1 (HKLM\...\{9F525466-89DA-4B7B-BD8C-BBFDC4432DFB}_is1) (Version: 1.0.1 - IK Multimedia)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft  File Transfer Manager (HKLM-x32\...\{4C8169AB-B6C1-413B-81B6-73B77127D82F}) (Version: 5.00.34 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Miroslav Philharmonik (HKLM-x32\...\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}) (Version: 1.1.2 - IK Multimedia)
Monster MIDI Fills Pack (HKLM-x32\...\{B0FBA61E-1C2B-4112-AD40-38FCBF9FA6A0}) (Version: 1.0.0 - Toontrack)
Monster MIDI Package (HKLM-x32\...\{78FA75CE-B279-4419-8695-595F4611F79F}) (Version: 1.0.0 - Toontrack)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicLab RealGuitar (32-bit) (x32 Version: 4.0.0.7207 - MusicLab, Inc.) Hidden
MusicLab RealGuitar (64-bit) (Version: 4.0.0.7207 - MusicLab, Inc.) Hidden
MusicLab RealGuitar (HKLM-x32\...\{54832239-d989-45af-aa20-d4916b0e1b0e}) (Version: 4.0.0.7207 - MusicLab, Inc.)
MusicLab RealGuitar Pre-Setup (x32 Version: 4.0.0.7207 - MusicLab, Inc.) Hidden
MusicLab RealGuitar Sound Bank (x32 Version: 4.0.0.7207 - MusicLab, Inc.) Hidden
MusicLab RealLPC (HKLM\...\{38209080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab RealStrat (HKLM\...\{58206080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab Virtual Midi Driver (64-bit) (HKLM\...\{2B019162-86C7-4D14-AED0-2CB5110BA4FF}) (Version: 2.0.2.0 - MusicLab, Inc.)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version:  - )
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.0.292 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Kwik Themes 3 (HKLM-x32\...\{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 4 (HKLM-x32\...\{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 PiP EffectPack 1 (HKLM-x32\...\{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Video TransitionPack 1 (HKLM-x32\...\{85BEC8F6-9AA3-43FF-B56B-8276277137B3}) (Version: 10.6.10000.0.0 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Multimedia Suite 10 Platinum HD (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.6.11800 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Nicky Romero Kickstart 1.0.9 (HKLM\...\Kickstart_is1) (Version: 1.0.9 - Nicky Romero)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.5.0 - ON1)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.) Hidden
PCM Native Reverb Bundle (HKLM-x32\...\PCM Native Reverb Bundle) (Version:  - Lexicon)
PCM Native Reverb Bundle (x32 Version: 1.1.3 - Lexicon) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Plogue chipsounds (HKLM\...\__ARIA_1009___is1) (Version: v1.625 - Plogue)
Plugin Alliance 100% Lindell Bundle (HKLM-x32\...\Plugin Alliance 100% Lindell Bundle) (Version: 1.0.3 - Plugin Alliance)
ProjectSAM Symphobia 2 (HKLM-x32\...\ProjectSAM Symphobia 2) (Version:  - ProjectSAM)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
ReCycle 2.1.2 (HKLM-x32\...\ReCycle_is1) (Version: 2.1.2 - Propellerhead Software AB)
ReFill Packer 6.5.0 (HKLM-x32\...\ReFillPacker6_32_is1) (Version: 6.5.0 - Propellerhead Software AB)
Replicant VST plug-in (HKLM-x32\...\Replicant VST plug-in) (Version: 1.0.2 - Audio Damage)
ReValver 4 x64 (HKLM\...\ReValver 4 x64_is1) (Version:  - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Sample Modeling Mr. Sax T (HKLM-x32\...\Sample Modeling Mr. Sax T) (Version:  - )
Sample Modeling The Trumpet (HKLM-x32\...\Sample Modeling The Trumpet) (Version:  - )
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Slate Digital FG-X Mastering Processor VST RTAS v1.1.2 (HKLM-x32\...\Slate Digital FG-X Mastering Processor_is1) (Version:  - )
SmartScore X2 Professional Edition (HKLM-x32\...\{DEEC398D-3BCC-4036-B839-859DFA695420}) (Version: 10.5.1 - Musitek)
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden
SONAR X1 Producer x64 (HKLM-x32\...\SONARX1Producer_x64_is1) (Version: 18.0 - Cakewalk Music Software)
Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)
Sonnox Oxford Inflator Native VST v1.5.1 (HKLM-x32\...\Sonnox Oxford Inflator Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford Limiter Native VST v1.1.1 (HKLM-x32\...\Sonnox Oxford Limiter Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford R3 Dynamics Native VST v1.3.1 (HKLM-x32\...\Sonnox Oxford R3 Dynamics Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford R3 EQ Native VST v1.6.1 (HKLM-x32\...\Sonnox Oxford R3 EQ Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford Reverb Native VST v1.0 (HKLM-x32\...\Sonnox Oxford Reverb Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford TransMod Native VST v1.3.1 (HKLM-x32\...\Sonnox Oxford TransMod Native VST_is1) (Version:  - Team AiR 2007)
SSL Duende Native (32-bit) v3.6.6 (HKLM-x32\...\SSL Duende Native_is1) (Version: 3.6.6 - Team V.R)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.0 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Steinberg Virtual Guitarist (HKLM-x32\...\Virtual Guitarist) (Version:  - )
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Studio Devil AMP 1.1 (HKLM-x32\...\Studio Devil AMP 1.1_is1) (Version:  - StudioDevil)
Stutter Edit Expansion 1 (HKLM-x32\...\Stutter Edit Expansion 1_is1) (Version: 1.00 - iZotope, Inc.)
Stutter Edit Expansion 2 (HKLM-x32\...\Stutter Edit Expansion 2_is1) (Version: 1.00 - iZotope, Inc.)
Sugar Bytes TransVST 1.0 (HKLM\...\TransVST_is1) (Version: 1.0 - Sugar Bytes)
Sugar Bytes Turnado 1.0.1 (HKLM\...\Turnado_is1) (Version: 1.0.1 - Sugar Bytes)
Sugar Bytes WOW2 2.0.2 (HKLM\...\WOW2_is1) (Version: 2.0.2 - Sugar Bytes)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Superior Drummer 64-bit (HKLM\...\{0E54CF79-AE40-409E-9253-9563418C730C}) (Version: 2.4.1 - Toontrack)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TCPEye 1.0 (HKLM-x32\...\{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1) (Version:  - Free Software Relase)
TGTools for Finale 2.71 (HKLM-x32\...\TGTools for Finale) (Version: 2.71 - Super Flexible Software)
The T-Pain Effect Bundle (HKLM-x32\...\The T-Pain Effect Bundle_is1) (Version: 1.02 - iZotope, Inc.)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
TP-LINK TL-WN723N Driver (HKLM-x32\...\{B82D0422-A202-4E51-92F2-821A35CC833F}) (Version: 1.1.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.1.0 - TP-LINK)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPROR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version:  - Microsoft)
Upwork version 4.0.109.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.0.109.0 - Upwork, Inc)
VB:FFX-4 Rack (HKLM-x32\...\VB:FFX-4 Rack) (Version:  - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Vertus Fluid Mask 3 3.3.12 (HKLM-x32\...\vertusFluidMask3) (Version: 3.3.12 - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vst To Rtas Adapter V2.11 (HKLM-x32\...\Vst To Rtas Adapter V2.11) (Version: "2.11" - "FXpansion")
Wave Arts Tube Saturator 64 (HKLM\...\Wave Arts Tube Saturator 64) (Version:  - )
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
Waves Complete V9r23 (HKLM-x32\...\{93000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.3.23 - Waves)
Wavpack4Wavelab6 (HKLM-x32\...\{AB5668B8-1428-460F-AE02-999A598D6883}) (Version: 1.0.1 - RIL)
Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\{D1230F57-1E3C-42C2-8F38-F25A922AF81E}) (Version: 1.0.0.94 - LeeGTs Games)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YAMAHA MidRadio Player (HKLM-x32\...\{E5E1E6CE-9E18-48A3-B102-595833A0008A}) (Version: 7.21.1002 - YAMAHA)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1963877699-599521954-4202938636-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03155760-F422-4275-81AD-48880685A874} - System32\Tasks\PCMeter\Startup => C:\Users\Michael\Desktop\Neutron Utilities\PCMeter\PCMeterV0.3.exe [2013-01-12] (AddGadgets)
Task: {1607DA54-083B-4E33-A933-383D2774A11C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
Task: {1D912101-944B-4132-9987-D4E75CBFB70A} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {1F18A790-DDB2-4AF0-AF5E-8C6EA261976B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software)
Task: {2C98CB16-1782-4276-AC0F-B8011DDC2650} - System32\Tasks\{D79EE37B-A2CB-4215-B9D2-7F890A8D200A} => pcalua.exe -a C:\Users\Michael\Downloads\AdobeAIRInstaller.exe -d C:\Users\Michael\Downloads
Task: {30E167B5-1224-4D53-AE19-A78EF74EDEB2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {33BE6A59-35E1-4DCB-9D38-80FF6787069A} - System32\Tasks\avastBCLRestartS-1-5-21-1963877699-599521954-4202938636-1000 => Chrome.exe 
Task: {3621AC4C-8140-42E6-B5F2-053698494A46} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {3F767B8A-737A-4DFC-90BD-ED09C6D89D14} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {414C3320-44F5-4B0F-AD0C-AB32709743BD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {470BA1F7-01E7-4B36-8F4A-207BBF683AA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {70371C24-A017-4D73-9B3B-A16E55CAB960} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {87F2FD1B-3B10-47E7-801D-2490FB832876} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-16] (Piriform Ltd)
Task: {A2251375-FDD5-4E2B-9DFE-0AC17CA7E1B8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {AF746941-191F-4C30-841F-73F1F00E0037} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E00FD056-DC7C-4D94-84A2-77BFB74F2707} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {F7C95E6F-0328-4C65-B683-62B464B84105} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {FDA26004-FBA5-4F85-A393-AD5D045FF7B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Michael - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-05 22:11 - 2012-10-04 19:49 - 00087152 ____N () C:\Windows\System32\cpwmon64.dll
2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-24 07:06 - 2015-01-24 07:06 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2013-08-04 02:24 - 2013-08-04 02:24 - 00012520 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-08-04 02:24 - 2013-08-04 02:24 - 00015080 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-08-04 02:24 - 2013-08-04 02:24 - 00014056 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2015-09-03 17:18 - 2011-12-06 09:56 - 00788992 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2016-06-30 03:56 - 2016-06-30 03:56 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-20 04:41 - 2016-07-20 04:41 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071901\algo.dll
2016-06-30 03:56 - 2016-06-30 03:56 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-09-03 17:18 - 2011-12-06 10:04 - 01409024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-09-03 17:18 - 2011-12-06 09:56 - 00166912 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-09-03 17:18 - 2011-12-06 11:16 - 00271872 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2016-06-30 03:56 - 2016-06-30 03:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-18 11:06 - 2016-06-15 17:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 11:06 - 2016-06-15 17:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2013-08-03 19:02 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft:3J6aKGvsEHLVUhxyOPmqNEVb3M [2370]
AlternateDataStreams: C:\ProgramData\Microsoft:52oYvyB3KnA6LexBD [2326]
AlternateDataStreams: C:\ProgramData\Microsoft:AbfRbib2XMAwJzhQm7jW57Szp [2746]
AlternateDataStreams: C:\ProgramData\Microsoft:AZYiO1Ab1zcR0ZGqjdIqh5o [2204]
AlternateDataStreams: C:\ProgramData\Microsoft:hejCCWJ9DVjVhzOgKz7dr [2226]
AlternateDataStreams: C:\ProgramData\Microsoft:KgmpEOeVvCv9QQF9Vjdye0UZWv [2184]
AlternateDataStreams: C:\ProgramData\Microsoft:Ygx3IvgadNFHZv3Pm62 [2332]
AlternateDataStreams: C:\ProgramData\Microsoft:ZDEtDlReBrx9Jr7lz [2478]
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE [141]
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [135]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:A9472ABF [140]
AlternateDataStreams: C:\ProgramData\TEMP:C6F1470C [119]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:SfzVsVa0qX302W34fHAFlkinqZb6Y [2476]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:cG8D9Wy3CiJIPuKo8tMKx [629]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:cvD5FYBtEbkc3LYW9JAH [2498]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51370165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51370165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1963877699-599521954-4202938636-1000\...\1001movie.com -> 1001movie.com
 
There are 5986 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-03-23 04:18 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1963877699-599521954-4202938636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CBD95F5E-21C6-46EE-862B-EEADC2CB526A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{78A51154-75FC-4F61-BD33-63478ABC435D}] => (Allow) LPort=2869
FirewallRules: [{9B78270C-A4AC-4FEA-8B7E-890CCDC68F52}] => (Allow) LPort=1900
FirewallRules: [{C9766953-F804-4064-AC1D-31A15E9F4556}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{3D780FEC-EBEB-433D-8EB5-4F383D60393E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0322FBE8-3520-4125-9A11-C8D9091F7CC0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{293E91EC-E0DB-4D26-869E-94696ADB6FDE}] => (Allow) C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe
FirewallRules: [{30FD5348-5781-4EC8-A8EC-09DFBE77D2FC}] => (Allow) C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe
FirewallRules: [{D20E3666-D0F4-46E4-827D-8A0D40CE4139}] => (Allow) C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe
FirewallRules: [{43D8E2B2-E5F6-4D4B-A746-2ED1CC85C4AD}] => (Allow) C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe
FirewallRules: [{A6373E25-1B67-40EA-BE0B-583A2DA727FC}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{2B6A070B-FDEB-4BBD-B0A0-7BCAC7462492}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{5F2229DB-EE60-43D6-8FE7-517EAC09D21C}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{91DCDCA2-4D9F-436C-8700-0775650F7120}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{17591334-F75F-4A51-9356-697E411A0433}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{8CFFBD63-D2EE-419F-B062-BE057439D940}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{7F92E7AF-414E-4369-AFD6-149A305AAC0C}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{BD806E16-CAA9-4334-8A74-E63D7A121B7F}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{9AA4910C-ADDE-4E30-BA26-7F1DA448BF5A}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
FirewallRules: [{F4B24CCD-14D1-4B12-8ED1-DE08B18364F8}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
FirewallRules: [{222E1014-CAF3-4969-A72A-B4058D6BB388}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
FirewallRules: [{5CED0D5B-963B-4939-ADF9-7642B8828F2C}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
FirewallRules: [{728E0990-0174-4277-9A42-1208647AEE00}] => (Allow) LPort=8298
FirewallRules: [{F1B4BF85-DED5-413E-BE7A-F0CF9C64E7C3}] => (Allow) C:\Program Files (x86)\Nero\Update\NASvc.exe
FirewallRules: [{67C80A32-922B-4224-A309-C4E966BD0EFB}] => (Allow) C:\Program Files (x86)\Nero\Update\NASvc.exe
FirewallRules: [{586224A3-5BDD-4335-AF4B-10BB1830F926}] => (Allow) C:\Program Files (x86)\Nero\Update\NASvc.exe
FirewallRules: [{57445C00-DD64-4CAB-BAE0-796F6E9C77A8}] => (Allow) C:\Program Files (x86)\Nero\Update\NASvc.exe
FirewallRules: [{703149BD-FABB-43C1-B2A2-25115634E201}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{38DEB18C-8503-4269-9E26-3FE3CC7F41BD}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{5842E3B1-09A8-4AB6-90B7-EE760A305E90}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{A3F87074-85B6-49C0-A09A-DC3047A03722}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{E1A30788-1A1F-48B8-8530-77AD609EA972}] => (Allow) C:\Program Files\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{5032F249-10A2-4662-8E12-AC4F55B8DE83}] => (Allow) C:\Program Files\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{D896EB18-532B-4D08-8D65-44343747C28E}] => (Allow) C:\Program Files\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{3B5CF027-FB20-4125-8424-8D4B3F5B23BC}] => (Allow) C:\Program Files\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{5264E130-BF8D-45CB-8C43-9E0DF3DC7E66}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{A7BAAE50-1A6D-4BC4-9C1F-B17E73EB95E0}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{754B3CB0-3B67-478D-A05D-121DCE5DE067}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{00DD8336-C0B9-45CF-BED4-3F56829E89F0}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [{FB389125-694C-40AD-89F4-2EA503551D03}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{5CB74D6D-E3FD-4740-B3D9-3794BD7EBEA4}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{FB929646-4CA7-4EE7-9516-410D443E014D}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{D5437429-4731-4154-9B5A-BD011811C2A3}] => (Allow) C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
FirewallRules: [{64451425-0D1A-4C80-B37E-B20AD99A749A}] => (Allow) C:\Program Files\Adobe\Adobe Media Encoder CC 2014\Adobe Media Encoder.exe
FirewallRules: [{1FB84985-5760-499F-A6F0-2C90A691D447}] => (Allow) C:\Program Files\Adobe\Adobe Media Encoder CC 2014\Adobe Media Encoder.exe
FirewallRules: [{E905A983-E075-4857-A19C-399130AA7C00}] => (Allow) C:\Program Files\Adobe\Adobe Media Encoder CC 2014\Adobe Media Encoder.exe
FirewallRules: [{9B1A1A55-0B5D-41E3-995C-B0C7ECDBAA7F}] => (Allow) C:\Program Files\Adobe\Adobe Media Encoder CC 2014\Adobe Media Encoder.exe
FirewallRules: [{DB07C38A-5C4E-4A64-A5E8-0A3EBDC2CFCE}] => (Allow) C:\Program Files\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{FB531968-D0E9-46EC-B006-5BF23879648F}] => (Allow) C:\Program Files\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{6525F93F-87F1-483A-B922-FFD053E0BA71}] => (Allow) C:\Program Files\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{AB7B5A68-A342-4336-B689-2E3C4643A335}] => (Allow) C:\Program Files\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{14EA87C9-EE56-479B-B69A-FB8FB090958C}] => (Allow) C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
FirewallRules: [{5AA769B1-AA7C-4470-86EC-78B36295FAC6}] => (Allow) C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
FirewallRules: [{CFB9A649-599C-4FD4-A1E2-775A3A66C3DD}] => (Allow) C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
FirewallRules: [{86CABBCF-4699-42AB-8008-E49D99BA0072}] => (Allow) C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
FirewallRules: [{EE2E0548-B33E-44D2-BD28-9FD3975CACDE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5E06E21-2CB2-42E6-B817-44F4F8436BC1}] => (Allow) C:\Program Files (x86)\Finale 2014\Finale.exe
FirewallRules: [{09438E43-2465-4452-82B1-0B53C1772F79}] => (Allow) C:\Program Files (x86)\Finale 2014\Finale.exe
FirewallRules: [TCP Query User{5E247BF7-32C4-46B1-8BBD-F8891AACEF00}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [UDP Query User{AF0BBA1B-136A-4F1C-92C7-8C0786B130D1}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [{349E0FB4-253E-4DB3-A9F2-89BFE75DEE53}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0771F3D2-5D67-4C86-8D46-402494300BB6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2BF55AA6-6767-4574-8759-748ACCA69D5A}] => (Allow) C:\Users\Michael\Downloads\solutoinstaller.exe
FirewallRules: [{64218A07-E6C1-484E-988B-7B13B5B91DFF}] => (Allow) C:\Users\Michael\Downloads\solutoinstaller.exe
FirewallRules: [{AB806A83-B132-4206-A870-4AE692F044F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{D5902674-AE91-4B43-B811-77BD8159311C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5BA9EFF1-77F7-457D-9FAD-63FF9A791626}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{93830DDA-E448-4254-BD4C-EE89922105C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5C1E4CC9-7226-4E82-B76F-66BF4DF3BD96}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FD5AB7E8-633B-48D2-90AC-06D821233F44}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF64616C-1413-40AF-9B6E-2C61300DA967}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{821E957F-E081-4171-8D34-60B5FAC8E63D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{95D8FAF9-6EC9-48C4-9F9C-1DD994C98119}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [UDP Query User{2438CD0D-B69F-447F-8A74-2FFF09494ACA}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [TCP Query User{8E5FB680-444B-4C10-9FB7-40B470F4342E}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [UDP Query User{ABB22101-0822-4CA3-B39B-1AB8A33A229A}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{B89CD240-1812-48A1-A988-3B19FA9D0E80}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0F4E06B2-270C-44D5-B6FF-179D4DCCFEA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
 
==================== Restore Points =========================
 
18-07-2016 03:28:28 Installed Microsoft Fix it 50267
19-07-2016 05:20:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: ATAPI iHAS124   W ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2016 02:44:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/19/2016 09:15:34 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2532) Windows: Unable to write a shadowed header for file C:\ProgramData\New Index ni Neutron\Search\Data\Applications\Windows\MSS.chk. Error -1032.
 
Error: (07/19/2016 09:15:34 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2532) Windows: An attempt to open the file "C:\ProgramData\New Index ni Neutron\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/19/2016 07:10:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TWCU.exe, version: 0.0.0.0, time stamp: 0x4edd762e
Faulting module name: RtlLib.dll, version: 700.1067.330.2011, time stamp: 0x4d93eea6
Exception code: 0xc0000005
Fault offset: 0x00001df9
Faulting process id: 0xfd0
Faulting application start time: 0xTWCU.exe0
Faulting application path: TWCU.exe1
Faulting module path: TWCU.exe2
Report Id: TWCU.exe3
 
Error: (07/18/2016 04:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SONARPDR.exe, version: 18.0.5.533, time stamp: 0x4f4e6a67
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x1654
Faulting application start time: 0xSONARPDR.exe0
Faulting application path: SONARPDR.exe1
Faulting module path: SONARPDR.exe2
Report Id: SONARPDR.exe3
 
Error: (07/18/2016 04:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SONARPDR.exe version 18.0.5.533 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12a0
 
Start Time: 01d1e0c99b2a07cf
 
Termination Time: 19
 
Application Path: C:\Program Files\Cakewalk\SONAR X1 Producer\SONARPDR.exe
 
Report Id: b13b1d2d-4cbf-11e6-ab81-08606e7de661
 
Error: (07/18/2016 01:25:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Audition CC.exe, version: 6.0.0.732, time stamp: 0x518ade79
Faulting module name: InnerProcessDictionary_x64.dll, version: 1.2.0.65300, time stamp: 0x53e0ad09
Exception code: 0xc0000005
Fault offset: 0x00000000000047f4
Faulting process id: 0x13bc
Faulting application start time: 0xAdobe Audition CC.exe0
Faulting application path: Adobe Audition CC.exe1
Faulting module path: Adobe Audition CC.exe2
Report Id: Adobe Audition CC.exe3
 
Error: (07/18/2016 01:13:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Audition CC.exe, version: 6.0.0.732, time stamp: 0x518ade79
Faulting module name: InnerProcessDictionary_x64.dll, version: 1.2.0.65300, time stamp: 0x53e0ad09
Exception code: 0xc0000005
Fault offset: 0x00000000000047f4
Faulting process id: 0xd30
Faulting application start time: 0xAdobe Audition CC.exe0
Faulting application path: Adobe Audition CC.exe1
Faulting module path: Adobe Audition CC.exe2
Report Id: Adobe Audition CC.exe3
 
Error: (07/17/2016 09:32:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2016 09:32:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/20/2016 06:30:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (07/20/2016 06:29:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (07/20/2016 06:29:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (07/20/2016 06:27:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (07/20/2016 06:27:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:46:11 AM on ‎7/‎20/‎2016 was unexpected.
 
Error: (07/20/2016 04:42:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (07/20/2016 04:40:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (07/20/2016 04:40:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:14:18 AM on ‎7/‎20/‎2016 was unexpected.
 
Error: (07/19/2016 09:15:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (07/19/2016 09:14:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
CodeIntegrity:
===================================
  Date: 2016-07-20 06:27:38.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-20 04:40:11.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-19 21:14:32.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-19 19:08:14.024
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-18 23:43:21.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-18 13:19:50.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-18 12:16:28.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-18 08:20:17.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-18 07:22:02.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-18 03:29:31.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12166.86 MB
Available physical RAM: 9037.94 MB
Total Virtual: 24331.89 MB
Available Virtual: 21155.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:380.8 GB) NTFS
Drive e: (Seagate 1) (Fixed) (Total:931.51 GB) (Free:457.43 GB) NTFS
Drive f: (Seagate 2) (Fixed) (Total:465.76 GB) (Free:1.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 603A5A63)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8187CA65)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 92C79D5A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 

==================== End of Addition.txt ============================ 



#12 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 19 July 2016 - 08:52 PM

And here's my latest RogueKiller scan details:

 

RogueKiller V11.0.11.0 (x64) [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Administrator]
Started from : G:\RogueKillerX64.exe
Mode : Scan -- Date : 07/20/2016 09:08:35
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1963877699-599521954-4202938636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1963877699-599521954-4202938636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x776403d0 (jmp 0x1645e0|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x776403e0 (jmp 0x164380|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x776404a0 (jmp 0x164120|jmp 0xfffffffffffffb59|jmp 0x19b)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 ATA Device +++++
--- User ---
[MBR] 504e455bc149abf7f93816ef83806982
[BSP] d73963b5e5d479dc3a51c51eb46b3357 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] f5befe83448756a10ebeb4037b445c64
[BSP] 6eccf8d9a58be14d23230d795b61ce08 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Seagate FreeAgent GoFlex USB Device +++++
--- User ---
[MBR] cebbcd9fe78c37fcbcfcd85df445fd28
[BSP] ff101f8ae29bc885510cbd676b310c0e : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 510617131ec1f07c965912a545592067
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 128 | Size: 953 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#13 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 20 July 2016 - 04:17 AM

Hi Shelf Life!

 

Ei, the CPU issue with wuauserv vanished after running the .bat file I downloaded from one of your links! But I'll observe till tomorrow. You are an angel! Thank you so much! =)


Edited by Janmihkkel, 20 July 2016 - 04:18 AM.


#14 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:43 PM

Posted 20 July 2016 - 06:37 PM

hi,

 

Ok, thats more good news. Logs you posted look ok.

Not all roguekiller lists is malware.

 

We will use FRST again like we did before. Copy paste whats below into notepad and name it fixlist.txt and save it in the same location you have FRST. Start FRST and this time click on the fix button once. Machine will reboot. Upon reboot copy paste in the new fixlog.txt

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Michael\AppData\Local\Temp\mfe_rr.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Michael\AppData\Local\Temp\tmp6BBD.tmp [X]
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
ask: {30E167B5-1224-4D53-AE19-A78EF74EDEB2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {A2251375-FDD5-4E2B-9DFE-0AC17CA7E1B8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {E00FD056-DC7C-4D94-84A2-77BFB74F2707} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:3J6aKGvsEHLVUhxyOPmqNEVb3M [2370]
AlternateDataStreams: C:\ProgramData\Microsoft:52oYvyB3KnA6LexBD [2326]
AlternateDataStreams: C:\ProgramData\Microsoft:AbfRbib2XMAwJzhQm7jW57Szp [2746]
AlternateDataStreams: C:\ProgramData\Microsoft:AZYiO1Ab1zcR0ZGqjdIqh5o [2204]
AlternateDataStreams: C:\ProgramData\Microsoft:hejCCWJ9DVjVhzOgKz7dr [2226]
AlternateDataStreams: C:\ProgramData\Microsoft:KgmpEOeVvCv9QQF9Vjdye0UZWv [2184]
AlternateDataStreams: C:\ProgramData\Microsoft:Ygx3IvgadNFHZv3Pm62 [2332]
AlternateDataStreams: C:\ProgramData\Microsoft:ZDEtDlReBrx9Jr7lz [2478]
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE [141]
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [135]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:A9472ABF [140]
AlternateDataStreams: C:\ProgramData\TEMP:C6F1470C [119]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:SfzVsVa0qX302W34fHAFlkinqZb6Y [2476]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:cG8D9Wy3CiJIPuKo8tMKx [629]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:cvD5FYBtEbkc3LYW9JAH [2498]

How Can I Reduce My Risk to Malware?


#15 Janmihkkel

Janmihkkel
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 20 July 2016 - 08:08 PM

Hi there! =)

 

Applied the fix, but no reboot so I did it manually. The Windows Update issue started again a while ago before the fix so I re-run the .bat file again and made a second reboot. All is clear so far, still observing. Thank you for the support, it means a lot. Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016
Ran by Michael (2016-07-21 08:50:20) Run:2
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Michael\AppData\Local\Temp\mfe_rr.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Michael\AppData\Local\Temp\tmp6BBD.tmp [X]
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
ask: {30E167B5-1224-4D53-AE19-A78EF74EDEB2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {A2251375-FDD5-4E2B-9DFE-0AC17CA7E1B8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {E00FD056-DC7C-4D94-84A2-77BFB74F2707} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:3J6aKGvsEHLVUhxyOPmqNEVb3M [2370]
AlternateDataStreams: C:\ProgramData\Microsoft:52oYvyB3KnA6LexBD [2326]
AlternateDataStreams: C:\ProgramData\Microsoft:AbfRbib2XMAwJzhQm7jW57Szp [2746]
AlternateDataStreams: C:\ProgramData\Microsoft:AZYiO1Ab1zcR0ZGqjdIqh5o [2204]
AlternateDataStreams: C:\ProgramData\Microsoft:hejCCWJ9DVjVhzOgKz7dr [2226]
AlternateDataStreams: C:\ProgramData\Microsoft:KgmpEOeVvCv9QQF9Vjdye0UZWv [2184]
AlternateDataStreams: C:\ProgramData\Microsoft:Ygx3IvgadNFHZv3Pm62 [2332]
AlternateDataStreams: C:\ProgramData\Microsoft:ZDEtDlReBrx9Jr7lz [2478]
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE [141]
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [135]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:A9472ABF [140]
AlternateDataStreams: C:\ProgramData\TEMP:C6F1470C [119]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:SfzVsVa0qX302W34fHAFlkinqZb6Y [2476]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:cG8D9Wy3CiJIPuKo8tMKx [629]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:cvD5FYBtEbkc3LYW9JAH [2498]
*****************
 
catchme => service removed successfully
MFE_RR => service removed successfully
WinRing0_1_2_0 => Unable to stop service.
WinRing0_1_2_0 => service removed successfully
"C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll" => not found.
ask: {30E167B5-1224-4D53-AE19-A78EF74EDEB2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2251375-FDD5-4E2B-9DFE-0AC17CA7E1B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2251375-FDD5-4E2B-9DFE-0AC17CA7E1B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E00FD056-DC7C-4D94-84A2-77BFB74F2707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E00FD056-DC7C-4D94-84A2-77BFB74F2707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => key removed successfully
C:\ProgramData\Microsoft => ":3J6aKGvsEHLVUhxyOPmqNEVb3M" ADS removed successfully.
C:\ProgramData\Microsoft => ":52oYvyB3KnA6LexBD" ADS removed successfully.
C:\ProgramData\Microsoft => ":AbfRbib2XMAwJzhQm7jW57Szp" ADS removed successfully.
C:\ProgramData\Microsoft => ":AZYiO1Ab1zcR0ZGqjdIqh5o" ADS removed successfully.
C:\ProgramData\Microsoft => ":hejCCWJ9DVjVhzOgKz7dr" ADS removed successfully.
C:\ProgramData\Microsoft => ":KgmpEOeVvCv9QQF9Vjdye0UZWv" ADS removed successfully.
C:\ProgramData\Microsoft => ":Ygx3IvgadNFHZv3Pm62" ADS removed successfully.
C:\ProgramData\Microsoft => ":ZDEtDlReBrx9Jr7lz" ADS removed successfully.
C:\ProgramData\TEMP => ":0B174FAE" ADS removed successfully.
C:\ProgramData\TEMP => ":38D2EA83" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":A9472ABF" ADS removed successfully.
C:\ProgramData\TEMP => ":C6F1470C" ADS removed successfully.
C:\Users\Michael\AppData\Local\Temp => ":SfzVsVa0qX302W34fHAFlkinqZb6Y" ADS removed successfully.
"C:\Users\Michael\AppData\Local\Temporary Internet Files" => ":cG8D9Wy3CiJIPuKo8tMKx" ADS not found.
"C:\Users\Michael\AppData\Local\Temporary Internet Files" => ":cvD5FYBtEbkc3LYW9JAH" ADS not found.
 
==== End of Fixlog 08:50:25 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users