Jump to content


Photo
- - - - -

PC running slow


  • This topic is locked This topic is locked
12 replies to this topic

#1 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 21 November 2015 - 01:57 AM

im having trouble with my PC loading web pages, sometimes it loads fine others it only loads partial pictures sometimes they are completely blank. I don't think I have a virus, Im using Avast with Windows firewall, any help you could offer would be much appreciated. I have included my Hijack log.


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:59:29 PM, on 11/20/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Dirtbag\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - Global Startup: RealTimes.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....k_sys_ctrl3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DAZ Content Management Service (DAZContentManagementService) - Unknown owner - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: RealTimes Desktop Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10442 bytes

Edited by AlaskanSnowman, 21 November 2015 - 02:23 AM.


#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 21 November 2015 - 06:47 PM

Let's take a closer look please

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It makes also another log (Addition.txt).
Copy and paste it's contents also


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 22 November 2015 - 12:09 AM

thank you for your reply here are the logs you asked for.


Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Dirtbag (2015-11-21 21:08:01)
Running from C:\Users\Dirtbag\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-04-23 01:49:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2787044202-2378965189-2633346745-500 - Administrator - Disabled)
Dirtbag (S-1-5-21-2787044202-2378965189-2633346745-1001 - Administrator - Enabled) => C:\Users\Dirtbag
Guest (S-1-5-21-2787044202-2378965189-2633346745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2787044202-2378965189-2633346745-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-2787044202-2378965189-2633346745-1007 - Limited - Enabled) => C:\Users\UpdatusUser.Dirtbag-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Blender (HKLM\...\Blender) (Version: 2.62-release - Blender Foundation)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11222.0 - Cisco Consumer Products LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.28) (Version: 1.1.0.28 - DAZ 3D)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.1.9558 - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version: - )
Dungeon Siege III (HKLM-x32\...\Steam App 39160) (Version: - Obsidian Entertainment)
EVGA Precision 2.0.4 (HKLM-x32\...\Precision) (Version: 2.0.4 - EVGA Corporation)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.4.2.34167 - The Phoenix Firestorm Project, Inc.)
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
GCI Security Guard (HKLM-x32\...\F-Secure Product 430) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
InWorldzReleaseCandidate (remove only) (HKLM-x32\...\InWorldzReleaseCandidate) (Version: 2.2.15.35036 - InWorldz, LLC)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remember Me (HKLM-x32\...\Steam App 228300) (Version: - DONTNOD Entertainment)
Runes of Magic (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 3.0.8.2349 - Frogster America Inc.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Works version 3.2 (HKLM-x32\...\{839CA7E5-5956-487D-8138-682907C5D576}_is1) (Version: 3.2 - Cybia)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VoiceMX STUDIO 4 (HKLM-x32\...\VoiceMX STUDIO 4_is1) (Version: 4.0 - Tanseon Systems)
Warzone 2100 (HKLM-x32\...\Warzone 2100) (Version: 2.3.7 - Warzone 2100 Project)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.0.8 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer Plugin - Sharper Photo (HKLM-x32\...\{DB06102B-24CD-4FB0-B41A-1A0AC8A21755}) (Version: 1.0.0.0 - JoseNet.com)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\twain_32.dll => No File <==== ATTENTION

==================== Restore Points =========================

28-10-2015 18:50:43 Scheduled Checkpoint
14-11-2015 17:39:29 Windows Update
15-11-2015 16:52:44 Installed NVIDIA PhysX
17-11-2015 20:44:16 Firestorm-Releasex64 x64
17-11-2015 20:44:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
17-11-2015 20:45:00 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
17-11-2015 20:47:42 Firestorm-Releasex64 x64

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 17:34 - 2014-10-30 16:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05782674-3320-4436-90F7-2E669CBEE05C} - System32\Tasks\{7BFF5E3E-C71B-4183-8147-3F811DCDBDC8} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe [2012-03-06] (BioWare)
Task: {106CFE5F-91BC-4FDC-950A-9B1CFD937FF0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {27FD557F-26F2-4537-9573-C3C00699B3DF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {378CD8F7-0B5B-4637-BF67-493FCC2F3105} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe [2011-08-12] ()
Task: {3866A705-1F13-4B50-8826-14B2B7A80C6E} - System32\Tasks\{3937C46C-5FE8-4783-9F59-10538DB96742} => C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
Task: {38EC09CC-1F65-40E4-9A8E-265F7CE3650C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-20] (AVAST Software)
Task: {39DDA152-FC71-4896-903B-5E05AB882110} - System32\Tasks\{8A639209-09E4-4D22-BBD8-530B371FD233} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe [2012-03-06] (BioWare)
Task: {5A34C644-0C69-4BDA-9DDB-BEE5E3CC2ED8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {6B33B83D-9035-4DA0-9983-3AE422FFF0EC} - System32\Tasks\{316AD529-56D4-4864-A329-26F1AC90F141} => pcalua.exe -a D:\AutoPlay\cd\monsetup.exe -d D:\AutoPlay\cd
Task: {A2E8492E-D82A-490A-882B-5BB14B7B0988} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {A3D333F4-3908-4696-B5E9-52013BC8114B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {C59E9803-7236-4FC7-9023-C29306BB28F1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {CC1A73CB-529D-43B5-9E1B-610F6FD6E1A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D02AA6BB-B902-4B6A-8431-073D2FE51B50} - System32\Tasks\{746942E1-5412-48E7-9A45-4A0DEFADF93F} => C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
Task: {E1284EAE-72DB-4B7A-8692-9CB2054991F5} - System32\Tasks\{502ECA6D-FBFA-45CE-864A-04BF55CFE7F3} => C:\Program Files (x86)\Firestorm-Release\Firestorm-Release.exe [2013-07-01] (The Phoenix Firestorm Project, Inc.)
Task: {E537B4FE-38B6-4316-8D94-0BB2F7B79CB5} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-27] ()
Task: {E745E7F6-17A5-4F7D-AB28-82BE63A4140F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {EFC92E57-6F4D-4D96-AA49-232B129F14D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F81D1306-B1A9-40B9-A772-6F1CCBF89383} - \{32848E10-8664-418F-98CB-A818780BBEB0} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-20 17:37 - 2014-03-04 04:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2015-04-18 21:03 - 2011-05-05 11:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2014-11-16 21:16 - 2014-11-16 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-08-12 16:03 - 2011-08-12 16:03 - 00359528 _____ () C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
2015-07-27 18:40 - 2015-07-27 18:40 - 00614464 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-09-20 09:04 - 2015-09-20 09:04 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-20 09:04 - 2015-09-20 09:04 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-20 20:41 - 2015-11-20 20:41 - 02993664 _____ () C:\Program Files\AVAST Software\Avast\defs\15112001\algo.dll
2015-11-21 12:13 - 2015-11-21 12:13 - 02994176 _____ () C:\Program Files\AVAST Software\Avast\defs\15112101\algo.dll
2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2011-07-05 17:56 - 2011-07-05 17:56 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision\RTMUI.dll
2011-07-05 17:55 - 2011-07-05 17:55 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision\RTFC.dll
2011-07-05 17:56 - 2011-07-05 17:56 - 00229376 _____ () C:\Program Files (x86)\EVGA Precision\RTCore.dll
2011-07-05 17:56 - 2011-07-05 17:56 - 00147456 _____ () C:\Program Files (x86)\EVGA Precision\RTUI.dll
2011-07-05 17:56 - 2011-07-05 17:56 - 00290816 _____ () C:\Program Files (x86)\EVGA Precision\RTHAL.dll
2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\EVGA Precision\RTTSH.dll
2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-09-20 09:04 - 2015-09-20 09:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-12 16:10 - 2015-10-05 07:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-16 20:06 - 2015-07-03 07:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-16 20:06 - 2015-07-03 07:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-16 20:06 - 2015-07-03 07:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-31 10:15 - 2015-11-09 17:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-23 10:46 - 2015-09-23 15:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-23 10:46 - 2015-09-23 15:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-23 10:46 - 2015-09-23 15:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-23 10:46 - 2015-09-23 15:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-23 10:46 - 2015-09-23 15:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-13 19:33 - 2015-11-09 17:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-26 19:56 - 2015-11-03 13:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2011-05-02 20:50 - 2015-10-08 13:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-16 20:06 - 2015-09-24 14:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-07-27 18:35 - 2015-07-27 18:35 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)



IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\100sexlinks.com -> 100sexlinks.com

There are 6051 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{806F3C11-6F75-447F-9EA4-9859453637B9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{702D8959-1637-4658-91D4-F73E7C44B0A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C82D830F-6889-483E-9BB8-57F2C59F17AE}] => (Allow) svchost.exe
FirewallRules: [{DB409C55-9F87-40AD-9F89-0E66BBE92147}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ACF5FC99-B191-4F01-AF17-DE878A70DEAB}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{0BB9804F-D1EB-40D6-860C-275B2AC67C32}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{00F0D149-2729-4DD0-8272-7BFEF6EEB3BD}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{658FCAB4-B43A-478D-840D-23ECF050F415}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{FB0622FF-93F9-429F-9D14-9887203117ED}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{D920BF21-45E5-4731-88E6-7F62A644F40B}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{93C0E394-4384-4852-8363-FD26547C0DCF}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F5B5218F-0BD1-40AA-B930-D9204EC2E98D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{B8194AFC-02AF-435A-B19A-9519E67FE93F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F99BFD05-9684-46A1-9D89-106EC537F084}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{25619D9F-3EA1-4288-AB22-7B890931915D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{04FB66BE-CDE1-4774-A74A-5CD0A3E0A3E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A27EAF3D-67BD-40A8-9393-181D9EC8F932}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4AC4AF15-5397-4BCC-A051-3D10538A5134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dungeon siege iii\Dungeon Siege III.exe
FirewallRules: [{0D4A21F1-B261-47D1-A518-167B8D238712}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dungeon siege iii\Dungeon Siege III.exe
FirewallRules: [{6874180B-5B1C-4BF4-B8B1-847D7F27FB87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C7466A51-4D7E-4B4E-BE80-8DE888B91701}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A15EA8C2-5200-4091-B0BA-E8A04BF48AD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6445FD35-6D66-4A98-8BFB-B27105A05812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{66173A2F-3153-424A-9A37-F784026321E3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{26CA978F-8559-4119-8DD2-5CC7C7086537}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1A677B90-182F-472A-8337-BB29BD2F916E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9362227F-6787-4AA3-A889-8903F7EB4444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7D5D0A9B-2F61-4C38-95ED-D00F70162579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{47440BBE-601B-47A4-9CEA-53D6640FE65D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ACE18B82-9EC1-447F-9198-C014D1535723}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{253C2381-A157-45A7-8600-97AC976A002D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{00F7CD4A-FB15-4424-A724-21830F9EDB46}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{0435E164-681A-462F-8C48-0F74FD9E3C8E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{E57AFE80-ABC6-4227-9E93-4E1201729AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{F4E5DF4A-D103-47D6-8996-F227B2A9DCDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{CE8CB4F8-0A8B-4863-B1F0-F089A6099472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{3BB6AF69-48B0-48D3-9DFA-08E09A8237EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{961C95C9-39C9-4801-809D-79CEF33FD519}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AEACDBC6-706C-41E4-B0DD-AE961BB89897}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6065977E-979A-4C21-841C-D68CEAD901E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse Basic\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{9659189B-C274-4D6C-9678-44927BFE84C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse Basic\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{90D3D9EE-88AD-422C-9175-DDBBF8FA5475}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6279E404-D105-4C6D-95A3-06E63874B5F5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C1F6816E-600A-44E1-9401-70D709FC45EF}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [{BB6F5021-3674-4D4E-BE84-2A063BE145DD}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [{9E70E0BE-02E7-4F13-9B1B-8129154CCCDC}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [{3329993E-212F-4582-89C6-15726D62C47F}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [TCP Query User{120E9E4F-B80F-450D-9E8D-71BEB26AB31A}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{87DEB21A-8374-4117-B6E8-0784414AF0B3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{61D8B32F-08EC-42F7-9DCD-1EE82309335A}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{88C94B6A-D60C-441F-9F8B-F4E5F05A5761}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [TCP Query User{1403A1AF-EB4C-4923-A757-F5D1356A27B3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{DE05D586-973C-4636-8FDF-EA3947C096F1}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{12D568B7-8E5B-4C6A-B06E-C2D886E63B90}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C8D53707-DD9D-47F2-8794-9AF2E172B08D}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{AAE8BC6C-E723-4077-94CC-2CE54FD953F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{2CF68CFD-0BA1-4265-96C2-D329D42CD2B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{35E5613C-6F93-49CE-8F36-0810F3239E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{ABBBE795-D581-47B1-B896-299289462AEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{4F7CCE2E-B3E9-43CD-90F3-D2E90CEC5A0A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A38EFB56-3A80-4904-989C-99F7464AFF8F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B333BB04-2E80-4295-AC13-9F2DEBA15326}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB3F2538-C674-4F32-8173-328A4CBCCE74}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9CEA9D8-5B61-4AE0-9756-359B24CC684C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{79265605-D942-41E2-B5E4-620A3B1A7A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{508AA12E-22CE-4968-8154-D39133184883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C352C83C-3F85-403F-874C-301F29D29DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{0C9EB26D-4621-4C12-80A7-38F3B1394922}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{6551E4B2-EDDA-41E6-A5E6-840D7D4107EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{15BB5F82-CF61-4BC4-8EC8-6944727CCCFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A52E90B7-BED5-4128-BE3E-0552FA7B07A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{C2AE7E74-D14C-4697-9AC1-BE6C854925A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{A7847178-203B-4321-BC21-84266F4D732C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [TCP Query User{0561B9A3-0B10-41D5-B26F-6B8822F59F07}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{47128F02-51E3-4ACE-BEDB-35A827B93A3B}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [TCP Query User{8093AAC6-F3A0-4B87-B233-E81638EB5380}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{6020CF2B-57FB-46C8-95C3-C9F38B3EC72E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{FDE834DC-25ED-43A8-A384-A869AA59D5A1}C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe] => (Allow) C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe
FirewallRules: [UDP Query User{6E885C96-0925-4570-BB14-A47499A75631}C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe] => (Allow) C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe
FirewallRules: [TCP Query User{E048A779-DA94-4888-9EDB-D81E085D3E8F}C:\program files\firestorm-betax64\slvoice.exe] => (Allow) C:\program files\firestorm-betax64\slvoice.exe
FirewallRules: [UDP Query User{7100AEA2-2B93-4A7A-BFF5-A100155810AE}C:\program files\firestorm-betax64\slvoice.exe] => (Allow) C:\program files\firestorm-betax64\slvoice.exe
FirewallRules: [{049E746E-F06E-47FD-A436-D60C0FDF1154}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3937EE59-28D4-49C0-97DA-A995EF4C5651}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1CBBE29-386D-469B-A3CD-E6D4CF5B0805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{363E25DD-E3ED-43FA-A370-358475B2C765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2015 06:38:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/21/2015 06:38:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/21/2015 06:38:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/21/2015 00:30:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/21/2015 00:30:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/21/2015 00:17:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/21/2015 00:17:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/21/2015 00:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2015 09:09:08 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/20/2015 09:09:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error


System errors:
=============
Error: (11/21/2015 09:08:13 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 09:06:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/21/2015 08:56:14 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 07:56:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 07:20:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 06:44:19 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 06:20:16 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 05:44:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 05:08:14 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/21/2015 04:44:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.


CodeIntegrity:
===================================
Date: 2014-10-31 17:10:13.827
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-31 17:10:13.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:45:07.000
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:45:06.969
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:24:53.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:24:53.265
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 21:41:10.922
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 21:41:10.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 20:36:13.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 20:36:13.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8173.41 MB
Available physical RAM: 6179.93 MB
Total Virtual: 16345.04 MB
Available Virtual: 13445.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:597.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E9F1C6AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Dirtbag (administrator) on DIRTBAG-PC (21-11-2015 21:07:37)
Running from C:\Users\Dirtbag\Desktop
Loaded Profiles: Dirtbag (Available Profiles: Dirtbag & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-14] (AVAST Software)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286784 2015-09-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe [875208 2015-09-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-20] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-08]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52765;https=127.0.0.1:52765
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =








BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-18] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)


Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-08] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2787044202-2378965189-2633346745-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-19] ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

Chrome:
=======



CHR DefaultSearchKeyword: Default -> yahoo.com

CHR Profile: C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-03]
CHR Extension: (YouTube) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-03]
CHR Extension: (Google Search) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-03]
CHR Extension: (Google Sheets) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Avast Online Security) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-20] (AVAST Software)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-16] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-08] (RealNetworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-20] (AVAST Software)
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [145408 2014-01-08] (SteelSeries Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-02] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-11-16] (CACE Technologies, Inc.)
R3 RTCore64; C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2011-08-12] ()
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 21:07 - 2015-11-21 21:07 - 02345984 _____ (Farbar) C:\Users\Dirtbag\Desktop\FRST64.exe
2015-11-21 21:07 - 2015-11-21 21:07 - 00033023 _____ C:\Users\Dirtbag\Desktop\FRST.txt
2015-11-21 21:07 - 2015-11-21 21:07 - 00000000 ____D C:\FRST
2015-11-20 22:59 - 2015-11-20 22:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dirtbag\Desktop\HijackThis.exe
2015-11-20 22:59 - 2015-11-20 22:59 - 00010444 _____ C:\Users\Dirtbag\Desktop\hijackthis.log
2015-11-17 20:46 - 2015-11-17 20:47 - 00000000 ____D C:\Program Files\Firestorm-Releasex64
2015-11-17 20:46 - 2015-11-17 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-11-17 20:42 - 2015-11-17 20:43 - 85407072 _____ (The Phoenix Firestorm Project, Inc.) C:\Users\Dirtbag\Downloads\Phoenix-FirestormOS-Releasex64-4-7-5-47975_Setup.exe
2015-11-16 21:00 - 2015-11-16 21:00 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2015-11-16 21:00 - 2015-11-16 21:00 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2015-11-16 21:00 - 2015-11-16 21:00 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-11-15 16:52 - 2015-11-15 16:52 - 35648512 _____ C:\Users\Dirtbag\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2015-11-15 13:40 - 2015-11-15 13:40 - 00000222 _____ C:\Users\Dirtbag\Desktop\Remember Me.url
2015-11-15 11:29 - 2015-11-15 11:31 - 00000000 ____D C:\Users\Dirtbag\California trip 2015
2015-11-12 22:22 - 2015-11-03 13:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-12 22:22 - 2015-11-03 12:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-12 22:22 - 2015-11-03 08:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 22:22 - 2015-10-30 14:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-12 22:22 - 2015-10-30 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-12 22:22 - 2015-10-30 14:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-12 22:22 - 2015-10-30 14:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-12 22:22 - 2015-10-30 14:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-12 22:22 - 2015-10-30 14:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-12 22:22 - 2015-10-30 14:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-12 22:22 - 2015-10-30 14:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-12 22:22 - 2015-10-30 14:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-12 22:22 - 2015-10-30 14:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-12 22:22 - 2015-10-30 14:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-12 22:22 - 2015-10-30 14:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-12 22:22 - 2015-10-30 14:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-12 22:22 - 2015-10-30 14:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-12 22:22 - 2015-10-30 14:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-12 22:22 - 2015-10-30 14:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-12 22:22 - 2015-10-30 14:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-12 22:22 - 2015-10-30 14:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-12 22:22 - 2015-10-30 14:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-12 22:22 - 2015-10-30 13:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-12 22:22 - 2015-10-30 13:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 22:22 - 2015-10-30 13:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-12 22:22 - 2015-10-30 13:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-12 22:22 - 2015-10-30 13:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-12 22:22 - 2015-10-30 13:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-12 22:22 - 2015-10-30 13:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-12 22:22 - 2015-10-30 13:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-12 22:22 - 2015-10-30 13:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-12 22:22 - 2015-10-30 13:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-12 22:22 - 2015-10-30 13:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-12 22:22 - 2015-10-30 13:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-12 22:22 - 2015-10-30 13:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-12 22:22 - 2015-10-30 13:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-12 22:22 - 2015-10-30 13:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-12 22:22 - 2015-10-30 13:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-12 22:22 - 2015-10-30 13:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-12 22:22 - 2015-10-30 13:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-12 22:22 - 2015-10-30 13:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-12 22:22 - 2015-10-30 13:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-12 22:22 - 2015-10-30 13:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-12 22:22 - 2015-10-30 13:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-12 22:22 - 2015-10-30 13:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-12 22:22 - 2015-10-30 13:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-12 22:22 - 2015-10-30 13:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-12 22:22 - 2015-10-30 13:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 22:22 - 2015-10-30 13:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-12 22:22 - 2015-10-30 13:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-12 22:22 - 2015-10-30 13:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-12 22:22 - 2015-10-30 13:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-12 22:22 - 2015-10-30 13:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-12 22:22 - 2015-10-30 13:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-12 22:22 - 2015-10-30 13:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-12 22:22 - 2015-10-30 13:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-12 22:22 - 2015-10-30 13:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-12 22:22 - 2015-10-30 13:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-12 22:22 - 2015-10-30 13:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-12 22:22 - 2015-10-30 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-12 22:22 - 2015-10-30 13:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-12 22:22 - 2015-10-30 12:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-12 22:22 - 2015-10-30 12:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-12 22:22 - 2015-10-30 12:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-12 22:22 - 2015-10-30 12:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-12 22:22 - 2015-10-20 09:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-12 22:22 - 2015-10-20 09:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-12 22:22 - 2015-10-20 09:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-12 22:22 - 2015-10-20 09:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-12 22:22 - 2015-10-20 08:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-12 22:22 - 2015-10-19 16:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 22:22 - 2015-10-19 16:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 22:22 - 2015-10-19 16:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 22:22 - 2015-10-19 16:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-12 22:22 - 2015-10-19 16:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-12 22:22 - 2015-10-19 16:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-12 22:22 - 2015-10-19 16:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-12 22:22 - 2015-10-19 16:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-12 22:22 - 2015-10-19 16:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-12 22:22 - 2015-10-19 16:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-12 22:22 - 2015-10-19 15:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-12 22:22 - 2015-10-19 15:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-12 22:22 - 2015-10-19 15:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-12 22:22 - 2015-10-19 15:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-12 22:22 - 2015-10-19 15:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-12 22:22 - 2015-10-19 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-12 22:22 - 2015-10-19 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 22:22 - 2015-10-19 14:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-12 22:22 - 2015-10-19 14:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 22:22 - 2015-10-19 14:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-12 22:22 - 2015-10-19 14:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-12 22:22 - 2015-10-19 14:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 22:22 - 2015-10-13 07:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 22:22 - 2015-10-13 07:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 22:22 - 2015-10-12 19:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 22:22 - 2015-10-01 09:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-12 22:22 - 2015-10-01 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-12 22:22 - 2015-10-01 08:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-12 22:22 - 2015-09-23 04:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 22:22 - 2015-09-23 04:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 22:22 - 2015-09-23 04:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 20:55 - 2011-04-23 11:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-21 18:51 - 2011-04-23 11:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 18:19 - 2014-03-13 20:46 - 00000000 ____D C:\Users\Dirtbag\AppData\Local\FirestormOS_x64
2015-11-21 15:55 - 2011-04-20 07:29 - 01365361 _____ C:\Windows\WindowsUpdate.log
2015-11-21 15:04 - 2011-05-02 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-21 12:20 - 2009-07-13 19:45 - 00025632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-21 12:20 - 2009-07-13 19:45 - 00025632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-21 12:17 - 2009-07-13 20:13 - 00006526 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 12:12 - 2014-10-24 17:55 - 00024016 _____ C:\Windows\setupact.log
2015-11-21 12:12 - 2012-07-18 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-21 12:12 - 2009-07-13 20:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 21:21 - 2015-06-02 16:17 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001
2015-11-19 21:21 - 2015-04-05 15:39 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001
2015-11-18 19:22 - 2014-08-25 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-18 19:22 - 2014-08-25 17:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-18 19:21 - 2015-09-08 20:06 - 00000000 ____D C:\Users\Dirtbag\.oracle_jre_usage
2015-11-18 19:21 - 2014-08-25 17:30 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 20:47 - 2014-12-11 21:52 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-17 20:46 - 2014-08-17 17:18 - 00000964 _____ C:\Users\Public\Desktop\Firestorm-Releasex64.lnk
2015-11-17 20:02 - 2014-11-19 15:45 - 00000000 ____D C:\Users\Dirtbag\AppData\Local\CrashDumps
2015-11-16 21:00 - 2013-01-26 18:42 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-11-16 21:00 - 2013-01-26 18:42 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-11-16 21:00 - 2013-01-26 18:42 - 00002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-11-16 21:00 - 2013-01-26 18:42 - 00000000 ____D C:\Users\Dirtbag\AppData\Local\NETGEARGenie
2015-11-16 21:00 - 2013-01-26 18:42 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2015-11-16 17:33 - 2014-07-04 12:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-15 16:54 - 2011-04-22 16:49 - 00000000 ____D C:\Users\Dirtbag
2015-11-15 16:54 - 2011-04-20 07:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-15 16:10 - 2011-06-21 12:52 - 00000000 ____D C:\Users\Dirtbag\Documents\My Games
2015-11-14 18:49 - 2009-07-13 18:20 - 00000000 ____D C:\Windows\rescache
2015-11-14 18:12 - 2009-07-13 19:45 - 00293632 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 17:55 - 2013-08-13 21:27 - 00000000 ____D C:\Windows\system32\MRT
2015-11-14 17:51 - 2011-04-25 13:18 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-14 17:45 - 2010-11-20 22:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-14 17:41 - 2014-07-04 12:46 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-14 17:41 - 2014-07-04 12:46 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Files in the root of some directories =======

2013-06-01 13:48 - 2013-06-01 13:51 - 4774227 _____ () C:\Users\Dirtbag\AppData\Roaming\CleanUp!.log
2013-07-12 19:51 - 2014-04-13 21:30 - 0000044 _____ () C:\Users\Dirtbag\AppData\Roaming\mbam.context.scan
2014-03-29 10:48 - 2014-03-29 10:48 - 0001181 _____ () C:\Users\Dirtbag\AppData\Roaming\trace_FilterInstaller.1.txt
2014-03-29 10:48 - 2014-03-29 10:59 - 0000919 _____ () C:\Users\Dirtbag\AppData\Roaming\trace_FilterInstaller.txt
2014-03-29 10:48 - 2014-03-29 10:59 - 0000000 _____ () C:\Users\Dirtbag\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2011-07-18 20:24 - 2012-10-28 21:31 - 0005120 _____ () C:\Users\Dirtbag\AppData\Local\Databases.db
2012-02-16 22:31 - 2012-08-26 13:48 - 0010752 _____ () C:\Users\Dirtbag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-26 18:58 - 2014-04-12 16:50 - 0007608 _____ () C:\Users\Dirtbag\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Dirtbag\AppData\Local\Temp\CloudBackup7971.exe
C:\Users\Dirtbag\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Dirtbag\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Dirtbag\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Dirtbag\AppData\Local\Temp\lowproc.exe
C:\Users\Dirtbag\AppData\Local\Temp\mpsetup.exe
C:\Users\Dirtbag\AppData\Local\Temp\rnsetup0.exe
C:\Users\Dirtbag\AppData\Local\Temp\SpOrder.dll
C:\Users\Dirtbag\AppData\Local\Temp\stubhelper.dll
C:\Users\Dirtbag\AppData\Local\Temp\wpsetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 21:06

==================== End of FRST.txt ============================

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 22 November 2015 - 06:39 PM

Please download AdwCleaner by Xplode onto your desktop.

 

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can also find the log file at C:\AdwCleaner
     
    In addition:
    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
     
    Also: Please download TFC by Old Timer and save it to your desktop.
    http://www.itxassoci...T-Tools/TFC.exe
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it.
    NOTE: If you are using Vista, Windows 7/8  right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately.
     
    Post the logs from Adwcleaner and JRT and keep me informed how things are now running

         Can you also do a fresh scan with Farbar and post a fresh log> frst.txt


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 22 November 2015 - 07:54 PM

Im not sure I notice a difference now although it does seem much faster, its hard to tell but here are the logs you asked for.


# AdwCleaner v5.022 - Logfile created 22/11/2015 at 16:47:46
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Dirtbag - DIRTBAG-PC
# Running from : C:\Users\Dirtbag\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\WebBar
[-] Folder Deleted : C:\Program Files (x86)\DriverTuner


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 7 Professional x64
Ran by Dirtbag (Administrator) on Sun 11/22/2015 at 16:54:26.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Dirtbag\AppData\Local\crashrpt (Folder)



Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\DrvAgent64 (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/22/2015 at 16:57:04.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : LaunchSignup

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Define Ext
[-] Key Deleted : HKLM\SOFTWARE\Define Ext
[-] Key Deleted : HKLM\SOFTWARE\DriverTuner_Init
[-] Key Deleted : HKLM\SOFTWARE\DriverTuner
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

***** [ Web browsers ] *****

[-] [C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Email Removed
[-] [C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3817 bytes] ##########


Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 313336 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dirtbag
->Temp folder emptied: 121607210 bytes
->Temporary Internet Files folder emptied: 1707755903 bytes
->Java cache emptied: 31329 bytes
->Google Chrome cache emptied: 423168542 bytes
->Flash cache emptied: 203273 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Dirtbag-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1524669 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 326479796 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 2,462.00 mb

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
Ran by Dirtbag (administrator) on DIRTBAG-PC (22-11-2015 17:05:36)
Running from C:\Users\Dirtbag\Desktop
Loaded Profiles: Dirtbag (Available Profiles: Dirtbag & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-14] (AVAST Software)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286784 2015-09-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-20] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-08]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52765;https=127.0.0.1:52765
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =





SearchScopes: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-18] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)


Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-08] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2787044202-2378965189-2633346745-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-19] ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

Chrome:
=======



CHR DefaultSearchKeyword: Default -> yahoo.com

CHR Profile: C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-03]
CHR Extension: (YouTube) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-03]
CHR Extension: (Google Search) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-03]
CHR Extension: (Google Sheets) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Avast Online Security) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Dirtbag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-20] (AVAST Software)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-16] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-08] (RealNetworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-20] (AVAST Software)
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [145408 2014-01-08] (SteelSeries Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-02] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-11-16] (CACE Technologies, Inc.)
R3 RTCore64; C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2011-08-12] ()
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 17:05 - 2015-11-22 17:05 - 00031250 _____ C:\Users\Dirtbag\Desktop\FRST.txt
2015-11-22 17:05 - 2015-11-22 17:05 - 00000000 ____D C:\Users\Dirtbag\Desktop\FRST-OlderVersion
2015-11-22 16:59 - 2015-11-22 16:59 - 00448512 _____ (OldTimer Tools) C:\Users\Dirtbag\Desktop\TFC.exe
2015-11-22 16:59 - 2015-11-22 16:59 - 00000000 _____ C:\Users\Dirtbag\Desktop\TFC.exe.bdxch21.partial
2015-11-22 16:57 - 2015-11-22 16:57 - 00000833 _____ C:\Users\Dirtbag\Desktop\JRT.txt
2015-11-22 16:52 - 2015-11-22 16:52 - 01599080 _____ (Malwarebytes) C:\Users\Dirtbag\Desktop\JRT.exe
2015-11-22 16:45 - 2015-11-22 16:47 - 00000000 ____D C:\AdwCleaner
2015-11-22 16:43 - 2015-11-22 16:43 - 01733632 _____ C:\Users\Dirtbag\Desktop\AdwCleaner.exe
2015-11-22 13:55 - 2015-11-22 13:56 - 00291728 _____ C:\Windows\Minidump\112215-13353-01.dmp
2015-11-21 21:07 - 2015-11-22 17:05 - 02346496 _____ (Farbar) C:\Users\Dirtbag\Desktop\FRST64.exe
2015-11-21 21:07 - 2015-11-22 17:05 - 00000000 ____D C:\FRST
2015-11-20 22:59 - 2015-11-20 22:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dirtbag\Desktop\HijackThis.exe
2015-11-20 22:59 - 2015-11-20 22:59 - 00010444 _____ C:\Users\Dirtbag\Desktop\hijackthis.log
2015-11-17 20:46 - 2015-11-17 20:47 - 00000000 ____D C:\Program Files\Firestorm-Releasex64
2015-11-17 20:46 - 2015-11-17 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-11-17 20:42 - 2015-11-17 20:43 - 85407072 _____ (The Phoenix Firestorm Project, Inc.) C:\Users\Dirtbag\Downloads\Phoenix-FirestormOS-Releasex64-4-7-5-47975_Setup.exe
2015-11-16 21:00 - 2015-11-16 21:00 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2015-11-16 21:00 - 2015-11-16 21:00 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2015-11-16 21:00 - 2015-11-16 21:00 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-11-15 16:52 - 2015-11-15 16:52 - 35648512 _____ C:\Users\Dirtbag\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2015-11-15 13:40 - 2015-11-15 13:40 - 00000222 _____ C:\Users\Dirtbag\Desktop\Remember Me.url
2015-11-15 11:29 - 2015-11-15 11:31 - 00000000 ____D C:\Users\Dirtbag\California trip 2015
2015-11-12 22:22 - 2015-11-03 13:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-12 22:22 - 2015-11-03 12:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-12 22:22 - 2015-11-03 08:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 22:22 - 2015-10-30 14:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-12 22:22 - 2015-10-30 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-12 22:22 - 2015-10-30 14:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-12 22:22 - 2015-10-30 14:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-12 22:22 - 2015-10-30 14:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-12 22:22 - 2015-10-30 14:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-12 22:22 - 2015-10-30 14:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-12 22:22 - 2015-10-30 14:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-12 22:22 - 2015-10-30 14:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-12 22:22 - 2015-10-30 14:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-12 22:22 - 2015-10-30 14:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-12 22:22 - 2015-10-30 14:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-12 22:22 - 2015-10-30 14:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-12 22:22 - 2015-10-30 14:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-12 22:22 - 2015-10-30 14:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-12 22:22 - 2015-10-30 14:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-12 22:22 - 2015-10-30 14:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-12 22:22 - 2015-10-30 14:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-12 22:22 - 2015-10-30 14:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-12 22:22 - 2015-10-30 13:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-12 22:22 - 2015-10-30 13:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 22:22 - 2015-10-30 13:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-12 22:22 - 2015-10-30 13:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-12 22:22 - 2015-10-30 13:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-12 22:22 - 2015-10-30 13:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-12 22:22 - 2015-10-30 13:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-12 22:22 - 2015-10-30 13:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-12 22:22 - 2015-10-30 13:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-12 22:22 - 2015-10-30 13:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-12 22:22 - 2015-10-30 13:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-12 22:22 - 2015-10-30 13:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-12 22:22 - 2015-10-30 13:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-12 22:22 - 2015-10-30 13:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-12 22:22 - 2015-10-30 13:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-12 22:22 - 2015-10-30 13:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-12 22:22 - 2015-10-30 13:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-12 22:22 - 2015-10-30 13:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-12 22:22 - 2015-10-30 13:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-12 22:22 - 2015-10-30 13:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-12 22:22 - 2015-10-30 13:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-12 22:22 - 2015-10-30 13:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-12 22:22 - 2015-10-30 13:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-12 22:22 - 2015-10-30 13:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-12 22:22 - 2015-10-30 13:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-12 22:22 - 2015-10-30 13:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 22:22 - 2015-10-30 13:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-12 22:22 - 2015-10-30 13:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-12 22:22 - 2015-10-30 13:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-12 22:22 - 2015-10-30 13:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-12 22:22 - 2015-10-30 13:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-12 22:22 - 2015-10-30 13:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-12 22:22 - 2015-10-30 13:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-12 22:22 - 2015-10-30 13:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-12 22:22 - 2015-10-30 13:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-12 22:22 - 2015-10-30 13:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-12 22:22 - 2015-10-30 13:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-12 22:22 - 2015-10-30 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-12 22:22 - 2015-10-30 13:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-12 22:22 - 2015-10-30 12:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-12 22:22 - 2015-10-30 12:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-12 22:22 - 2015-10-30 12:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-12 22:22 - 2015-10-30 12:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-12 22:22 - 2015-10-20 09:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-12 22:22 - 2015-10-20 09:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-12 22:22 - 2015-10-20 09:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-12 22:22 - 2015-10-20 09:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-12 22:22 - 2015-10-20 09:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-12 22:22 - 2015-10-20 08:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-12 22:22 - 2015-10-20 08:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-12 22:22 - 2015-10-19 16:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 22:22 - 2015-10-19 16:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 22:22 - 2015-10-19 16:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 22:22 - 2015-10-19 16:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-12 22:22 - 2015-10-19 16:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-12 22:22 - 2015-10-19 16:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-12 22:22 - 2015-10-19 16:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-12 22:22 - 2015-10-19 16:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-12 22:22 - 2015-10-19 16:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-12 22:22 - 2015-10-19 16:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-12 22:22 - 2015-10-19 16:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-12 22:22 - 2015-10-19 16:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-12 22:22 - 2015-10-19 15:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-12 22:22 - 2015-10-19 15:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-12 22:22 - 2015-10-19 15:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-12 22:22 - 2015-10-19 15:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-12 22:22 - 2015-10-19 15:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-12 22:22 - 2015-10-19 15:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-12 22:22 - 2015-10-19 15:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-12 22:22 - 2015-10-19 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-12 22:22 - 2015-10-19 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 15:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 22:22 - 2015-10-19 14:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-12 22:22 - 2015-10-19 14:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 22:22 - 2015-10-19 14:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-12 22:22 - 2015-10-19 14:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-12 22:22 - 2015-10-19 14:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 22:22 - 2015-10-19 14:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 22:22 - 2015-10-13 07:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 22:22 - 2015-10-13 07:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 22:22 - 2015-10-12 19:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 22:22 - 2015-10-01 09:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-12 22:22 - 2015-10-01 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-12 22:22 - 2015-10-01 08:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-12 22:22 - 2015-09-23 04:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 22:22 - 2015-09-23 04:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 22:22 - 2015-09-23 04:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 16:57 - 2009-07-13 19:45 - 00025632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 16:57 - 2009-07-13 19:45 - 00025632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 16:54 - 2009-07-13 20:13 - 00006526 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-22 16:52 - 2011-04-20 07:29 - 01408536 _____ C:\Windows\WindowsUpdate.log
2015-11-22 16:51 - 2011-04-23 11:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-22 16:49 - 2014-10-24 17:55 - 00024296 _____ C:\Windows\setupact.log
2015-11-22 16:49 - 2012-07-18 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-22 16:49 - 2011-04-23 11:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-22 16:49 - 2009-07-13 20:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-22 15:58 - 2014-03-13 20:46 - 00000000 ____D C:\Users\Dirtbag\AppData\Local\FirestormOS_x64
2015-11-22 13:55 - 2014-11-24 19:17 - 783721419 _____ C:\Windows\MEMORY.DMP
2015-11-22 13:55 - 2011-12-28 15:20 - 00000000 ____D C:\Windows\Minidump
2015-11-21 21:11 - 2011-05-02 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-19 21:21 - 2015-06-02 16:17 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001
2015-11-19 21:21 - 2015-04-05 15:39 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001
2015-11-18 19:22 - 2014-08-25 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-18 19:22 - 2014-08-25 17:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-18 19:21 - 2015-09-08 20:06 - 00000000 ____D C:\Users\Dirtbag\.oracle_jre_usage
2015-11-18 19:21 - 2014-08-25 17:30 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 20:47 - 2014-12-11 21:52 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-17 20:46 - 2014-08-17 17:18 - 00000964 _____ C:\Users\Public\Desktop\Firestorm-Releasex64.lnk
2015-11-17 20:02 - 2014-11-19 15:45 - 00000000 ____D C:\Users\Dirtbag\AppData\Local\CrashDumps
2015-11-16 21:00 - 2013-01-26 18:42 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-11-16 21:00 - 2013-01-26 18:42 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-11-16 21:00 - 2013-01-26 18:42 - 00002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-11-16 21:00 - 2013-01-26 18:42 - 00000000 ____D C:\Users\Dirtbag\AppData\Local\NETGEARGenie
2015-11-16 21:00 - 2013-01-26 18:42 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2015-11-16 17:33 - 2014-07-04 12:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-15 16:54 - 2011-04-22 16:49 - 00000000 ____D C:\Users\Dirtbag
2015-11-15 16:54 - 2011-04-20 07:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-15 16:10 - 2011-06-21 12:52 - 00000000 ____D C:\Users\Dirtbag\Documents\My Games
2015-11-14 18:49 - 2009-07-13 18:20 - 00000000 ____D C:\Windows\rescache
2015-11-14 18:12 - 2009-07-13 19:45 - 00293632 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 17:55 - 2013-08-13 21:27 - 00000000 ____D C:\Windows\system32\MRT
2015-11-14 17:51 - 2011-04-25 13:18 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-14 17:45 - 2010-11-20 22:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-14 17:41 - 2014-07-04 12:46 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-14 17:41 - 2014-07-04 12:46 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Files in the root of some directories =======

2013-06-01 13:48 - 2013-06-01 13:51 - 4774227 _____ () C:\Users\Dirtbag\AppData\Roaming\CleanUp!.log
2013-07-12 19:51 - 2014-04-13 21:30 - 0000044 _____ () C:\Users\Dirtbag\AppData\Roaming\mbam.context.scan
2014-03-29 10:48 - 2014-03-29 10:48 - 0001181 _____ () C:\Users\Dirtbag\AppData\Roaming\trace_FilterInstaller.1.txt
2014-03-29 10:48 - 2014-03-29 10:59 - 0000919 _____ () C:\Users\Dirtbag\AppData\Roaming\trace_FilterInstaller.txt
2014-03-29 10:48 - 2014-03-29 10:59 - 0000000 _____ () C:\Users\Dirtbag\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2011-07-18 20:24 - 2012-10-28 21:31 - 0005120 _____ () C:\Users\Dirtbag\AppData\Local\Databases.db
2012-02-16 22:31 - 2012-08-26 13:48 - 0010752 _____ () C:\Users\Dirtbag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-26 18:58 - 2014-04-12 16:50 - 0007608 _____ () C:\Users\Dirtbag\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 21:06

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Dirtbag (2015-11-22 17:06:00)
Running from C:\Users\Dirtbag\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-04-23 01:49:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2787044202-2378965189-2633346745-500 - Administrator - Disabled)
Dirtbag (S-1-5-21-2787044202-2378965189-2633346745-1001 - Administrator - Enabled) => C:\Users\Dirtbag
Guest (S-1-5-21-2787044202-2378965189-2633346745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2787044202-2378965189-2633346745-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-2787044202-2378965189-2633346745-1007 - Limited - Enabled) => C:\Users\UpdatusUser.Dirtbag-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Blender (HKLM\...\Blender) (Version: 2.62-release - Blender Foundation)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11222.0 - Cisco Consumer Products LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.28) (Version: 1.1.0.28 - DAZ 3D)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.1.9558 - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version: - )
Dungeon Siege III (HKLM-x32\...\Steam App 39160) (Version: - Obsidian Entertainment)
EVGA Precision 2.0.4 (HKLM-x32\...\Precision) (Version: 2.0.4 - EVGA Corporation)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.4.2.34167 - The Phoenix Firestorm Project, Inc.)
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
GCI Security Guard (HKLM-x32\...\F-Secure Product 430) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
InWorldzReleaseCandidate (remove only) (HKLM-x32\...\InWorldzReleaseCandidate) (Version: 2.2.15.35036 - InWorldz, LLC)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remember Me (HKLM-x32\...\Steam App 228300) (Version: - DONTNOD Entertainment)
Runes of Magic (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 3.0.8.2349 - Frogster America Inc.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Works version 3.2 (HKLM-x32\...\{839CA7E5-5956-487D-8138-682907C5D576}_is1) (Version: 3.2 - Cybia)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VoiceMX STUDIO 4 (HKLM-x32\...\VoiceMX STUDIO 4_is1) (Version: 4.0 - Tanseon Systems)
Warzone 2100 (HKLM-x32\...\Warzone 2100) (Version: 2.3.7 - Warzone 2100 Project)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.0.8 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer Plugin - Sharper Photo (HKLM-x32\...\{DB06102B-24CD-4FB0-B41A-1A0AC8A21755}) (Version: 1.0.0.0 - JoseNet.com)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\twain_32.dll => No File <==== ATTENTION

==================== Restore Points =========================

15-11-2015 16:52:44 Installed NVIDIA PhysX
17-11-2015 20:44:16 Firestorm-Releasex64 x64
17-11-2015 20:44:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
17-11-2015 20:45:00 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
17-11-2015 20:47:42 Firestorm-Releasex64 x64
22-11-2015 16:54:30 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 17:34 - 2014-10-30 16:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05782674-3320-4436-90F7-2E669CBEE05C} - System32\Tasks\{7BFF5E3E-C71B-4183-8147-3F811DCDBDC8} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe [2012-03-06] (BioWare)
Task: {106CFE5F-91BC-4FDC-950A-9B1CFD937FF0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {378CD8F7-0B5B-4637-BF67-493FCC2F3105} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe [2011-08-12] ()
Task: {3866A705-1F13-4B50-8826-14B2B7A80C6E} - System32\Tasks\{3937C46C-5FE8-4783-9F59-10538DB96742} => C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
Task: {38EC09CC-1F65-40E4-9A8E-265F7CE3650C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-20] (AVAST Software)
Task: {39DDA152-FC71-4896-903B-5E05AB882110} - System32\Tasks\{8A639209-09E4-4D22-BBD8-530B371FD233} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe [2012-03-06] (BioWare)
Task: {5A34C644-0C69-4BDA-9DDB-BEE5E3CC2ED8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {6B33B83D-9035-4DA0-9983-3AE422FFF0EC} - System32\Tasks\{316AD529-56D4-4864-A329-26F1AC90F141} => pcalua.exe -a D:\AutoPlay\cd\monsetup.exe -d D:\AutoPlay\cd
Task: {A2E8492E-D82A-490A-882B-5BB14B7B0988} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {A3D333F4-3908-4696-B5E9-52013BC8114B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {C59E9803-7236-4FC7-9023-C29306BB28F1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {CC1A73CB-529D-43B5-9E1B-610F6FD6E1A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D02AA6BB-B902-4B6A-8431-073D2FE51B50} - System32\Tasks\{746942E1-5412-48E7-9A45-4A0DEFADF93F} => C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
Task: {E1284EAE-72DB-4B7A-8692-9CB2054991F5} - System32\Tasks\{502ECA6D-FBFA-45CE-864A-04BF55CFE7F3} => C:\Program Files (x86)\Firestorm-Release\Firestorm-Release.exe [2013-07-01] (The Phoenix Firestorm Project, Inc.)
Task: {E537B4FE-38B6-4316-8D94-0BB2F7B79CB5} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-27] ()
Task: {E745E7F6-17A5-4F7D-AB28-82BE63A4140F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2787044202-2378965189-2633346745-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {EFC92E57-6F4D-4D96-AA49-232B129F14D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F81D1306-B1A9-40B9-A772-6F1CCBF89383} - \{32848E10-8664-418F-98CB-A818780BBEB0} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



==================== Loaded Modules (Whitelisted) ==============

2015-04-18 21:03 - 2011-05-05 11:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2015-04-18 21:03 - 2011-05-05 11:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2015-04-18 21:03 - 2011-05-05 11:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2014-11-16 21:16 - 2014-11-16 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-09-20 09:04 - 2015-09-20 09:04 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-20 09:04 - 2015-09-20 09:04 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-22 09:33 - 2015-11-22 09:33 - 02994176 _____ () C:\Program Files\AVAST Software\Avast\defs\15112201\algo.dll
2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-09-20 09:04 - 2015-09-20 09:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)



IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\...\100sexlinks.com -> 100sexlinks.com

There are 6051 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2787044202-2378965189-2633346745-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dirtbag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{806F3C11-6F75-447F-9EA4-9859453637B9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{702D8959-1637-4658-91D4-F73E7C44B0A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C82D830F-6889-483E-9BB8-57F2C59F17AE}] => (Allow) svchost.exe
FirewallRules: [{DB409C55-9F87-40AD-9F89-0E66BBE92147}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ACF5FC99-B191-4F01-AF17-DE878A70DEAB}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{0BB9804F-D1EB-40D6-860C-275B2AC67C32}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{00F0D149-2729-4DD0-8272-7BFEF6EEB3BD}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{658FCAB4-B43A-478D-840D-23ECF050F415}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{FB0622FF-93F9-429F-9D14-9887203117ED}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{D920BF21-45E5-4731-88E6-7F62A644F40B}] => (Allow) C:\Program Files (x86)\Warzone 2100\warzone2100.exe
FirewallRules: [{93C0E394-4384-4852-8363-FD26547C0DCF}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F5B5218F-0BD1-40AA-B930-D9204EC2E98D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{B8194AFC-02AF-435A-B19A-9519E67FE93F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F99BFD05-9684-46A1-9D89-106EC537F084}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{25619D9F-3EA1-4288-AB22-7B890931915D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{04FB66BE-CDE1-4774-A74A-5CD0A3E0A3E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A27EAF3D-67BD-40A8-9393-181D9EC8F932}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4AC4AF15-5397-4BCC-A051-3D10538A5134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dungeon siege iii\Dungeon Siege III.exe
FirewallRules: [{0D4A21F1-B261-47D1-A518-167B8D238712}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dungeon siege iii\Dungeon Siege III.exe
FirewallRules: [{6874180B-5B1C-4BF4-B8B1-847D7F27FB87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C7466A51-4D7E-4B4E-BE80-8DE888B91701}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A15EA8C2-5200-4091-B0BA-E8A04BF48AD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6445FD35-6D66-4A98-8BFB-B27105A05812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{66173A2F-3153-424A-9A37-F784026321E3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{26CA978F-8559-4119-8DD2-5CC7C7086537}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1A677B90-182F-472A-8337-BB29BD2F916E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9362227F-6787-4AA3-A889-8903F7EB4444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7D5D0A9B-2F61-4C38-95ED-D00F70162579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{47440BBE-601B-47A4-9CEA-53D6640FE65D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ACE18B82-9EC1-447F-9198-C014D1535723}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{253C2381-A157-45A7-8600-97AC976A002D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{00F7CD4A-FB15-4424-A724-21830F9EDB46}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{0435E164-681A-462F-8C48-0F74FD9E3C8E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{E57AFE80-ABC6-4227-9E93-4E1201729AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{F4E5DF4A-D103-47D6-8996-F227B2A9DCDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{CE8CB4F8-0A8B-4863-B1F0-F089A6099472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{3BB6AF69-48B0-48D3-9DFA-08E09A8237EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{961C95C9-39C9-4801-809D-79CEF33FD519}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AEACDBC6-706C-41E4-B0DD-AE961BB89897}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6065977E-979A-4C21-841C-D68CEAD901E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse Basic\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{9659189B-C274-4D6C-9678-44927BFE84C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse Basic\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{90D3D9EE-88AD-422C-9175-DDBBF8FA5475}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6279E404-D105-4C6D-95A3-06E63874B5F5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C1F6816E-600A-44E1-9401-70D709FC45EF}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [{BB6F5021-3674-4D4E-BE84-2A063BE145DD}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [{9E70E0BE-02E7-4F13-9B1B-8129154CCCDC}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [{3329993E-212F-4582-89C6-15726D62C47F}] => (Allow) C:\Program Files\Firestorm-Releasex64\Firestorm-bin.exe
FirewallRules: [TCP Query User{120E9E4F-B80F-450D-9E8D-71BEB26AB31A}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{87DEB21A-8374-4117-B6E8-0784414AF0B3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{61D8B32F-08EC-42F7-9DCD-1EE82309335A}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{88C94B6A-D60C-441F-9F8B-F4E5F05A5761}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [TCP Query User{1403A1AF-EB4C-4923-A757-F5D1356A27B3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{DE05D586-973C-4636-8FDF-EA3947C096F1}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{12D568B7-8E5B-4C6A-B06E-C2D886E63B90}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C8D53707-DD9D-47F2-8794-9AF2E172B08D}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{AAE8BC6C-E723-4077-94CC-2CE54FD953F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{2CF68CFD-0BA1-4265-96C2-D329D42CD2B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{35E5613C-6F93-49CE-8F36-0810F3239E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{ABBBE795-D581-47B1-B896-299289462AEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{4F7CCE2E-B3E9-43CD-90F3-D2E90CEC5A0A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A38EFB56-3A80-4904-989C-99F7464AFF8F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B333BB04-2E80-4295-AC13-9F2DEBA15326}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB3F2538-C674-4F32-8173-328A4CBCCE74}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9CEA9D8-5B61-4AE0-9756-359B24CC684C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{79265605-D942-41E2-B5E4-620A3B1A7A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{508AA12E-22CE-4968-8154-D39133184883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C352C83C-3F85-403F-874C-301F29D29DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{0C9EB26D-4621-4C12-80A7-38F3B1394922}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{6551E4B2-EDDA-41E6-A5E6-840D7D4107EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{15BB5F82-CF61-4BC4-8EC8-6944727CCCFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A52E90B7-BED5-4128-BE3E-0552FA7B07A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{C2AE7E74-D14C-4697-9AC1-BE6C854925A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{A7847178-203B-4321-BC21-84266F4D732C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [TCP Query User{0561B9A3-0B10-41D5-B26F-6B8822F59F07}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{47128F02-51E3-4ACE-BEDB-35A827B93A3B}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [TCP Query User{8093AAC6-F3A0-4B87-B233-E81638EB5380}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{6020CF2B-57FB-46C8-95C3-C9F38B3EC72E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{FDE834DC-25ED-43A8-A384-A869AA59D5A1}C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe] => (Allow) C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe
FirewallRules: [UDP Query User{6E885C96-0925-4570-BB14-A47499A75631}C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe] => (Allow) C:\program files (x86)\inworldzreleasecandidate\iwvoice.exe
FirewallRules: [TCP Query User{E048A779-DA94-4888-9EDB-D81E085D3E8F}C:\program files\firestorm-betax64\slvoice.exe] => (Allow) C:\program files\firestorm-betax64\slvoice.exe
FirewallRules: [UDP Query User{7100AEA2-2B93-4A7A-BFF5-A100155810AE}C:\program files\firestorm-betax64\slvoice.exe] => (Allow) C:\program files\firestorm-betax64\slvoice.exe
FirewallRules: [{049E746E-F06E-47FD-A436-D60C0FDF1154}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3937EE59-28D4-49C0-97DA-A995EF4C5651}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1CBBE29-386D-469B-A3CD-E6D4CF5B0805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{363E25DD-E3ED-43FA-A370-358475B2C765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2015 04:54:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/22/2015 04:54:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/22/2015 04:49:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/22/2015 04:49:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2015 04:49:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/22/2015 02:30:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/22/2015 02:30:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/22/2015 02:25:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/22/2015 02:25:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (11/22/2015 02:24:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/22/2015 05:03:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/22/2015 05:02:44 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/22/2015 05:00:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/22/2015 04:54:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/22/2015 04:51:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/22/2015 04:51:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/22/2015 04:50:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TISA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C735FFA-6AC9-458C-84D7-71BB8BF6FDA3}.
The master browser is stopping or an election is being forced.

Error: (11/22/2015 04:48:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/22/2015 04:47:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/22/2015 04:47:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2014-10-31 17:10:13.827
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-31 17:10:13.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:45:07.000
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:45:06.969
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:24:53.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 17:24:53.265
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 21:41:10.922
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 21:41:10.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 20:36:13.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 20:36:13.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8173.41 MB
Available physical RAM: 6093.55 MB
Total Virtual: 16345.04 MB
Available Virtual: 14179.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:604.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E9F1C6AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by AlaskanSnowman, 22 November 2015 - 08:11 PM.


#6 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 25 November 2015 - 02:16 AM

Well it does seem quite a bit faster and no blank pages or blank pictures.

#7 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 29 November 2015 - 07:14 AM

Sorry for the delay, back home now, how are things running?

Is this a work computer? or do you purposely run Internet Explorer thru proxy server?

As indicated with this line

 

ProxyServer: [.DEFAULT] => http=127.0.0.1:52765;https=127.0.0.1:52765


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#8 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 30 November 2015 - 10:14 PM

it seems to be running pretty good, defiantly better than before I contacted you. I`m not sure about the whole proxy thing or what effect on my system it might have if we changed it.

#9 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 01 December 2015 - 09:52 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CloseProcesses:
Task: {F81D1306-B1A9-40B9-A772-6F1CCBF89383} - \{32848E10-8664-418F-98CB-A818780BBEB0} -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:

end
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
 
Also, can you manually try and remove the proxy from IE and see if it's needed
 

http://smallbusiness...orer-53255.html


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#10 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 01 December 2015 - 10:10 PM

ok... I ran the FarBar tool with the Fixlist like you asked and for some reason I cant post the log here. I then tried turning the proxy server settings off manually as you asked and it was already disabled with the only check box marked "automatically detect settings" checked. I have found its running very smooth after the fix.


Edited by AlaskanSnowman, 01 December 2015 - 10:13 PM.


#11 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 01 December 2015 - 11:13 PM

Open AdwCleaner and click on the Uninstall button
 
 
Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked.
  • Click Run
  • delfix will now delete all found traces of our removal tools

That should do it, if you have no other problems give me one last nod back and I'll lock this topic


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#12 AlaskanSnowman

AlaskanSnowman

    Newbie

  • Members
  • Pip
  • 15 posts

Posted 05 December 2015 - 01:57 PM

my PC seems much faster so far with regards to surfing the web, thank you for your help.



#13 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 December 2015 - 11:56 PM

no problem, thanks for posting back, I'll lock this topic as your problems seem resolved

Take care AlaskanSnowman

 

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here