Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Chrome Hijack [Solved]

Started by grd_87_rg12 , Oct 15 2015 02:53 PM
Google Chrome Browser hijack malware

  • This topic is locked This topic is locked

#1
grd_87_rg12
Posted 15 October 2015 - 02:53 PM

grd_87_rg12

    New Member

  • Member
  • Pip
  • 7 posts

When I open chrome I get this link in the address bar:

 

https://www.google.c...vpAD&gws_rd=ssl

 

I previously had a trackid browser hijack but believe I'd removed it. Now I'm not so sure.

 

Have run Adware cleaner, Malwarebytes and Junkware Removal Tool - Adware cleaner found loads of stuff and got rid of it. Junkware found some folders still hanging around. So far Malwarebytes has found nothing. Just want to make sure everything is tip-top if possible? Have since run FRST64 andposted the logs below, along with the JRT log.

 

Any insight would be greatfully received.

 

Kind regards,

G
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-10-2015 01
Ran by GRD (administrator) on BLACKTOWER (15-10-2015 21:44:37)
Running from C:\Users\GRD\Desktop
Loaded Profiles: GRD &  (Available Profiles: GRD)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-04] (AVAST Software)
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB)
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [Google Update] => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [f.lux] => "C:\Users\GRD\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB)
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => "C:\Users\GRD\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-04] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0E4D6BDF-9E10-49B9-94BB-98648BED75AD}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7E65F14E-1C2E-45E2-A8D2-B8EB23393408}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.uk.msn.com/
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.uk.msn.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-04] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-04] (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\GRD\AppData\Roaming\Mozilla\Firefox\Profiles\szczb0ub.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll [2013-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll [2013-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\GRD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\GRD\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-21] ()
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\GRD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\GRD\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-21] ()
FF Extension: Adblock Plus - C:\Users\GRD\AppData\Roaming\Mozilla\Firefox\Profiles\szczb0ub.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-04-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\GRD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
CHR Profile: C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Rapport) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-14]
CHR Extension: (YouTube) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Slinky Elegant) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2013-08-31]
CHR Extension: (Adblock Plus) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-03]
CHR Extension: (Telegram) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2015-09-05]
CHR Extension: (Google Search) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKU\S-1-5-21-809373587-3448285753-2040023688-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GRD\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-03]
CHR HKU\S-1-5-21-809373587-3448285753-2040023688-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-809373587-3448285753-2040023688-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GRD\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-03]
CHR HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-04] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-09-04] (Avast Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-07] (Electronic Arts)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-09-16] (IBM Corp.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [241400 2015-10-13] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21752 2012-12-19] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-13] (AVAST Software)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-04-06] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-13] (AVAST Software)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-29] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-09-16] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-09-16] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-09-16] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-09-16] (IBM Corp.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-09-04] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 21:44 - 2015-10-15 21:45 - 00052464 _____ C:\Users\GRD\Desktop\FRST.txt
2015-10-15 21:41 - 2015-10-15 21:41 - 00000000 ____D C:\Users\GRD\Desktop\FRST-OlderVersion
2015-10-15 21:31 - 2015-10-15 21:31 - 00001318 _____ C:\Users\GRD\Desktop\JRT.txt
2015-10-15 21:22 - 2015-10-15 21:22 - 01801288 _____ (Malwarebytes) C:\Users\GRD\Desktop\JRT.exe
2015-10-13 19:37 - 2015-10-13 19:37 - 01137810 _____ C:\Users\GRD\Downloads\bbs_brushes___wisteria.abr
2015-10-13 19:25 - 2015-10-13 19:25 - 00000000 ____D C:\Users\GRD\Desktop\From Dan
2015-10-13 19:16 - 2015-10-13 19:17 - 11414615 _____ C:\Users\GRD\Desktop\SG-Watercolour-Brushes-Set-1.zip
2015-10-13 19:14 - 2015-10-13 19:14 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-13 19:14 - 2015-10-13 19:14 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-13 19:14 - 2015-09-04 19:03 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEAEE.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswECD7.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswED07.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswED47.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEBD9.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEC58.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEC98.tmp
2015-10-13 19:14 - 2015-09-04 19:03 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswEC09.tmp
2015-10-13 19:14 - 2015-09-04 19:02 - 00115152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvEA9F.tmp
2015-10-05 22:09 - 2015-10-05 22:09 - 00000000 ____D C:\Users\GRD\AppData\Local\Macromedia
2015-10-03 16:58 - 2015-10-03 17:04 - 00000000 ____D C:\Users\GRD\AppData\Local\Mozilla
2015-10-03 16:58 - 2015-10-03 16:58 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-03 16:58 - 2015-10-03 16:58 - 00000000 ____D C:\Users\GRD\AppData\Roaming\Mozilla
2015-10-03 16:58 - 2015-10-03 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-03 16:57 - 2015-10-03 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 21:44 - 2015-09-30 21:59 - 00001456 _____ C:\Users\GRD\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-09-29 19:17 - 2015-10-15 21:44 - 00000000 ____D C:\FRST
2015-09-29 19:16 - 2015-10-15 21:41 - 02196480 _____ (Farbar) C:\Users\GRD\Desktop\FRST64.exe
2015-09-29 19:12 - 2015-09-29 22:58 - 00000000 ____D C:\AdwCleaner
2015-09-29 19:11 - 2015-09-29 19:11 - 01670656 _____ C:\Users\GRD\Desktop\AdwCleaner.exe
2015-09-27 12:41 - 2015-09-27 12:42 - 00000000 ____D C:\Users\GRD\Desktop\wetransfer-7b91cc
2015-09-22 21:15 - 2015-09-22 21:15 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-22 21:14 - 2015-09-22 21:15 - 00000000 ____D C:\Program Files\iTunes
2015-09-22 21:14 - 2015-09-22 21:14 - 00000000 ____D C:\Program Files\iPod
2015-09-22 21:14 - 2015-09-22 21:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-22 21:10 - 2015-09-22 21:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-22 21:10 - 2015-09-22 21:10 - 00000000 ____D C:\Program Files\Bonjour
2015-09-22 21:10 - 2015-09-22 21:10 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-22 21:10 - 2015-09-22 21:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-16 22:19 - 2015-09-29 21:45 - 00000000 ____D C:\Users\GRD\Desktop\eps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 21:42 - 2013-08-22 15:46 - 00388632 _____ C:\WINDOWS\setupact.log
2015-10-15 21:40 - 2013-10-19 00:33 - 01689898 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-15 21:34 - 2015-09-12 19:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-15 21:30 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-15 21:28 - 2013-04-04 08:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-809373587-3448285753-2040023688-1001
2015-10-15 21:23 - 2015-09-12 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-15 21:20 - 2015-04-17 19:13 - 00000000 ____D C:\Users\GRD\AppData\Local\Pushbullet
2015-10-15 21:19 - 2013-10-19 00:59 - 00000000 __RDO C:\Users\GRD\SkyDrive
2015-10-15 21:19 - 2013-04-04 19:41 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 23:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-14 22:14 - 2013-06-04 08:37 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001UA.job
2015-10-14 22:13 - 2013-04-04 19:41 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 19:42 - 2013-09-30 05:12 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-14 18:48 - 2015-04-16 23:10 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-13 20:17 - 2013-05-09 23:15 - 00000132 _____ C:\Users\GRD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-10-13 19:26 - 2008-11-06 18:28 - 13197398 _____ C:\Users\GRD\Desktop\SpoonGraphics Watercolour Set1.abr
2015-10-13 19:14 - 2015-04-16 23:10 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-13 19:14 - 2015-04-16 23:10 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-13 19:13 - 2015-09-04 19:03 - 00132656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-10-13 19:08 - 2015-04-14 21:59 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-05 21:34 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-05 21:33 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-05 09:50 - 2015-09-12 19:53 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-09-12 19:53 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-09-12 19:53 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-03 18:26 - 2013-08-22 15:44 - 05153064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-03 15:50 - 2014-07-01 00:08 - 00009340 _____ C:\Users\GRD\Desktop\Silent_Lips-Bold.ttf
2015-09-22 21:14 - 2013-04-17 19:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-22 20:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-21 23:08 - 2013-04-04 19:41 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-21 23:08 - 2013-04-04 19:41 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-21 22:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-17 23:13 - 2013-09-30 04:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-17 23:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-17 23:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-17 19:05 - 2013-04-15 19:55 - 00000000 ___RD C:\Users\GRD\Google Drive
2015-09-16 20:29 - 2013-04-07 12:10 - 00000000 ____D C:\Users\GRD\AppData\Local\Adobe
2015-09-16 15:39 - 2014-02-12 22:19 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-09-16 15:39 - 2014-02-12 22:19 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-09-15 23:09 - 2013-06-04 08:37 - 00003864 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001UA
2015-09-15 23:09 - 2013-06-04 08:37 - 00003484 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001Core
2015-09-15 23:09 - 2013-06-04 08:37 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001Core.job
2015-09-15 23:03 - 2013-04-17 19:05 - 00000000 ____D C:\Users\GRD\AppData\Roaming\Apple Computer
2015-09-15 22:29 - 2013-09-29 21:03 - 00087382 _____ C:\WINDOWS\PFRO.log
2015-09-15 02:18 - 2015-08-19 18:41 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 02:18 - 2015-08-19 18:41 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-05-30 00:04 - 2013-05-30 00:11 - 0000132 _____ () C:\Users\GRD\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2013-05-09 23:15 - 2015-10-13 20:17 - 0000132 _____ () C:\Users\GRD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-09-30 21:44 - 2015-09-30 21:59 - 0001456 _____ () C:\Users\GRD\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-09-04 18:52 - 2015-09-04 18:52 - 0000000 ____H () C:\Users\GRD\AppData\Local\BITDDC9.tmp
2015-09-04 18:50 - 2015-09-04 18:50 - 0000000 _____ () C:\Users\GRD\AppData\Local\{99F9B173-DA69-4B83-88E0-D620F3809542}
2013-12-18 16:21 - 2013-12-18 16:21 - 0000081 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\GRD\AppData\Local\Temp\Bass.dll
C:\Users\GRD\AppData\Local\Temp\Bass.Net.dll
C:\Users\GRD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn7oxp6.dll
C:\Users\GRD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz7xahk.dll
C:\Users\GRD\AppData\Local\Temp\i4jdel0.exe
C:\Users\GRD\AppData\Local\Temp\i4jdel1.exe
C:\Users\GRD\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\GRD\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\GRD\AppData\Local\Temp\nvStInst.exe
C:\Users\GRD\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-14 18:58

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by GRD (2015-10-15 21:45:54)
Running from C:\Users\GRD\Desktop
Windows 8.1 Pro (X64) (2013-10-18 23:56:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-809373587-3448285753-2040023688-500 - Administrator - Disabled)
GRD (S-1-5-21-809373587-3448285753-2040023688-1001 - Administrator - Enabled) => C:\Users\GRD
Guest (S-1-5-21-809373587-3448285753-2040023688-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - )
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version:  - IO Interactive)
Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version:  - Gearbox Software)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 41.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-GB)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
Music Manager (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\MusicManager) (Version:  - Google, Inc.)
Music Manager (HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MusicManager) (Version:  - Google, Inc.)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Rapport (x32 Version: 3.5.1507.77 - Trusteer) Hidden
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version:  - Crytek)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - )
Star Wars: The Force Unleashed 2 (HKLM-x32\...\Star Wars: The Force Unleashed 2_is1) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Telegram Desktop version 0.7.8 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.8 - Telegram Messenger LLP)
Telegram Desktop version 0.7.8 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.8 - Telegram Messenger LLP)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.9.6 - Electronic Arts)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.77 - Trusteer)
TU Go (HKLM-x32\...\{823cbf22-f004-4130-af83-959a6c238585}) (Version: 1.1.6.2 - Telefonica Digital Ltd.)
TU Go (x32 Version: 1.1.6.2 - Telefonica Digital Ltd.) Hidden
Unchecky v0.4 (HKLM-x32\...\Unchecky) (Version: 0.4 - RaMMicHaeL)
Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote)
Unity Web Player (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2012 Gaijin Entertainment Corporation)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
webXvid Codec (HKLM-x32\...\webXvid Codec) (Version: 3.6 - webXvid)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-10-13 19:08 - 00452899 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com

There are 15511 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {075983E1-6C3E-4F9C-B83D-3BCFAF9BB3C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001Core => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {16B5FFF7-2173-4C1D-BB1C-7FF2F57FF32D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {2F1277D6-4A23-4269-A2F8-1C0BF6DB0977} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {3539216D-2289-4DAD-8749-96732060CC80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001UA => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {4AD27185-1E66-4F21-A3DA-3D6DB2A0EA1C} - System32\Tasks\{F016C5EA-35FE-46C4-A136-6205CD28B041} => pcalua.exe -a C:\Users\GRD\Desktop\cohtrnmg.exe -d C:\Users\GRD\Desktop
Task: {79996355-75CA-4CE9-B2F5-2C344D7117E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {989DD228-C905-4CDE-89C2-49B2678BE06D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {9DAB7DC0-63C4-4F64-A3E9-077DC2214A47} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-13] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001Core.job => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001UA.job => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 00:34 - 2015-07-23 02:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-09-04 19:02 - 2015-09-04 19:02 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-04 19:02 - 2015-09-04 19:02 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-03 15:05 - 2015-10-03 15:05 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100300\algo.dll
2015-10-14 22:50 - 2015-10-14 22:50 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101400\algo.dll
2015-10-15 21:45 - 2015-10-15 21:45 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101502\algo.dll
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-04-16 23:10 - 2015-04-16 23:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\GRD\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sony.com -> sony.com

IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\123simsen.com -> www.123simsen.com

There are 15749 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GRD\Desktop\Stuff\Desktops\YGOGd7x - Imgur.jpg
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\GRD\Desktop\Stuff\Desktops\YGOGd7x - Imgur.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "Unified Remote v2"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "YTPack"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Unified Remote v2"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "YTPack"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F7381755-9132-4345-8340-0893473BC01D}] => (Allow) F:\Games\Steam\Steam.exe
FirewallRules: [{1EDEFFE8-6609-4137-9E6B-B84E6D4D5EFD}] => (Allow) F:\Games\Steam\Steam.exe
FirewallRules: [{FC8C17CD-E8B2-4C8F-B0E1-3831558B0C07}] => (Allow) F:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B1887F1C-05E9-4CBA-9181-AFD4885A1618}] => (Allow) F:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{794D0E63-B4E2-4B09-A34C-E7343B2830A3}] => (Allow) F:\Games\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F21F201D-DCB7-4AB7-A411-A174F0E97025}] => (Allow) F:\Games\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6D30154B-E03F-419F-B868-CA856BB7BFD0}] => (Allow) F:\Games\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{5FDCD4E4-DAC3-4966-A93D-21D45141E5B1}] => (Allow) F:\Games\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{3B69C12E-D3E0-46F5-AEB8-4AF79A880361}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{20487CB4-D264-474A-A6E0-78D2E890D7CE}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{59650C0A-FD93-4F24-8329-37EE58BE9714}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [TCP Query User{E8B72AC6-0334-41DD-BBBB-245DE635B9FF}C:\users\grd\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\grd\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FA798401-AD19-4DD8-9D57-44DC841AB094}C:\users\grd\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\grd\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3A3B90BB-3AB2-4B22-9C2D-48BDDE0DB072}C:\program files (x86)\war thunder\launcher.exe] => (Allow) C:\program files (x86)\war thunder\launcher.exe
FirewallRules: [UDP Query User{4EB2682A-9907-4AB9-A3C3-3287DAA3431D}C:\program files (x86)\war thunder\launcher.exe] => (Allow) C:\program files (x86)\war thunder\launcher.exe
FirewallRules: [TCP Query User{5D3D6E91-FE0F-4907-97B7-901BED7775A1}C:\program files (x86)\war thunder\aces.exe] => (Allow) C:\program files (x86)\war thunder\aces.exe
FirewallRules: [UDP Query User{39045150-F0ED-4898-B487-58656857E589}C:\program files (x86)\war thunder\aces.exe] => (Allow) C:\program files (x86)\war thunder\aces.exe
FirewallRules: [{8E022241-BBB9-49AF-B912-F202CFA26270}] => (Allow) F:\Games\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{C685CBCA-3665-4FAB-9E23-AB7876681443}] => (Allow) F:\Games\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{88B4A275-2C86-4A6E-AADD-71EBE48A873E}] => (Allow) F:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{3A5ED348-B6C1-488E-B675-8D1A0F0AF9C0}] => (Allow) F:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{8F5DC31F-D120-4A6C-B706-5E712A5CC117}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [UDP Query User{975DA4AE-F129-43CD-B4EE-E16DCC10BA55}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
FirewallRules: [TCP Query User{3CC685F8-BFAA-458A-BD63-4205DA6155B5}F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{F33AD918-9437-42BA-A329-B64AC665DB9B}F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{4DD0A104-62C7-4A8C-9719-7EF2CB573067}] => (Allow) F:\Games\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{7A09EAF0-CF29-4B4E-9268-C3EBC4CE2DC0}] => (Allow) F:\Games\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{B884A9E3-B3FA-4D4E-87A9-4130FE8E359A}] => (Allow) F:\Games\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1E666DBA-64E3-4121-B38C-CB03EE67B379}] => (Allow) F:\Games\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1E1EC772-F33C-4175-8AD5-CDA8FC70B6BA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3A8EFE4D-4903-4DF2-8255-623445A68758}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F08B7437-7458-46C1-B220-E63D56FA6858}] => (Allow) F:\Games\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{9CF7390B-7E29-4B19-B26F-D61A9CBA7C24}] => (Allow) F:\Games\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{025B9305-50A2-4109-AFBD-ABBEDAC734FF}] => (Allow) F:\Games\Steam\SteamApps\common\Natural Selection 2\ns2.exe
FirewallRules: [{1A21B94C-9412-466A-884A-E6912CE673C0}] => (Allow) F:\Games\Steam\SteamApps\common\Natural Selection 2\ns2.exe
FirewallRules: [{BA7E0DEA-A200-44E6-B44E-9CD3A4874FC8}] => (Allow) F:\Games\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{65295D45-6332-490A-B846-390761E1180C}] => (Allow) F:\Games\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{EC0351C3-2C5E-484D-9EA6-1D570EACF792}] => (Allow) F:\Games\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{B5DCF0A9-525A-4CFA-87B9-5F1F549FDCEE}] => (Allow) F:\Games\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{71BB90A9-1003-403D-AFF5-F41D14242644}F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{240097A1-F630-49C2-BCDE-389DF95FA182}F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) F:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{9190C562-18AA-4FBA-9972-B03021102E9F}] => (Allow) F:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{FE60876C-6D83-4BA5-BDEA-4CC32D5B7072}] => (Allow) F:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{3C8E635E-3ADF-494D-BD7D-ABEA5B8366B4}] => (Allow) F:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{B2507D69-9ED1-437D-ADC4-A8D426121414}] => (Allow) F:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{96FEA020-D38C-42B8-899D-B5685C2B4348}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{97847DD2-8433-4364-B9F4-D4ED8B0B334F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7E18D06C-2953-4D9D-BE34-9E9662D9B5B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC298FD2-3759-4D81-ADC2-806CA9076E41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{33B1CD30-D32A-46A4-A85B-6466878BF364}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3FA9ED0A-FFB9-4733-B653-5C709D3BA980}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34997B6F-9F0E-4687-975B-D9C3A5368CB0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F5479798-121C-4AAD-9096-FD578C8991AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3495B428-91BD-45D0-B435-1AA77E3FE6D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2015 09:19:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8f0

Start Time: 01d1078619b55d84

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 115749fe-737a-11e5-bfb3-94de800fbe04

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/15/2015 09:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79982609

Error: (10/15/2015 09:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79982609

Error: (10/15/2015 09:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2015 10:32:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 3.1.81.43 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12d8

Start Time: 01d106c78f8a830b

Termination Time: 15

Application Path: F:\Games\Steam\Steam.exe

Report Id: f724ff00-72ba-11e5-bfb3-94de800fbe04

Faulting package full name:

Faulting package-relative application ID:

Error: (10/14/2015 06:47:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15203

Error: (10/14/2015 06:47:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15203

Error: (10/14/2015 06:47:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2015 07:06:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 128

Start Time: 01d105e11ee4da2d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 143cac97-71d5-11e5-bfb3-94de800fbe04

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/05/2015 09:40:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d2c

Start Time: 01d0ffad5cfcb664

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 50acf6f1-6ba1-11e5-bfb3-94de800fbe04

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App


System errors:
=============
Error: (10/15/2015 09:28:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (10/15/2015 09:26:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 8.1 for x64-based Systems (KB3038936).

Error: (10/15/2015 09:26:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 8.1 for x64-based Systems (KB3035583).

Error: (10/15/2015 09:26:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Windows 8.1 for x64-based Systems (KB3046017).

Error: (10/15/2015 09:26:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Unchecky service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2015 09:26:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2015 09:26:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/15/2015 09:25:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2015 09:25:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2015 09:25:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-09-08 22:40:05.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:39:52.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:17.642
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:17.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:16.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:15.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:14.893
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:14.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:13.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-08 22:00:12.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 33%
Total physical RAM: 8178.56 MB
Available physical RAM: 5463.04 MB
Total Virtual: 9458.56 MB
Available Virtual: 6545.27 MB

==================== Drives ================================

Drive c: (HD) (Fixed) (Total:465.76 GB) (Free:213.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (HYBRID) (Fixed) (Total:931.51 GB) (Free:596.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2218E3C9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCD5BCF4)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files

  • Attached File  JRT.txt   1.29KB   179 downloads

  • 0

Advertisements

#2
Valinorum
Posted 17 October 2015 - 09:54 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Have you tried resetting your browser? Post the log from AdwCleaner.
  • 0

#3
grd_87_rg12
Posted 19 October 2015 - 02:53 PM

grd_87_rg12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Think it might be sorted! Didn't realise a simple reset of Chrome would do the trick.

 

 

# AdwCleaner v5.014 - Logfile created 18/10/2015 at 23:53:34
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : GRD - BLACKTOWER
# Running from : C:\Users\GRD\Desktop\adwcleaner_5.014.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\GRD\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [744 bytes] ##########
 


  • 0

#4
Valinorum
Posted 20 October 2015 - 12:55 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
How is the condition of your PC?
  • 0

#5
Valinorum
Posted 21 October 2015 - 09:15 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Google, Chrome, Browser, hijack, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP